Values for content-security-policy-report-only: default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 59 58 default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; report-to blogspot; report-uri https://www.blogger.com/cspreport 47 default-src 'self' 'unsafe-eval' 'unsafe-inline' https: blob:; frame-ancestors 'self'; style-src https: 'unsafe-inline'; connect-src https:; frame-src https:; script-src 'unsafe-eval' 'unsafe-inline' 'self' https: blob: data:; font-src https: data:; img-src https: data:; media-src https: blob:; object-src 'none'; report-uri https://o144486.ingest.sentry.io/api/5543380/security/?sentry_key=e66dfe54be8e47219dd8103b4deb2f1a&sentry_environment=policy_reports 28 frame-ancestors 'self' 27 block-all-mixed-content; report-uri https://blog.hatena.ne.jp/api/csp_report 18 img-src 'self' blob: data: *.pinimg.com *.pinterest.com *.google.com *.facebook.com *.cedexis.com *.cedexis-test.com *.citrix.com *.tvpixel.com; report-uri /_/_/csp_report/?reportonly 16 default-src 'self' blob: https: data: mediastream: 'unsafe-eval' 'unsafe-inline';report-uri https://metrics.media-amazon.com/ 15 default-src *; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src 'nonce-xsp7AIieRU2oQ8SMHCbQKA==' *; style-src 'unsafe-inline' *; report-uri https://prod-us-west-2.csp-report.marketing.aws.dev/submit 14 default-src *.facebook.com *.fbcdn.net *.instagram.com data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self' *.teststagram.com *.instagram.com static.cdninstagram.com *.google-analytics.com https://translate.google.com https://apis.google.com https://accounts.google.com;style-src data: blob: 'unsafe-inline' *.fbcdn.net *.facebook.com *.instagram.com *.teststagram.com static.cdninstagram.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* ws://localhost:* blob: *.instagram.com *.cdninstagram.com wss://*.instagram.com:* 'self' *.teststagram.com wss://edge-chat.instagram.com connect.facebook.net https://meta.privacy-gateway.cloudflare.com/relay;font-src *.facebook.com data: fonts.gstatic.com *.fbcdn.net *.instagram.com *.teststagram.com static.cdninstagram.com *.intern.facebook.com;img-src *.instagram.com *.facebook.com *.fbcdn.net data: blob: *.cdninstagram.com *.fbsbx.com android-webview-video-poster: *.giphy.com *.teststagram.com *.igsonar.com *.google-analytics.com;media-src *.facebook.com *.fbcdn.net *.instagram.com *.cdninstagram.com cdn.fbsbx.com data: blob: https://*.giphy.com;frame-src *.instagram.com *.facebook.com *.fbsbx.com fbsbx.com data:;worker-src *.instagram.com/static_resources/webworker_v1/init_script/ *.instagram.com/static_resources/webworker/init_script/ *.instagram.com/static_resources/sharedworker/init_script/ *.instagram.com/www-service-worker.js;block-all-mixed-content;report-uri https://www.facebook.com/csp/reporting/?minimize=0; 13 report-uri /report-csp-violation 13 frame-ancestors 'self' https://skybox.eskypartners.com; report-uri https://secure.esky.com/csp-report 13 default-src 'self' https: ; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' ; script-src-elem 'self' https: 'unsafe-inline' 'unsafe-eval' ; style-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data: ; form-action 'self' https: 'unsafe-inline' 'unsafe-eval'; 12 default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://sandbox.paywithmybank.com/;worker-src *.facebook.com/static_resources/webworker_v1/init_script/ *.facebook.com/static_resources/webworker/init_script/ *.facebook.com/static_resources/sharedworker/init_script/ *.facebook.com/static_resources/webworker/map_libre/ *.facebook.com/static_resources/webworker/map_libre_rtl/ *.facebook.com/sw/ *.facebook.com/sw;block-all-mixed-content;report-uri https://www.facebook.com/csp/reporting/?minimize=0; 10 default-src 'self'; img-src 'self' *.ytimg.com t.co *.twitter.com *.onetrust.com *.calconic.com *.hotjar.com *.bing.com *.clarity.ms *.theaccessgroup.com accessgroup-website-v8-preview.azureedge.net accessgrouppreviewweb.azureedge.net accessgroupuatweb.azureedge.net accessgroupweb.azureedge.net cdn.jsdelivr.net id.rlcdn.com match.prod.bidr.io px.ads.linkedin.com px4.ads.linkedin.com segments.company-target.com *.blob.core.windows.net *.placeholder.com *.doubleclick.net www.google.co.uk www.google.com bat.bing.com www.google-analytics.com www.facebook.com www.google-analytics.com data: cdn.bizible.com *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com; script-src 'self' 'unsafe-inline' *.geoip-js.com geoip-js.com *.trustpilot.com *.onetrust.com *.calconic.com *.hotjar.com cdn-3.convertexperiments.com ucalc.pro *.clarity.ms *.ucalc.pro analytics.twitter.com npmcdn.com app-lon05.marketo.com pages.theaccessgroup.com tracker.gaconnector.com api.ipify.org bat.bing.com static.ads-twitter.com snap.licdn.com www.googleadservices.com connect.facebook.net tag.demandbase.com tags.srv.stackadapt.com snap.licdn.com www.google-analytics.com www.googleadservices.com www.youtube.com secure.perk0mean.com static.hotjar.com script.hotjar.com widget.surveymonkey.com googleads.g.doubleclick.net www.googletagmanager.com code.jquery.com cdnjs.cloudflare.com stackpath.bootstrapcdn.com cdn.jsdelivr.net munchkin.marketo.net cdn.bizible.com *.visualwebsiteoptimizer.com app.vwo.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.googletagmanager.com *.onetrust.com widget.trustpilot.com *.convertexperiments.com munchkin.marketo.net cdn.bizible.com *.visualwebsiteoptimizer.com app.vwo.com connect.facebook.net *.facebook.net *.ads-twitter.com *.ipify.org *.demandbase.com; style-src 'self' 'unsafe-inline' *.salesforce.com *.calconic.com *.ucalc.pro tags.srv.stackadapt.com app-lon05.marketo.com cdn.jsdelivr.net fonts.googleapis.com cdnjs.cloudflare.com pro.fontawesome.com use.typekit.net p.typekit.net *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com; font-src 'self' data: *.typekit.net *.hotjar.com cdn.jsdelivr.net fonts.gstatic.com cdnjs.cloudflare.com pro.fontawesome.com; worker-src 'self' blob:; connect-src *.geoip-js.com geoip-js.com *.demandbase.com *.onetrust.com *.calconic.com *.hotjar.com *.hotjar.io *.clarity.ms *.mktoresp.com in.hotjar.com api.company-target.com tags.srv.stackadapt.com bat.bing.com www.google-analytics.com stats.g.doubleclick.net connect.facebook.net; frame-src *.salesforce.com *.ucalc.pro vars.hotjar.com app-lon05.marketo.com www.youtube.com player.vimeo.com www.facebook.com *.doubleclick.net app.vwo.com *.visualwebsiteoptimizer.com *.trustpilot.com; 10 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 10 default-src 'self'; 10 font-src *.googleapis.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com/ *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/ *.adyen.com www.facebook.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://td.doubleclick.net/ https://www.google.com.ua/ https://www.google.bg/ https://ct.pinterest.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com *.googleapis.com *.gstatic.com https://images.unsplash.com *.bing.com www.facebook.com https://cdn.kaffekapslen.be https://www.google.com.ua/ https://www.google.bg/ https://www.google.dk/ *.clarity.ms https://googleads.g.doubleclick.net *.googleadservices.com https://bid.g.doubleclick.net https://kaffekapslen.dk/ *.kaffekapslen.dk/ *.klarnacdn.net https://kaffekapslen.media *.pinterest.com/ *.cloudinary.com/ https://www.googletagmanager.com/ https://app.usercentrics.eu/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.googleapis.com *.gstatic.com cdn.jsdelivr.net gtm.adt313.net *.bing.com *.facebook.net bam.eu01.nr-data.net https://www.google.com https://googleads.g.doubleclick.net https://www.google.com.ua/ https://www.google.bg/ *.clarity.ms *.klarnacdn.net https://s.pinimg.com https://apis.google.com/ https://cdn.matomo.cloud/ https://widgets.trustedshops.com/ *.usercentrics.eu/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.jsdelivr.net *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.googleapis.com bam.eu01.nr-data.net *.clarity.ms www.facebook.com eu.playground.klarnaevt.com *.adt611.com *.pinterest.com/ *.kaffekapslen.dk/ https://az-apim-st-kaffekapslen.azure-api.net/ api.kaffekapslen.com https://www.google.com https://googleads.g.doubleclick.net https://bat.bing.com/ *.analytics.google.com/ https://kaffekapslen.matomo.cloud/ https://api.usercentrics.eu/ https://pagead2.googlesyndication.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 10 default-src 'self' 9 default-src https: data: 'unsafe-inline' 'unsafe-eval' 7 report-uri https://cspr.app.rbb-cloud.de/cspr/;frame-ancestors 'self' https://www.rbb24.de https://*.rbb-online.de https://www.radioeins.de https://www.fritz.de https://www.antennebrandenburg.de https://www.inforadio.de https://www.rbb888.de; 7 default-src https: 'self' *.facebook.net *.googletagmanager.com *.bizibly.com *.doubleclick.net https://*.intercomcdn.com https://*.datadoghq-browser-agent.com; font-src 'self' https://*.intercomcdn.com *.fontawesome.com data:; base-uri 'none'; object-src data: 'unsafe-eval'; img-src 'self' data: * ; script-src https: 'self' 'unsafe-eval' 'unsafe-inline' http://*.google-analytics.com http://*.gstatic.com http://*.bing.com http://*.googleadservices.com http://*.hs-scripts.com http://*.bizible.com *.facebook.net *.googletagmanager.com http://*.fontawesome.com http://*.outbrain.com blob:; style-src https: 'self' *.fontawesome.com 'unsafe-inline'; report-uri /rest/trackers/csp; 7 report-uri /report-csp-violation; upgrade-insecure-requests 7 default-src 'self'; report-to /testcspviolation/ 7 report-uri /csp-report?p=; block-all-mixed-content; default-src 'none'; base-uri 'none'; img-src 'self' https://b.stripecdn.com https://q.stripe.com https://stripe-camo.global.ssl.fastly.net https://images.ctfassets.net https://assets.ctfassets.net data:; style-src 'unsafe-inline' 'self' https://b.stripecdn.com; connect-src 'self' https://stripe.com blob: https://stripe-images.s3.us-west-1.amazonaws.com https://errors.stripe.com https://b.stripecdn.com https://climate.stripe.com https://ext.stripe.com https://r.stripe.com https://c.increment.com https://c.stripe.dev https://c.stripe.global https://c.stripe.partners https://sales-live-chat.stripe.com https://y4pfttj91h-dsn.algolia.net/1/indexes/mkt_partners/query https://y4pfttj91h-1.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-2.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-3.algolianet.com/1/indexes/mkt_partners/query; font-src 'self' https://b.stripecdn.com; form-action 'self' https://stripe.com https://climate.stripe.com; frame-src 'self' https://js.stripe.com https://register.stripesessions.com https://b.stripecdn.com https://crypto-js.stripe.com https://sales-live-chat.stripe.com https://checkout.stripe.com https://checkout.stripe.dev; media-src 'self' https://b.stripecdn.com https://videos.ctfassets.net https://assets.ctfassets.net; script-src 'self' https://js.stripe.com 'sha256-qAoigsbVsoqQigwSGiMYuTbAdza9vdqvOsA4UNSB54A=' 'sha256-cCM0Z4lzGkzQnmbdVw+ouz0JRawyaKcZ4yiqzqYS7ek=' 'sha256-5LtzXhT7UFn+GqP5pKEMGL08UNZsrzANHFEBW/mQHGw=' 'sha256-3aWvb9tRBjmz1OjR3n7mwiTm94+s4iki4mMZF82asmc=' 'sha256-4HwZEt/y+k0EIqGfaNZ1MRmRCUbC03K3G03imkZ/EyA=' 'sha256-T9Iq7ZVmxSNDo0MtKOVaMklBUMHeY5FCy6zb50dqr28=' 'sha256-eNaGg+YMox6LtUAMUegc8RPYMvlgqKfr5wXhQq7t0rU=' 'sha256-beLzNcen8LrazzSCRjAapoIMTgJI0osPWGNSX7aK6lc=' https://b.stripecdn.com https://crypto-js.stripe.com 'report-sample'; frame-ancestors 'self' https://app.contentful.com 6 default-src 'self'; script-src 'self' maps.googleapis.com *.youtube.com *.trustarc.com www.google-analytics.com www.googletagmanager.com cdnjs.cloudflare.com js-agent.newrelic.com bam.nr-data.net unpkg.com cdn.gbqofs.com *.cdn-net.com *.accdab.net *.worldpay.com https://static.cloudflareinsights.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' cdnjs.cloudflare.com 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' 'unsafe-inline' data: 'unsafe-eval' *.starbucks.eu maps.gstatic.com maps.googleapis.com *.trustarc.com www.googletagmanager.com www.google-analytics.com region1.google-analytics.com region1.analytics.google.com; media-src 'self'; frame-src 'self' gateway.switch.tj *.worldpay.com *.accdab.net *.trustarc.com *.youtube.com youtu.be; font-src 'self' *.trustarc.com https://fonts.gstatic.com; connect-src 'self' maps.googleapis.com *.accdab.net *.trustarc.com bam.nr-data.net www.google-analytics.com region1.google-analytics.com region1.analytics.google.com report.starbucks.gbqofs.io stats.g.doubleclick.net https://adservice.google.com; report-uri /report-uri/enforce 6 default-src 'self' data: wss://gruefbpuubghniw5iflbf2a6im.appsync-api.us-east-1.amazonaws.com/graphql wss://gruefbpuubghniw5iflbf2a6im.appsync-realtime-api.us-east-1.amazonaws.com/graphql s3.amazonaws.com/uploads.knowbe4.com/ api-js.mixpanel.com app.pendo.io https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ ; child-src 'self' blob: ; connect-src 'self' data: wss://gruefbpuubghniw5iflbf2a6im.appsync-api.us-east-1.amazonaws.com/graphql wss://gruefbpuubghniw5iflbf2a6im.appsync-realtime-api.us-east-1.amazonaws.com/graphql s3.amazonaws.com/uploads.knowbe4.com/ api-js.mixpanel.com app.pendo.io https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ ; frame-src 'self' blob: wss://gruefbpuubghniw5iflbf2a6im.appsync-api.us-east-1.amazonaws.com/graphql wss://gruefbpuubghniw5iflbf2a6im.appsync-realtime-api.us-east-1.amazonaws.com/graphql s3.amazonaws.com/uploads.knowbe4.com/ api-js.mixpanel.com app.pendo.io https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ android-webview-video-poster: https://player.vimeo.com https://*.knowbe4.com https://*.ccm.knowbe4.com https://*.internal.knowbe4.com https://*.ccm.internal.knowbe4.com ; font-src 'self' data: fonts.gstatic.com ; img-src * 'self' blob: cid: data: file: android-webview-video-poster: https://cdn.mxpnl.com/ https://v2assets.zopim.io/ https://static.zdassets.com/ app.pendo.io cdn.pendo.io data.pendo.io pendo-static-6167502888239104.storage.googleapis.com ; media-src 'self' about: blob: data: wss://gruefbpuubghniw5iflbf2a6im.appsync-api.us-east-1.amazonaws.com/graphql wss://gruefbpuubghniw5iflbf2a6im.appsync-realtime-api.us-east-1.amazonaws.com/graphql s3.amazonaws.com/uploads.knowbe4.com/ api-js.mixpanel.com app.pendo.io https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ ; object-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: wss://gruefbpuubghniw5iflbf2a6im.appsync-api.us-east-1.amazonaws.com/graphql wss://gruefbpuubghniw5iflbf2a6im.appsync-realtime-api.us-east-1.amazonaws.com/graphql s3.amazonaws.com/uploads.knowbe4.com/ api-js.mixpanel.com app.pendo.io https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ pendo-io-static.storage.googleapis.com pendo-static-6167502888239104.storage.googleapis.com ; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' blob: data: wss://gruefbpuubghniw5iflbf2a6im.appsync-api.us-east-1.amazonaws.com/graphql wss://gruefbpuubghniw5iflbf2a6im.appsync-realtime-api.us-east-1.amazonaws.com/graphql s3.amazonaws.com/uploads.knowbe4.com/ api-js.mixpanel.com app.pendo.io https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ https://unpkg.com/vue@2.6.14 ; style-src 'self' 'unsafe-inline' data: app.pendo.io cdn.pendo.io pendo-static-6167502888239104.storage.googleapis.com ; style-src-elem 'self' 'unsafe-inline' data: app.pendo.io cdn.pendo.io pendo-static-6167502888239104.storage.googleapis.com https://fonts.googleapis.com/ ; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubf27996eb9977f34aa9f3376bd3939adc&dd-evp-origin=content-security-policy&ddsource=csp-report&app=kmsat&env=production-us-east-1 ; worker-src 'self' blob: data: ; 6 default-src https: wss: data: blob:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: blob:; font-src https: data:; worker-src blob:; report-uri /csp-report 6 default-src https:; connect-src https: wss:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' *.google.com fonts.googleapis.com static.pazaruvaj.com unpkg.com api.mapbox.com cdn.jsdelivr.net geowidget.easypack24.net maxcdn.bootstrapcdn.com ssl.ceneo.pl s.kk-resources.com elnino.daktela.com www.wiarygodneopinie.pl ts.tradetracker.net cdn.foxentry.cz www.parfemy-elnino.cz geowidget.inpost.pl www.googletagmanager.com smartsuppcdn.com *.demandware.net; object-src 'self'; img-src 'self' https: data:; font-src https: data:; frame-ancestors 'self' *.creativecdn.com *.hotjar.com *.googletagmanager.com; report-uri https://elnino.report-uri.com/r/d/csp/enforce 6 default-src https: 'unsafe-inline' 'unsafe-eval' wss: ;img-src https: data: blob: ; font-src https: data:; form-action https: http://www.last.fm; report-uri https://cbsi.report-uri.io/r/default/csp/enforce 5 frame-ancestors 'self'; report-uri https://www.couriermail.com.au/csp-reports 5 font-src 'self' https: data:; report-uri https://o98504.ingest.sentry.io/api/5871000/security/?sentry_key=7d320f4323694d468bd1a75eba48d37f&sentry_environment=production 5 default-src https: blob: 'unsafe-inline' 'unsafe-eval' wss://*.flightcentre.com.au:*; img-src https: blob: data:; font-src https: blob: data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.fcl.cloud https://*.flightcentre.com.au https://*.flightcentre.co.nz https://*.flightcentre.co.za https://*.flightcentre.ca https://*.flightcentre.co.uk https://www.googletagmanager.com https://*.google-analytics.com https://*.fullstory.com https://vxml4.plavxml.com https://*.nr-data.net https://*.newrelic.com https://*.usabilla.com http://*.usabilla.com https://d6tizftlrpuof.cloudfront.net https://cdnjs.cloudflare.com https://cdn.optimizely.com https://*.outbrain.com https://analytics.tiktok.com https://bat.bing.com https://cdn.abrankings.com https://connect.facebook.net https://edge.fullstory.com https://loader.wisepops.com https://wisepops.net https://s.pinimg.com https://snap.licdn.com https://googleads.g.doubleclick.net https://accounts.google.com https://*.pinterest.com https://*.evergage.com https://js.adsrvr.org https://static.criteo.net https://flightcentre-webchat.gotbot.co.za https://7226714.collect.igodigital.com https://cdn.pdst.fm https://*.hotjar.com https://tr.snapchat.com https://*.feefo.com https://koi-3qn5erhpry.marketingautomation.services https://cdn.jsdelivr.net https://*.stackla.com https://cdn.cookielaw.org https://sc-static.net https://cdn.polyfill.io https://developer.livehelpnow.net https://cdn.evgnet.com https://maps.googleapis.com https://sdk.joinsherpa.io; frame-ancestors 'self'; report-uri /api/csp_report; 5 default-src 'self' data: wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-api.eu-west-1.amazonaws.com/graphql wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-realtime-api.eu-west-1.amazonaws.com/graphql s3.eu-west-1.amazonaws.com/uploads.knowbe4.eu/ api-js.mixpanel.com app.pendo.io https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ ; child-src 'self' blob: ; connect-src 'self' data: wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-api.eu-west-1.amazonaws.com/graphql wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-realtime-api.eu-west-1.amazonaws.com/graphql s3.eu-west-1.amazonaws.com/uploads.knowbe4.eu/ api-js.mixpanel.com app.pendo.io https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ ; frame-src 'self' blob: wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-api.eu-west-1.amazonaws.com/graphql wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-realtime-api.eu-west-1.amazonaws.com/graphql s3.eu-west-1.amazonaws.com/uploads.knowbe4.eu/ api-js.mixpanel.com app.pendo.io https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ android-webview-video-poster: https://player.vimeo.com https://*.knowbe4.com https://*.ccm.knowbe4.com https://*.internal.knowbe4.com https://*.ccm.internal.knowbe4.com ; font-src 'self' data: fonts.gstatic.com ; img-src * 'self' blob: cid: data: file: android-webview-video-poster: https://cdn.mxpnl.com/ https://v2assets.zopim.io/ https://static.zdassets.com/ app.pendo.io cdn.pendo.io data.pendo.io pendo-static-6167502888239104.storage.googleapis.com ; media-src 'self' about: blob: data: wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-api.eu-west-1.amazonaws.com/graphql wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-realtime-api.eu-west-1.amazonaws.com/graphql s3.eu-west-1.amazonaws.com/uploads.knowbe4.eu/ api-js.mixpanel.com app.pendo.io https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ ; object-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-api.eu-west-1.amazonaws.com/graphql wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-realtime-api.eu-west-1.amazonaws.com/graphql s3.eu-west-1.amazonaws.com/uploads.knowbe4.eu/ api-js.mixpanel.com app.pendo.io https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ pendo-io-static.storage.googleapis.com pendo-static-6167502888239104.storage.googleapis.com ; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' blob: data: wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-api.eu-west-1.amazonaws.com/graphql wss://enu3cdg6tvghrjuahpbe6c6w5i.appsync-realtime-api.eu-west-1.amazonaws.com/graphql s3.eu-west-1.amazonaws.com/uploads.knowbe4.eu/ api-js.mixpanel.com app.pendo.io https://browser-intake-datadoghq.com/ cdn.pendo.io data.pendo.io modstore.knowbe4.com modstore-production-us-east-1.s3.amazonaws.com https://*.ckeditor.com/ https://*.launchdarkly.com/ https://*.zopim.com/ https://api-js.mixpanel.com/decide https://api-js.mixpanel.com/decide/ https://api-js.mixpanel.com/engage https://api-js.mixpanel.com/engage/ https://api-js.mixpanel.com/track https://api-js.mixpanel.com/track/ https://api.mixpanel.com/ https://cdnjs.cloudflare.com/ https://code.highcharts.com/ https://data.pendo.io/ https://ekr.zdassets.com/ https://ekr.zendesk.com/ https://knowbe4.zendesk.com/ https://knowbe4.zendesk.com/embeddable/config https://knowbe4.zendesk.com/embeddable_blip https://knowbe4.zendesk.com/frontendevents/dl https://knowbe4.zendesk.com/frontendevents/pv https://s3.amazonaws.com/development.uploads.knowbe4.com/ https://static.zdassets.com/ https://zendesk-eu.my.sentry.io/ pendo-static-6167502888239104.storage.googleapis.com wss://*.zopim.com/ wss://knowbe4.zendesk.com/ https://unpkg.com/vue@2.6.14 ; style-src 'self' 'unsafe-inline' data: app.pendo.io cdn.pendo.io pendo-static-6167502888239104.storage.googleapis.com ; style-src-elem 'self' 'unsafe-inline' data: app.pendo.io cdn.pendo.io pendo-static-6167502888239104.storage.googleapis.com https://fonts.googleapis.com/ ; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubf27996eb9977f34aa9f3376bd3939adc&dd-evp-origin=content-security-policy&ddsource=csp-report&app=kmsat&env=production-eu-west-1 ; worker-src 'self' blob: data: ; 5 default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; report-to blogspot; report-uri https://draft.blogger.com/cspreport 5 default-src 'self' data: blob: *.verisign.com; img-src 'self' data: *.verisign.com *.siteimproveanalytics.io *.brightcove.com *.prod.boltdns.net; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.onetrust.com polyfill.io assets.adobedtm.com siteimproveanalytics.com players.brightcove.net *.zencdn.net *.verisign.com; style-src 'self' 'unsafe-inline'; connect-src 'self' *.prod.boltdns.net *.brightcove.com *.akamaihd.net *.greenhouse.io *.verisign.com; worker-src blob: 4 default-src 'self' wdr.de *.wdr.de ; img-src * data: ; script-src 'self' wdr.de *.wdr.de 'unsafe-inline' 'unsafe-eval' cdn.bunchbox.co script.ioam.de *.de.ioam.de de-config.sensic.net cdn-gl.nmrodam.com www.bing.com cdn.ampproject.org cdn.tickaroo.com dev.virtualearth.net connect.facebook.net platform.twitter.com www.instagram.com www.gstatic.com www.tagesschau.de wdr.wdrmg-digital.de ; style-src 'self' wdr.de *.wdr.de 'unsafe-inline' wdr.wdrmg-digital.de *.tickaroo.com ; font-src 'self' wdr.de *.wdr.de data: fonts.gstatic.com/ ; media-src 'self' wdr.de *.wdr.de *.icecastssl.wdr.de wdrmedien-a.akamaihd.net wdradaptiv-vh.akamaihd.net *.akamaized.net blob: ; frame-src 'self' wdr.de *.wdr.de cdn-gl.nmrodam.com de-config.sensic.net www.youtube-nocookie.com platform.twitter.com datawrapper.dwcdn.net www.instagram.com www.facebook.com www.tagesschau.de *.tickaroo.com ; connect-src 'self' wdr.de *.wdr.de *.planet-wissen.de wdrmedien-a.akamaihd.net wdradaptiv-vh.akamaihd.net www.tageschau.de cdn.ampproject.org *.akamaized.net *.sensic.net *.tickaroo.com ; child-src 'self' wdr.de *.wdr.de blob: ; frame-ancestors 'self' wdr.de *.wdr.de ; object-src 'self' wdr.de *.wdr.de ; manifest-src 'self' wdr.de *.wdr.de ; report-uri https://www.wdr.de/php/csp-reporting/logcspr.php 4 default-src *.irideos.it *.clouditalia.com 'self' cdnjs.cloudflare.com 'unsafe-inline' cdn.datatables.net www.googletagmanager.com *.cookiebot.com *.google-analytics.com fonts.gstatic.com code.ionicframework.com fonts.googleapis.com www.google.com www.google.it www.gstatic.com maxcdn.bootstrapcdn.com code.jquery.com cdn.matomo.cloud irideos.matomo.cloud googleads.g.doubleclick.net *.leadchampion.com; report-to csp~irideos.it 4 default-src 'self' wss: *.gravatar.com *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdn.embedly.com/widgets/platform.js cdnjs.cloudflare.com static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdn.embedly.com/widgets/platform.js cdnjs.cloudflare.com static.cloudflareinsights.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googletagmanager.com *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdn.embedly.com/widgets/platform.js cdnjs.cloudflare.com static.cloudflareinsights.com; img-src 'self' *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdn.embedly.com/widgets/platform.js cdnjs.cloudflare.com static.cloudflareinsights.com data:; font-src 'self' *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdn.embedly.com/widgets/platform.js cdnjs.cloudflare.com static.cloudflareinsights.com data:; form-action 'self'; frame-ancestors 'self'; 4 default-src 'self'; frame-ancestors 'self'; base-uri 'none'; object-src 'none'; connect-src 'self' adservice.google.com/pagead/regclk api.audible.com audible.sc.omtrdc.net/b/ss/ audible.tt.omtrdc.net/rest/v1/delivery bat.bing.com/p/insights/c/ dpm.demdex.net fls-na.amazon.com m.media-amazon.com pagead2.googlesyndication.com/pagead/buyside_topics/set/ siteintercept.qualtrics.com tr.snapchat.com unagi-na.amazon.com unagi.amazon.com www.audible.com www.facebook.com/tr/ www.google.com/pagead/landing; img-src 'self' ad.doubleclick.net bat.bing.com/action/0 fls-na.amazon.com googleads.g.doubleclick.net/pagead/viewthroughconversion/ images-eu.ssl-images-amazon.com images-na.ssl-images-amazon.com m.media-amazon.com s.amazon-adsystem.com/iui3 www.facebook.com www.google.ca/pagead/1p-user-list/ www.google.ch/pagead/1p-user-list/ www.google.ee/pagead/1p-user-list/ www.google.pt/pagead/1p-user-list/ www.google.ro/pagead/1p-user-list/ www.google.se/pagead/1p-user-list/ www.google.co.cr/pagead/1p-user-list/ www.google.co.il/pagead/1p-user-list/ www.google.co.in/pagead/1p-user-list/ www.google.co.ke/pagead/1p-user-list/ www.google.co.kr/pagead/1p-user-list/ www.google.co.nz/pagead/1p-user-list/ www.google.co.th/pagead/1p-user-list/ www.google.co.uk/pagead/1p-user-list/ www.google.co.za/pagead/1p-user-list/ www.google.com.ar/pagead/1p-user-list/ www.google.com.br/pagead/1p-user-list/ www.google.com.co/pagead/1p-user-list/ www.google.com.do/pagead/1p-user-list/ www.google.com.ec/pagead/1p-user-list/ www.google.com.hk/pagead/1p-user-list/ www.google.com.jm/pagead/1p-user-list/ www.google.com.mx/pagead/1p-user-list/ www.google.com.my/pagead/1p-user-list/ www.google.com.ng/pagead/1p-user-list/ www.google.com.pa/pagead/1p-user-list/ www.google.com.pe/pagead/1p-user-list/ www.google.com.ph/pagead/1p-user-list/ www.google.com.pk/pagead/1p-user-list/ www.google.com.sg/pagead/1p-user-list/ www.google.com/pagead/1p-user-list/ www.google.de/pagead/1p-user-list/ www.google.dk/pagead/1p-user-list/ www.google.es/pagead/1p-user-list/ www.google.ie/pagead/1p-user-list/ www.google.no/pagead/1p-user-list/ www.googleadservices.com/pagead/conversion/ www.googletagmanager.com; font-src www.audible.com m.media-amazon.com; frame-src 'self' 5164101.fls.doubleclick.net apps.rokt.com audible.demdex.net bs.serving-sys.com s.amazon-adsystem.com td.doubleclick.net tr.snapchat.com www.facebook.com; media-src 'self' images-na.ssl-images-amazon.com/images/ m.media-amazon.com samples.audible.co.uk samples.audible.com; script-src 'self' 'unsafe-inline' apps.rokt.com audible.sc.omtrdc.net bat.bing.com/bat.js bat.bing.com/p/action/4004590.js bat.bing.com/p/insights/s/0.7.20 bat.bing.com/p/insights/t/4004590 connect.facebook.net d.impactradius-event.com d1g3myji5lplsh.cloudfront.net d2nttevkh1mtzs.cloudfront.net googleads.g.doubleclick.net images-na.ssl-images-amazon.com sc-static.net siteintercept.qualtrics.com tr.snapchat.com www.googleadservices.com/pagead/conversion/ www.googletagmanager.com zn5ygnnjlk4oo0dy1-audible.siteintercept.qualtrics.com; style-src 'self' 'unsafe-inline' images-na.ssl-images-amazon.com; 4 font-src *.fontawesome.com maxcdn.bootstrapcdn.com api.mapy.cz *.doubleclick.net *.facebook.com *.gstatic.com *.ppl.cz 'self' data: chat.fcc-online.pl https://geowidget.easypack24.net 'unsafe-inline' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.youtube-nocookie.com secure.payu.com merch-prod.snd.payu.com chat.fcc-online.pl *.criteo.com *.criteo.net *.domodi.pl *.doubleclick.net facebook.com *.facebook.com fledge-eu.creativecdn.com *.google.com *.googlesyndication.com *.hotjar.com imgstatic.eu opineo.pl *.opineo.pl *.payu.com tradedoubler.com *.tradedoubler.com *.paypo.pl 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://www.magezon.com static.payu.com *.1rx.io *.360yield.com *.3lift.com *.ad.smaato.net *.adform.net *.admixer.net *.adnxs.com *.adscale.de *.adtarget.com.tr *.analytics.google.com api.mapy.cz *.betweendigital.com *.bidswitch.net *.bing.com *.casalemedia.com cm.mgid.com *.creativecdn.com *.criteo.com *.dmp.otm-r.com *.docomo.ne.jp *.domodi.pl *.doubleclick.net *.e-planning.net *.facebook.com *.facebook.net *.gemius.pl *.google-analytics.com *.google.bg *.google.com *.google.cz *.google.de *.google.hu *.google.pl *.google.ro *.googlesyndication.com *.googletagmanager.com *.gstatic.com hbx.media.net imgstatic.eu *.lijit.com *.loopme.me *.mobfox.com *.omnitagjs.com onetag-sys.com *.openx.net *.outbrain.com pixel.advertising.com pixel.rubiconproject.com *.ppl.cz *.pubmatic.com *.rmp.rakuten.com *.s3xified.com 'self' data: *.seznam.cz *.sharethrough.com *.smartadserver.com *.taboola.com *.thulium.com *.tiktok.com *.tmtarget.com *.trackmytarget.com tradedoubler.com *.tradedoubler.com *.trustx.org *.udmserve.net unpkg.com ups.analytics.yahoo.com *.visx.net *.wp.pl *.yieldmo.com widgets.trustedshops.com integrations.etrusted.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org data: 'self' 'unsafe-inline'; script-src www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.avada.io secure.payu.com secure.snd.payu.com api.mapy.cz *.bing.com chat.fcc-online.pl *.criteo.com *.criteo.net delivery.clickonometrics.pl *.domodi.pl *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.googleadservices.com *.googlesyndication.com *.googletagmanager.com *.hotjar.com imgstatic.eu integrations.etrusted.com js-agent.newrelic.com library.startquestion.com bam.eu01.nr-data.net opineo.pl *.opineo.pl *.ppl.cz *.seznam.cz static.payu.com tagmanager.google.com tags.creativecdn.com *.thulium.com *.tiktok.com *.tmtarget.com *.trackmytarget.com tradedoubler.com *.tradedoubler.com unpkg.com *.vimeo.com widgets.trustedshops.com *.wp.pl www.clarity.ms ssl.ceneo.pl https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.snrcdn.net *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com maxcdn.bootstrapcdn.com api.mapy.cz *.doubleclick.net *.facebook.com *.googleapis.com integrations.etrusted.com *.ppl.cz chat.fcc-online.pl fonts.googleapis.com tagmanager.google.com https://geowidget.easypack24.net *.snrcdn.net *.gstatic.com https://www.google-analytics.com https://www.google.com https://www.snrcdn.net https://www.googletagmanager.com https://static.hotjar.com https://script.hotjar.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.thulium.com https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io https://get.geojs.io *.avada.io secure.payu.com merch-prod.snd.payu.com ams.creativecdn.com *.analytics.google.com api.dhl.com api.mapy.cz app.startquestion.com chat.fcc-online.pl creativecdn.com *.facebook.com *.facebook.net *.g.doubleclick.net *.google-analytics.com *.google.bg *.google.com *.google.cz *.google.de *.google.hu *.google.pl *.google.ro *.googlesyndication.com *.googletagmanager.com *.hotjar.com *.hotjar.io integrations.etrusted.com measurement-api.criteo.com bam.eu01.nr-data.net *.opineo.pl *.payu.com *.thulium.com *.tiktok.com unpkg.com wss2.hotjar.com wss://chat.fcc-online.pl wss://chat-proxy-service.thulium.com wss://ws16.hotjar.com wss://ws36.hotjar.com wss://wsp10.hotjar.com y.clarity.ms *.easypack24.net *.inpost.pl *.openstreetmap.org *.snrbox.com 'self' 'unsafe-inline'; child-src *.domodi.pl imgstatic.eu tradedoubler.com *.tradedoubler.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri chat.fcc-online.pl 'self' 'unsafe-inline'; 4 font-src *.googleapis.com *.gstatic.com data: maxcdn.bootstrapcdn.com *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.instagram.com www.google.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com *.wesupply.xyz https://wesupplylabs.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com *.cdninstagram.com www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar www.facebook.com *.google.com *.google-analytics.com *.googleadservices.com *.paypal.com https://www.google.com https://www.google.com.co maps.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com *.instagram.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com static.zdassets.com connect.facebook.net rum-static.pingdom.net js-agent.newrelic.com bam.nr-data.net static.hotjar.com script.hotjar.com *.cloudflare.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com https://static.klaviyo.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com maxcdn.bootstrapcdn.com *.google.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.googleapis.com thm.visa.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com u.clarity.ms get.geojs.io stats.g.doubleclick.net ekr.zdassets.com slacorp.zendesk.com rum-collector-2.pingdom.net bam.nr-data.net kickssupport.zendesk.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4 report-uri https://8200068e1bbb5c22d2e57dd38c2ddbcf.report-uri.com/r/t/csp/wizard; 4 default-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com; 4 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 4 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.stripe.com *.google.com *.sagepay.com *.klevu.com *.ksearchnet.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.stripe.com *.google.com *.sagepay.com *.nosto.com *.nos.to 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com *.sagepay.com *.nosto.com *.nos.to *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.stripe.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.sagepay.com *.nosto.com *.nos.to *.klevu.com *.ksearchnet.com *.hsforms.net *.hsforms.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.sagepay.com widget.freshworks.com m2epro.freshdesk.com *.nosto.com *.nos.to js.klevu.com *.ksearchnet.com s7.addthis.com *.hsforms.net *.hsforms.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com unsafe-inline assets.braintreegateway.com *.stripe.com *.google.com downloads.mailchimp.com *.sagepay.com widget.freshworks.com m2epro.freshdesk.com *.nosto.com *.nos.to *.klevu.com *.ksearchnet.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.stripe.com *.sagepay.com widget.freshworks.com m2epro.freshdesk.com *.nosto.com *.nos.to *.klevu.com *.ksearchnet.com ekr.zdassets.com/ t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4 font-src *.fontawesome.com data: *.gstatic.com *.photoslurp.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com *.facebook.com *.mediquo.com *.hotjar.com *.criteo.com *.google.com *.clic2buy.com *.vimeo.com *.photoslurp.com *.sitescout.com *.criteo.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com cdn.doofinder.com *.cloudfront.net *.amazonaws.com *.bing.com *.facebook.com widget-mediator.zopim.com *.swogo.net *.criteo.com *.googleapis.com *.google.com *.google.es *.google.com.br *.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.photoslurp.com *.googleusercontent.com *.clarity.ms *.smartadserver.com *.bidswitch.net *.adnxs.com *.casalemedia.com *.360yield.com *.media.net *.mediavine.com *.outbrain.com *.pubmatic.com *.rubiconproject.com *.sharethrough.com *.taboola.com *.teads.tv *.3lift.com *.yahoo.com *.adform.net *.omnitagjs.com id5-sync.com *.yieldlab.net *.yieldmo.com *.demdex.net *.krxd.net *.thebrighttag.com *.sitescout.com *.sanity.io data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com cdn.doofinder.com *.naturitas.com naturitas.slgnt.eu static.zdassets.com bat.bing.com connect.facebook.net *.swogo.net *.hotjar.com *.mediquo.com static.criteo.net *.criteo.com *.typeform.com *.clic2buy.com polyfill.io *.googleapis.com *.google.com *.google.es *.google.com.br *.googleoptimize.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.photoslurp.com *.clarity.ms *.pixel.ad *.dwin1.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.doofinder.com *.fontawesome.com *.googleapis.com *.photoslurp.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.doofinder.com wss://*.doofinder.com *.naturitas.com *.naturitas.es naturitas-atc.zendesk.com ekr.zdassets.com wss://widget-mediator.zopim.com *.swogo.net *.googlesyndication.com *.hotjar.com *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.photoslurp.com *.clarity.ms *.apicdn.sanity.io *.api.sanity.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4 font-src https://www.gstatic.com https://fonts.gstatic.com use.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * secure.payu.com merch-prod.snd.payu.com https://www.google.com www.xtento.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com static.payu.com www.xtento.com cdn.xtento.com *.yotpo.com swellrewards.com *.swellrewards.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com polyfill.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com secure.payu.com secure.snd.payu.com https://www.google.com https://www.gstatic.com www.xtento.com cdn.xtento.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com unsafe-inline assets.braintreegateway.com *.yotpo.com swellrewards.com *.swellrewards.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.adyen.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com secure.payu.com merch-prod.snd.payu.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 4 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/marketing_platform 3 default-src https: blob: wss: data: android-webview-video-poster: android-webview: chrome-extension: safari-extension: 'unsafe-eval' 'unsafe-inline'; report-uri https://www.dailymotion.com/content_security_policy_report_uri 3 frame-ancestors 'self'; object-src 'none'; report-uri /api/csp-reporting 3 default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://logger.kataweb.it/csp/ 3 child-src blob: data: https:; connect-src https: wss:; default-src blob: data: https: 'report-sample' 'unsafe-eval' 'unsafe-inline'; font-src data: https:; form-action https:; frame-src data: https:; img-src blob: data: https:; media-src blob: data: https:; object-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; script-src-elem https:; style-src https: 'unsafe-inline'; report-uri https://csp.ffx.io/; report-to csp-endpoint 3 frame-ancestors 'self'; block-all-mixed-content;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://cdn.jsdelivr.net https://connect.facebook.net https://munchkin.marketo.net https://script.crazyegg.com https://static.zdassets.com https://js.hs-scripts.com https://js.hs-banner.com https://js.hsadspixel.net https://js.hs-analytics.net https://cdn.cookie-script.com https://s.adroll.com https://c.seznam.cz https://mc.yandex.ru https://static.zdassets.com https://www.snapengage.com https://*.googleapis.com https://d.adroll.com https://snap.licdn.com https://storage.googleapis.com https://u.heatmap.it https://script.hotjar.com https://static.hotjar.com https://*.doubleclick.net https://*.google.com https://*.cloudfront.net https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagservices.com https://*.googleoptimize.com https://*.nebula.zyxel.com https://cdnjs.cloudflare.com https://google-analytics.com https://maxcdn.bootstrapcdn.com https://netdna.bootstrapcdn.com https://static.addtoany.com https://stackpath.bootstrapcdn.com https://ssl.google-analytics.com https://www.google-analytics.com https://*.zyxel.com https://*.myzyxel.com;style-src 'self' 'report-sample' 'unsafe-inline' *.nebula.zyxel.com *.google.com *.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net *.googleapis.com https://*.s3.amazonaws.com https://www.gstatic.com;object-src *.googlesyndication.com;child-src 'self' blob: *.addtoany.com *.googlesyndication.com *.google.com *.doubleclick.net;base-uri 'self';form-action 'self' *.google.com;worker-src 'self' blob: www.google.com; 3 default-src 'self' blob: *; img-src 'self' data: *; script-src 'self' blob: * 'unsafe-inline' 'unsafe-eval'; style-src 'self' * 'unsafe-inline'; font-src 'self' data: *; connect-src *; frame-ancestors 'self'; base-uri 'self'; form-action 'self' 3 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: vc.hotjar.io cdn.datatables.net cdn.cookielaw.org code.jquery.com www.youtube.com api.mapbox.com maxcdn.icons8.com www.googletagmanager.com cdnjs.cloudflare.com *.wistia.com stackpath.bootstrapcdn.com fast.wistia.net *.hotjar.com region1.google-analytics.com rawgit.com euc-widget.freshworks.com adservice.google.com www.google-analytics.com *.googleapis.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: logger.scot.nhs.uk *.fontawesome.com use.typekit.net *.google.com *.google.co.uk *.googleapis.com themes.googleusercontent.com *.gstatic.com code.jquery.com yui.yahooapis.com *.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com *.twitter.com *.twimg.com *.youtube.com youtu.be *.ytimg.com www.youtube-nocookie.com player.vimeo.com i.vimeocdn.com cdn.jwplayer.com content.jwplatform.com prd.jwpltx.com *.jwpcdn.com *.jwpsrv.com *.civiccomputing.com cc.cdn.civiccomputing.com secure.gravatar.com public.tableau.com www.openstreetmap.org browser-update.org s.w.org www.geoplugin.net *.wp.com hcaptcha.com *.hcaptcha.com www.careopinion.org.uk www.patientopinion.org.uk assets.nhs.uk www.travelinescotland.com; worker-src 'self' www.google.com; frame-ancestors 'self'; base-uri 'self'; report-to csp-endpoint; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report 3 default-src data: https: 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes'; img-src data: *; script-src 'unsafe-inline' 'unsafe-hashes' *; style-src 'unsafe-inline' 'unsafe-hashes' *; connect-src *; child-src *; font-src *; report-uri /_csp; report-to default 3 default-src https: wss:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 3 default-src * data:; script-src * 'unsafe-eval'; script-src-elem * 'unsafe-inline'; script-src-attr *; style-src * 'unsafe-inline' blob:; style-src-elem * 'unsafe-inline'; style-src-attr * 'unsafe-inline'; img-src * 'self' data: blob:; font-src * 'self' data: blob:; connect-src * 'self' blob:; media-src * 'self' blob:; object-src * 'self' 'unsafe-inline' blob:; prefetch-src * 'self' blob:; child-src * 'self' blob:; frame-src * 'self' blob:; worker-src * 'self' blob:; frame-ancestors * 'self' blob:; form-action *; upgrade-insecure-requests; base-uri * 'self'; manifest-src * blob: sandbox allow-downloads allow-forms allow-modals allow-popups allow-same-origin allow-scripts allow-top-navigation allow-top-navigation-to-custom-protocols; 3 default-src https: 'unsafe-inline' 'unsafe-eval' 3 script-src 'unsafe-eval' blob: 'self' https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline' internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com; default-src 'self' data: blob: https://images.wikia.com https://static.wikia.nocookie.net https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com; style-src 'self' data: blob: https://images.wikia.com https://static.wikia.nocookie.net https: 'self' data: blob: internal-soap.wikia.com internal-soap.fandom.com internal-soap.wikia.org internal-soap.gamepedia.com www.fandom.com www.wikia.com www.wikia.org www.gamepedia.com 'unsafe-inline'; img-src * data: blob:; object-src 'none'; report-uri https://services.fandom.com/csp-logger/csp/ucp; worker-src 'self' blob: 3 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: gap://ready; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' data: https:; font-src 'self' data: https:; report-uri https://thedatinglab.report-uri.com/r/d/csp/reportOnly 3 font-src *.typekit.net fonts.gstatic.com use.typekit.net maxcdn.bootstrapcdn.com https://celebrosnlp.com *.celebrosnlp.com *.gstatic.com *.mypurecloud.com *.cloudflare.com *.adnxs.com *.thecpapshop.com *.paypalobjects.com *.doubleclick.net *.adacado.com *.authorize.net *.oxygenconcentratorsupplies.com *.adapthealthmarketplace.com CPapShopM2-search.celebros.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.mypurecloud.com *.cloudflare.com *.adnxs.com *.thecpapshop.com *.paypalobjects.com *.doubleclick.net *.adacado.com *.authorize.net *.oxygenconcentratorsupplies.com *.adapthealthmarketplace.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.braintreegateway.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.getbread.com *.breadpayments.com *.rbcpayplan.com *.lpsnmedia.net *.salecycle.com *.facebook.com *.adsrvr.org *.mypurecloud.com *.cloudflare.com *.adnxs.com *.thecpapshop.com *.paypalobjects.com *.doubleclick.net *.adacado.com *.authorize.net *.oxygenconcentratorsupplies.com *.adapthealthmarketplace.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net p.typekit.net widgets.automizely.com widgets.automizely.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.getbread.com *.breadpayments.com *.rbcpayplan.com *.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com store.paradoxlabs.com *.listrakbi.com *.bing.com *.lpsnmedia.net *.amazonaws.com *.routeapp.io *.mypurecloud.com *.adnxs.com *.cloudflare.com *.thecpapshop.com *.paypalobjects.com *.doubleclick.net *.adacado.com *.authorize.net *.payments-amazon.com *.oxygenconcentratorsupplies.com *.adapthealthmarketplace.com celebrosnlp.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net ajax.googleapis.com fonts.googleapis.com widgets.automizely.com widgets.automizely.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.getbread.com *.breadpayments.com *.rbcpayplan.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.authorize.net cdn.routeapp.io *.listrak.com *.listrakbi.com *.liveperson.net *.lpsnmedia.net *.nr-data.net *.newrelic.com *.tiqcdn.com *.bing.com *.cybba.solutions *.cloudfront.net *.adsrvr.org *.facebook.net *.pepperjam.com *.gstatic.com *.rtb123.com *.googleapis.com *.routeapp.io *.mypurecloud.com https://sentry.io *.sentry.io *.cloudflare.com *.adnxs.com *.paypalobjects.com *.doubleclick.net *.adacado.com *.thecpapshop.com *.oxygenconcentratorsupplies.com *.adapthealthmarketplace.com celebrosnlp.com *.celebros.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com widgets.automizely.com widgets.automizely.io maxcdn.bootstrapcdn.com *.listrak.com *.listrakbi.com *.googleapis.com *.mypurecloud.com *.cloudflare.com *.adnxs.com *.thecpapshop.com *.paypalobjects.com *.doubleclick.net *.adacado.com *.authorize.net *.oxygenconcentratorsupplies.com *.adapthealthmarketplace.com celebrosnlp.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com *.adobe.io performance.typekit.net *.sentry.io api.automizely.com api.automizely.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.getbread.com *.breadpayments.com *.rbcpayplan.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net *.authorize.net api.route.com *.listrak.com *.listrakbi.com *.nr-data.net *.newrelic.com *.sandbox.paypal.com *.googleadservices.com *.doubleclick.net *.salecycle.com *.googleapis.com *.route.com *.adnxs.com *.mypurecloud.com *.cloudflare.com *.thecpapshop.com *.paypalobjects.com *.adacado.com *.oxygenconcentratorsupplies.com *.adapthealthmarketplace.com *.celebros.com *.celebros.com:446 *.celebros-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://a3frkpbrnzxvdwnkpssx604n.httpschecker.net/report; report-to https://a3frkpbrnzxvdwnkpssx604n.httpschecker.net/report 3 font-src *.olark.com *.klevu.com *.ksearchnet.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.zopim.com *.zopim.io *.widen.net *.widencdn.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.authorize.net *.twitter.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.authorize.net destinilocators.com *.duosecurity.com *.olark.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com https://www.youtube.com http://www.sandbox.paypal.com *.twitter.com *.zendesk.com *.widen.net *.widencdn.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io store.paradoxlabs.com frontiercoop.widen.net *.olark.com *.listrakbi.com lux.speedcurve.com *.klevu.com *.ksearchnet.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.bing.com *.zopim.com *.zopim.io *.doubleclick.net *.google.com *.google.co.in *.mastercard.com *.widen.net *.widencdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.authorize.net js-agent.newrelic.com bam.nr-data.net destinilocators.com *.olark.com *.listrakbi.com cdn.speedcurve.com acsbapp.com s.pinimg.com js.klevu.com *.ksearchnet.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bing.com *.zopim.com *.zdassets.com *.google.com *.zendesk.com *.widen.net *.widencdn.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.olark.com *.listrakbi.com *.klevu.com *.ksearchnet.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.fontawesome.com *.bing.com *.widen.net *.widencdn.net unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.olark.com *.zopim.com *.zopim.io *.widen.net *.widencdn.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.authorize.net bam.nr-data.net *.listrakbi.com lux.speedcurve.com *.acsbapp.com ct.pinterest.com *.olark.com *.klevu.com *.ksearchnet.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.zdassets.com *.zopim.com *.zopim.io wss://widget-mediator.zopim.com *.google-analytics.com https://stats.g.doubleclick.net *.zendesk.com *.widen.net *.widencdn.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.olark.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 script-src 'self' 3 default-src 'self' wss: *.gravatar.com *.civicplus.com *.civicplus.pro *.civic.place *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.publicstuff.com *.googletagmanager.com *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com connect.facebook.net static.addtoany.com https://widgets.nrel.gov *.openstreetmap.org cdn-images.mailchimp.com platform.twitter.com blob:; object-src 'self' 'unsafe-inline' 'unsafe-eval' translate.googleapis.com iframe.publicstuff.com; style-src 'self' 'unsafe-inline' iframe.publicstuff.com *.civicplus.com *.civicplus.pro *.civicclerk.com *.civic.place engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com *.ctctcdn.com cdn-images.mailchimp.com data:; img-src 'self' 'unsafe-inline' iframe.publicstuff.com *.civicplus.com *.civicplus.pro *.civicclerk.com *.civic.place engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com www.facebook.com https://widgets.nrel.gov www.facebook.com *.openstreetmap.org cdn-images.mailchimp.com i.ytimg.com data:; media-src 'self' translate.googleapis.com iframe.publicstuff.com data:; frame-src 'self' 'unsafe-inline' iframe.publicstuff.com *.youtube.com *.airtable.com *.swagit.com *.google.com *.civicplus.com *.novusagenda.com *.publicstuff.com *.audioeye.com acg.is *.maps.arcgis.com https://www.google.com/maps/embed *.googletagmanager.com https://www.youtube.com/embed https://www.youtube-nocookie.com/embed static.addtoany.com www.facebook.com m.facebook.com my.matterport.com ltfl.librarything.com player.vimeo.com *.granicus.com data:; frame-ancestors 'self' *.civicplus.com *.civicplus.pro *.civic.place *.civicclerk.com; child-src 'self' 'unsafe-inline' iframe.publicstuff.com *.youtube.com *.airtable.com *.swagit.com *.google.com *.civicplus.com *.novusagenda.com *.publicstuff.com *.audioeye.com acg.is *.maps.arcgis.com https://www.google.com/maps/embed *.googletagmanager.com https://www.youtube.com/embed https://www.youtube-nocookie.com/embed static.addtoany.com www.facebook.com m.facebook.com my.matterport.com ltfl.librarything.com player.vimeo.com *.granicus.com data:; font-src 'self' 'unsafe-inline' 'unsafe-eval' *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com user.govoutreach.com syndication.twitter.com data:; connect-src 'self' 'unsafe-inline' iframe.publicstuff.com *.civicplus.com *.civicplus.pro *.civic.place *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com stats.g.doubleclick.net; report-uri /report-csp-violation 3 default-src 'self' data: https://fonts.gstatic.com https://api.faqbot.co https://dstnyfrance.piwik.pro https://dstnyfrance.containers.piwik.pro https://*.hcaptcha.com ; script-src 'self' https://www.gstatic.com https://cdn.jsdelivr.net https://code.jquery.com https://dstnyfrance.containers.piwik.pro https://browser-update.org https://faqbot.co https://js.hcaptcha.com 'unsafe-inline' 'unsafe-eval' *.google-analytics.com https://ajax.googleapis.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ; font-src 'self' data: https://fonts.gstatic.com ; img-src 'self' data: https://api.faqbot.co https://browser-update.org https://dstnyfrance.piwik.pro https://www.gstatic.com https://secure.gravatar.com ; connect-src 'self' https://newassets.hcaptcha.com https://api.faqbot.co https://dstnyfrance.piwik.pro https://dstnyfrance.containers.piwik.pro ; frame-ancestors 'self' ; child-src 'self' https://forms.zohopublic.com https://newassets.hcaptcha.com ; report-uri https://csp-report.jetpulp.hosting/ 3 script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com *.svelty.com.mx cdn.jsdelivr.net https://www.googletagmanager.com cdns.us1.gigya.com vuejs.org unpkg.com https://www.google-analytics.com https://cdn.gbqofs.com https://p.teads.tv https://www.googleoptimize.com https://static.hotjar.com https://cdn.mouseflow.com https://www.googleadservices.com https://connect.facebook.net https://cdn.treasuredata.com https://analytics.tiktok.com https://w.usabilla.com https://js-agent.newrelic.com https://shared.az.ciam.nestle.com https://script.hotjar.com https://cdn.az.ciam.nestle.com *.mikmak.ai *.swaven.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com *.svelty.com.mx cdn.jsdelivr.net https://www.googletagmanager.com cdns.us1.gigya.com vuejs.org unpkg.com https://www.google-analytics.com https://cdn.gbqofs.com https://p.teads.tv https://www.googleoptimize.com https://static.hotjar.com https://cdn.mouseflow.com https://www.googleadservices.com https://connect.facebook.net https://cdn.treasuredata.com https://analytics.tiktok.com https://w.usabilla.com https://js-agent.newrelic.com https://shared.az.ciam.nestle.com https://script.hotjar.com https://cdn.az.ciam.nestle.com *.mikmak.ai *.swaven.com; img-src *; media-src *; frame-ancestors 'self'; report-uri https://www.svelty.com.mx/report-csp-violation 3 font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com https://www.gstatic.com https://fonts.gstatic.com static.zip.co *.afterpay.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com api.bazaarvoice.com stg.api.bazaarvoice.com https://secure-test.worldpay.com/shopper/3ds/ddc.html *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.sharethis.com https://*.google.com *.doubleclick.net *.facebook.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com https://pay.google.com https://secure-test.worldpay.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.ftcdn.net *.behance.net https://static.afterpay.com https://site-assets.afterpay.com/ *.sharethis.com 'self' data: https://*.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com https://*.googleapis.com https://*.googleusercontent.com zip.co bpi.zip.co *.afterpay.com *.cloudflare.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com www.xtento.com cdn.xtento.com t.zip.co static.zipmoney.com.au data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com *.sharethis.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.gstatic.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com snapwidget.com *.zip.co d35p4vvdul393k.cloudfront.net https://www.google.com/recaptcha/api.js *.cloudflare.com https://pay.google.com/gp/p/js/pay.js https://applepay.cdn-apple.com/jsapi/v1/apple-pay-sdk.js https://payments.worldpay.com/resources/cse/js/worldpay-cse-1.0.2.min.js js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com www.xtento.com cdn.xtento.com static.zipmoney.com.au zip.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com *.sharethis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com display.ugc.bazaarvoice.com https://fonts.googleapis.com zip.co bpi.zip.co *.afterpay.com *.cloudflare.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.sharethis.com *.google-analytics.com *.facebook.com *.facebook.net https://*.google.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com https://ipinfo.io https://*.gstatic.com https://*.googleapis.com *.zipmoney.com.au *.zip.co *.afterpay.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 font-src *.fontawesome.com *.googleapis.com *.gstatic.com fonts.gstatic.com *.klarnacdn.net maxcdn.bootstrapcdn.com *.hotjar.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com sandbox.przelewy24.pl secure.przelewy24.pl facebook.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.facebook.com *.kinderkraft.fr *.kinderkraft.pl kinderkraft.fr kinderkraft.pl *.trustpilot.com *.criteo.gum *.cookiebot.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ consentcdn.cookiebot.com *.klarna.com pay.google.com secure.payu.com merch-prod.snd.payu.com *.trustpilot.com *.facebook.com www.facebook.com *.instagram.com *.hotjar.com *.criteo.com *.criteo.net *.youtube-nocookie.com *.google.com *.kinderkraft.fr kinderkraft.fr kinderkraft.pl *.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'unsafe-inline' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://images.unsplash.com *.gstatic.com *.googleapis.com *.ggpht *.klarna.com *.klarnaevt.com *.klarnacdn.net static.przelewy24.pl www.gstatic.com gstatic.com static.payu.com ts.tradetracker.net www.magmodules.eu *.ytimg.com www.google.com www.google.pl kinderkraft.com pixel.wp.pl www.facebook.com *.instagram.com *.payu.com *.hotjar.com www.googletagmanager.com googleads.g.doubleclick.net *.criteo.com *.adobedtm.com *.doubleclick.net *.outbrain.com *.rubiconproject.com *.yahoo.com *.3lift.com *.smartadserver.com *.adnxs.com *.tapad.com *.casalemedia.com *.360yield.com *.taboola.com *.pubmatic.com *.media.net *.teads.tv *.adform.net *.bidswitch.net *.sharethrough.com *.smaato.net *.socdm.com *.adscale.de *.advertising.com *.dable.io *.co.kr *.stickyadstv.com *.twiago.com *.omnitagjs.com *.liadm.com *.yieldmo.com *.postrelease.com *.addthis.com *.revcontent.com *.mail.ru *.yieldlab.net *.rambler.ru *.bing.com *.openx.net *.nate.com *.mediawallahscript.com id5-sync.com *.rlcdn.com *.adingo.jp *.tremorhub.com *.yandex.ru *.aralego.com/ *.ad-stir.com *.adtdp.com *.meba.kr *.1rx.io *.toast.com *.turn.com *.dmxleo.com *.mediavine.com *.ivitrack.com *.smartclip.net *.krxd.net *.emxdgt.com *.pinterest.com *.bluekai.com *.thebrighttag.com kinderkraft.pl *.user.com *.trustpilot.com *.trustpilot.net *.metaffiliation.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ consent.cookiebot.com *.googleapis.com *.gstatic.com *.klarna.com *.klarnaservices.com sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com *.avada.io secure.payu.com secure.snd.payu.com *.trustpilot.com tm.tradetracker.net *.googletagmanager.com kinderkraft-staging.user.com *.user.com consentcdn.cookiebot.com *.g.doubleclick.net *.adyen.com *.facebook.net pixel.wp.pl *.hotjar.com *.criteo.com *.newrelic.com *.criteo.net *.nr-data.net *.cloudflare.com *.clickcease.com *.pinimg.com *.googleoptimize.com *.youtube.com *.klarnacdn.net *.kinderkraft.pl *.kinderkraft.fr *.kinderkraft.de *.kinderkraft.it *.kinderkraft.co.uk *.kinderkraft.es *.metaffiliation.com *.bing.com *.clarity.ms *.cux.io *.taboola.com *.luigisbox.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.googleapis.com *.gstatic.com fonts.googleapis.com *.klarnacdn.net maxcdn.bootstrapcdn.com *.trustpilot.com *.instagram.com *.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.googlevideo.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.klarnaevt.com sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com *.klarnaservices.com https://get.geojs.io *.avada.io secure.payu.com merch-prod.snd.payu.com *.instagram.com kinderkraft-staging.user.com wss://kinderkraft-staging.user.com *.adyen.com yt2html5.com *.user.com www.google.com googleads.g.doubleclick.net stats.g.doubleclick.net wss://kinderkraft.user.com *.hotjar.com wss://ws3.hotjar.com analytics.google.com *.paypal.com https://paypal.com paypal.com *.nr-data.net consentcdn.cookiebot.com *.hotjar.io *.criteo.com wss://ws29.hotjar.com *.pinterest.com *.google.com wss://ws11.hotjar.com *.klarnacdn.net google.pl google.com *.kinderkraft.fr *.metaffiliation.com *.sentry.io sentry.io *.clarity.ms *.cux.io *.facebook.com facebook.com *.google.pl wss://* *.openfpcdn.io *.google-analytics.com *.taboola.com *.luigisbox.com *.bing.com *.klarna.com 'self' 'unsafe-inline'; child-src *.instagram.com http: https: blob: 'self' 'unsafe-inline'; default-src *.adyen.com *.instagram.com *.googleoptimize.com *.bing.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3 default-src 'self'; script-src 'report-sample' 'self' https://js.qualified.com/qualified.js https://www.googletagmanager.com/gtm.js; style-src 'report-sample' 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' https://app.qualified.com wss://ws.qualified.com; font-src 'self'; frame-src 'self' https://app.qualified.com; img-src 'self' data: https://dms6j3xpg18d6.cloudfront.net https://d3s86tfxelgbdj.cloudfront.net https://huntscanlon.com https://images.cointelegraph.com https://mma.prnewswire.com https://s.yimg.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; 3 font-src *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://plumrocket.com *.revolut.com *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ebizmarts-website.s3.amazonaws.com https://redchamps.com *.gstatic.com data: 'self' 'unsafe-inline'; style-src *.adobe.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; script-src https://www.steelslitting.com/wp-content/jquery.min.js uaEAgsI2PqeeSgtq58iDIVQIJ2tiKzvVnnnPH+eKPSQ= assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.chimpstatic.com *.googleapis.com *.google.com *.gstatic.com *.avada.io maps.googleapis.com *.revolut.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; 3 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/android 2 script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: data: https:; style-src 'self' 'unsafe-inline' blob: data: https:; default-src 'self' https:; img-src https: blob: data: android-webview-video-poster:; frame-src blob: data: https:; worker-src blob: data: https:; child-src blob: data: https:; object-src 'self'; font-src 'self' https: blob: data: safari-extension://*; media-src 'self' blob: data: https:; connect-src wss: blob: data: https:; report-uri /csp_ep 2 block-all-mixed-content; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.onet.pl::APROD_3_8_0 2 default-src data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *.nesine.com wss://*.nesine.com *.google.com *.google.com.tr *.googletagmanager.com *.google-analytics.com *.support.google.com *.doubleclick.net *.googleadservices.com *.microsoft.com *.apple.com *.facebook.com *.facebook.net *.betsolutions.com *.ertgaming.com *.yahoo.com *.newrelic.com *.twitter.com *.instagram.com *.youtube.com *.ytimg.com *.aboutcookies.org *.mobilproses.com *.omnitagjs.com *.outbrain.com *.nr-data.net *.bidswitch.net *.sportradar.com *.akamaized.net *.performfeeds.com *.betradar.com *.dge.imggaming.com tjktv.ercdn.net *.tjk.org *.broadage.com *.pubmatic.com *.mediavine.com *.demdex.net *.krxd.net *.thebrighttag.com *.tremorhub.com *.adnxs.com *.casalemedia.com *.360yield.com *.media.net *.rubiconproject.com *.sharethrough.com *.smartadserver.com *.teads.tv *.3lift.com *.emxdgt.com *.sync.com *.ivitrack.com *.yieldmo.com *.yieldlab.net *.imgarena.com *.liderform.com.tr *.googleapis.com *.googlevideo.com *.gstatic.com *.azureedge.net *.semasio.net *.7platform.net *.7platform.com *.7platform.live *.nsoft-cdn.com *.1rx.io *.adsrvr.org aa.agkn.com *.postrelease.com *.revcontent.com *.rqtrk.eu *.bing.com *.smaato.net *.narrative.io *.socdm.com *.mediawallahscript.com *.liadm.com *.stickyadstv.com *.linkedin.com *.rlcdn.com *.dable.io *.adingo.jp *.twiago.com *.bluekai.com *.crwdcntrl.net *.hs.llnwd.net *.ucweb.com *.dengage.com *.playbetman.com *.turbolabs.online *.aleaplay.com *.ofmicropod.com *.dengagecdn.com *.igamemedia.com; img-src * data:; report-uri /csp/cspreport/ 2 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.rollingstone.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2 default-src chrome-extension: 'unsafe-inline' 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net *.messenger.com 'unsafe-eval';style-src data: blob: 'unsafe-inline' *.facebook.com *.fbcdn.net *.messenger.com;connect-src http://localhost:3103 *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' *.messenger.com wss://*.messenger.com www.messenger.com www.google-analytics.com wss://*.messenger.com:*;font-src *.messenger.com *.facebook.com https://*.fbcdn.net data: https://fonts.gstatic.com;img-src *.fbcdn.net https://*.facebook.com cdninstagram.com *.cdninstagram.com data: *.fbsbx.com *.messenger.com messenger.com blob: android-webview-video-poster: *.xx.fbcdn.net https://messenger.com *.oculuscdn.com;media-src *.messenger.com *.facebook.com https://*.fbcdn.net data: *.fbsbx.com *.fbcdn.net *.cdninstagram.com blob:;frame-src *.messenger.com *.facebook.com https://*.fbcdn.net data: *.fbsbx.com *.fbcdn.net *.cdninstagram.com blob: *.doubleclick.net;worker-src *.messenger.com/static_resources/webworker_v1/init_script/ *.messenger.com/static_resources/webworker/init_script/ *.messenger.com/static_resources/sharedworker/init_script/ *.messenger.com/static_resources/webworker/map_libre/ *.messenger.com/static_resources/webworker/map_libre_rtl/ *.messenger.com/sw/ *.messenger.com/sw;block-all-mixed-content;report-uri https://www.facebook.com/csp/reporting/?minimize=0; 2 default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://rbmeuulvihtwm2eltjhwimi2.httpschecker.net/report 2 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.hollywoodreporter.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.billboard.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2 default-src 'self' *.wp.com; img-src data: https:; script-src 'unsafe-inline' 'unsafe-eval' blob: https:; style-src 'unsafe-inline' https:; font-src data: https:; media-src blob: https:; frame-src https:; object-src 'none'; connect-src https:; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.kwai-pro.com http://*.kwai-pro.com http://*.kwai.net https://*.kwai.net *.kwai.com *.snackvideo.in *.kwai.me *.kwai.app *.kwimgs.com *.yximgs.com *.cloudfront.net *.kuaishou.com https://*.gifshow.com http://*.gifshow.com https://log-sdk.ksapisrv.com https://www.googletagmanager.com https://gifshow-static.download.ks-cdn.com https://static3.avast.com https://translate.google.com https://www.gstatic.com https://fonts.gstatic.com https://connect.facebook.net www.google-analytics.com hm.baidu.com m.snackvideo.com http://*.ap4r.com https://*.ap4r.com https://*.typekit.net http://*.typekit.net ak-sgp-pic.snackvideo.in tx-sgp-pic.snackvideo.in ws-sgp-pic.snackvideo.in g-us-kampic.golden49.net g-us-kamcdn.golden49.net m.kwai.com sentry.kuaishou.com https://cdn.jsdelivr.net https://at.alicdn.com https://www.facebook.com https://snap.licdn.com https://px.ads.linkedin.com https://cdn.linkedin.oribi.io https://www.linkedin.com https://*.google.com https://*.google-analytics.com https://*.doubleclick.net asset: data: blob: android-webview-video-poster: ikwai: chrome-extension:;img-src http: https: asset: data: blob: android-webview-video-poster: ikwai: chrome-extension:;connect-src http: https: asset: data: blob: android-webview-video-poster: ikwai: chrome-extension:;report-uri https://csplog.kwai-pro.com/log/kwai/wwwkwai 2 default-src 'self'; media-src https://static.zdassets.com; connect-src 'self' wss: https://protonmail.zendesk.com https://ekr.zdassets.com blob: https://account.proton.me https://reports.proton.me https://*.algolia.net https://*.algolianet.com https://go.getproton.me; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' https://static.zdassets.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https:; object-src 'self' data: blob:; frame-src 'self' data: blob: https://www.youtube-nocookie.com; child-src 'self' data: blob:; report-uri https://reports.proton.me/reports/csp; frame-ancestors 'self'; 2 frame-ancestors 'self' https://*.ps.kz; report-to /_/csp-report; 2 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: analytics.google.com www.njsp.org cse.google.com *.custhelp.com *.twitter.com *.adsrvr.org static.zip.co *.googleapis.com www.rnengage.com *.addthis.com cdnjs.cloudflare.com p.typekit.net use.fontawesome.com nj.gov www.youtube.com *.arcgis.com cdn.jsdelivr.net cognito-identity.us-east-1.amazonaws.com server.arcgisonline.com *.adsensecustomsearchads.com www.googletagmanager.com *.opendns.com *.state.nj.us www.google-analytics.com clients1.google.com unpkg.com njdoc.gov *.gstatic.com www.google.com t.co siteimproveanalytics.com *.nj.gov www.njlottery.com static.dialogflow.com code.jquery.com fonts.google.com *.siteimproveanalytics.io *.facebook.com *.doubleclick.net placeimg.com use.typekit.net *.facebook.net *.vimeo.com region1.google-analytics.com ka-f.fontawesome.com www.njdcj.org stackpath.bootstrapcdn.com wss://nexus-websocket-a.intercom.io s.yimg.com *.sharepoint.com kit.fontawesome.com bcp.crwdcntrl.net *.googleadservices.com oss.maxcdn.com cdn.datatables.net adservice.google.com translate.google.com *.linkedin.com public.govdelivery.com sc-static.net *.mathtag.com region1.analytics.google.com sp.analytics.yahoo.com sdk.amazonaws.com maxcdn.bootstrapcdn.com img.youtube.com *.ads-twitter.com *.cloudfront.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 2 default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /nmms/csp-reporting-lo 2 connect-src 'self' adservice.google.com d3hb14vkzrxvla.cloudfront.net metrics.hotjar.io region1.google-analytics.com vc.hotjar.io www.google-analytics.com www.google.com yoast.com yoast.matomo.cloud 1004851.metrics.convertexperiments.com checkoutshopper-live.adyen.com distillery.wistia.com fast.wistia.com logs.convertexperiments.com pipedream.wistia.com unpkg.com content.hotjar.io maps.googleapis.com px.ads.linkedin.com wss://ws.hotjar.com embed-cloudfront.wistia.com rc8g2ucwjk-1.algolianet.com rc8g2ucwjk-2.algolianet.com rc8g2ucwjk-dsn.algolia.net surveystats.hotjar.io analytics.google.com beaconapi.helpscout.net chatapi.helpscout.net my.yoast.com stats.g.doubleclick.net translate-pa.googleapis.com translate.googleapis.com www.facebook.com; default-src 'self'; font-src 'self' data: fonts.gstatic.com fonts.bunny.net github.com script.hotjar.com s0.wp.com; frame-src td.doubleclick.net checkoutshopper-live.adyen.com platform.twitter.com www.youtube.com fast.wistia.net www.googletagmanager.com; img-src 'self' data: www.google.com www.googletagmanager.com checkoutshopper-live.adyen.com embed-ssl.wistia.com fast.wistia.com maps.gstatic.com secure.gravatar.com analytics.twitter.com d33v4339jhl8k0.cloudfront.net gleam.io googleads.g.doubleclick.net maps.googleapis.com px.ads.linkedin.com staging-platform.yoast.com syndication.twitter.com t.co www.facebook.com lh4.googleusercontent.com lh5.googleusercontent.com region1.google-analytics.com www.google-analytics.com yoast.matomo.cloud adservice.google.com s.gravatar.com translate.google.com translate.googleapis.com www.gstatic.com s0.wp.com 2.gravatar.com blob:; manifest-src 'self'; script-src-attr 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' beacon-v2.helpscout.net cdn-4.convertexperiments.com cdn.matomo.cloud enquete.agconsult.com gleam.io googleads.g.doubleclick.net maps.googleapis.com script.hotjar.com static.hotjar.com widget.gleamjs.io www.googletagmanager.com yoast.com fast.wistia.com checkoutshopper-live.adyen.com connect.facebook.net platform.twitter.com static.ads-twitter.com www.googleadservices.com fast.wistia.net mbyoastbv.activehosted.com www.google.com www.youtube.com translate-pa.googleapis.com translate.google.com translate.googleapis.com www.google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' beacon-v2.helpscout.net cdn-4.convertexperiments.com enquete.agconsult.com googleads.g.doubleclick.net static.hotjar.com wasm-eval www.googletagmanager.com yoast.com cdn.matomo.cloud gleam.io maps.googleapis.com script.hotjar.com widget.gleamjs.io checkoutshopper-live.adyen.com; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com js.gleam.io fonts.bunny.net www.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com js.gleam.io fonts.bunny.net; media-src blob: 'self' data: fast.wistia.com beacon-v2.helpscout.net; worker-src blob: data:; report-uri https://yoast.report-uri.com/r/t/csp/wizard 2 frame-ancestors 'self'; report-uri https://www.theaustralian.com.au/csp-reports 2 default-src https: data: blob: wss: android-webview-video-poster: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-to default; report-uri https://sentry.io/api/256178/csp-report/?sentry_key=c2fb05422b2242faaec1d6d8a2a000fc&sentry_environment=production&sentry_release=1.1.158 2 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: analytics.google.com *.googleapis.com *.omtrdc.net www.scb.co.th www.googletagmanager.com www.google.com *.gstatic.com ap1.cdn.thunderhead.com *.facebook.com cdnjs.cloudflare.com adservice.google.com *.tiktok.com *.doubleclick.net www.google.co.th www.google-analytics.com region1.analytics.google.com *.demdex.net www.google.com.sg www.youtube.com assets.adobedtm.com *.facebook.net info.scb.co.th *.everesttech.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 2 default-src 'self' *.fineco.it *.finecobank.com finecobank.com *.promotorifinecobank.it *.finecobank.co.uk www.youtube.com responder.wt-safetag.com www.google-analytics.com www.googletagmanager.com connect.facebook.net bat.bing.com track.adform.net js.omg.neodatagroup.com trz.neodatagroup.com pixeL.mathtag.com www.google.com g.microsoft.com s2.adform.net googLeads.g.doubLeclick.net static.opentok.com data: 'unsafe-eval' 'unsafe-inline'; frame-ancestors finecobank.com finecobank.co.uk *.fineco.it *.promotorifinecobank.it *.finecobank.co.uk; frame-src finecobank.com finecobank.co.uk *.fineco.it *.promotorifinecobank.it *.finecobank.co.uk www.youtube.com *.mateti.net vars.hotjar.com track.adform.net c1.adform.net widget.trustpilot.com cdn.krxd.net pixel.mathtag.com ; img-src 'self' data: https://images.fineco.it https://images.finecobank.com https://images-t.finecobank.com https://images-dev.finecobank.com https://finecobank.com http://localhost:9095 https://analytics.google.com https://t.mateti.net https://lt.morningstar.com https://www.morningstar.it https://t.co https://www.linkedin.com https://px.ads.linkedin.com https://d.omg.neodatagroup.com https://www.youronlinechoices.com https://uip.semasio.net https://server.seadform.net https://aax-eu.amazon-adsystem.com https://pixel.mathtag.com https://tracker.neodatagroup.com https://www.google-analytics.com https://*.twimg.com https://finecoitalia01.wt-eu02.net https://bat.bing.com https://www.facebook.com https://cm.g.doubLeclick.net https://match.adsrvr.org https://dmp.adform.net https://secure.adnxs.com https://b1sync.zemanta.com https://cms.anaLytics.yahoo.com https://trz.neodatagroup.com https://www.googLe.com https://www.googLe.it cdn.cookielaw.org https://beacon.krxd.net https://ups.analytics.yahoo.com; connect-src wss://tradepush.finecobank.com https://*.fineco.it https://*.finecobank.com https://finecobank.com https://analytics.google.com https://stats.g.doubleclick.net https://in.hotjar.com https://vc.hotjar.io https://script.crazyegg.com https://r.mateti.net wss://*.tokbox.com https://www.google-analytics.com https://www.google.com https://region1.google-analytics.com https://googleads.g.doubleclick.net https://*.tokbox.com https://config.opentok.com https://anvil.opentok.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.trustpilot.com https://cdn.krxd.net https://privacyportal-de.onetrust.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline'; script-src-elem 'self' *.fineco.it *.finecobank.com finecobank.com responder.wt-safetag.com static.opentok.com www.google-analytics.com track.adform.net s2.adform.net trz.neodatagroup.com pixel.mathtag.com d.omg.neodatagroup.com js.omg.neodatagroup.com www.googleadservices.com www.googletagmanager.com bat.bing.com connect.facebook.net googleads.g.doubleclick.net cdn.mateti.net static.hotjar.com static.ads-twitter.com snap.licdn.com script.crazyegg.com ethn.io script.hotjar.com analytics.twitter.com www.youtube.com widget.trustpilot.com cdn.cookielaw.org cdn.krxd.net beacon.krxd.net consumer.krxd.net 'unsafe-eval' 'unsafe-inline'; report-uri https://www.fineco.it/_csp-report 2 default-src 'self' *.pinduoduo.com *.pddpic.com *.yangkeduo.com *.pddugc.com *.pinduoduo.net *.v.smtcdns.net *.ourdvsss.com wss://*.pinduoduo.com wss://*.yangkeduo.com mapstyle.qpic.cn blob: data: 'unsafe-eval' 'unsafe-inline'; report-uri https://tc.pinduoduo.com/x.gif 2 default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; report-uri /_csp 2 default-src 'self'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://www.stage-new.ifx.virtual-identity.com/ https://www.infineon.com https://maps.google.com https://maps.googleapis.com https://www.google-analytics.com https://siteintercept.qualtrics.com https://zn4mbdaokn6kcahtg-cypress.siteintercept.qualtrics.com https://79423.analytics.edgekey.net https://cdnjs.cloudflare.com https://connect.facebook.net https://e.video-cdn.net https://img.en25.com https://oc-cdn-public-eur.azureedge.net https://rules.quantcount.com https://s1968580696.t.eloqua.com https://*.hotjar.com https://secure.quantserve.com https://snap.licdn.com https://www.google-analytics.com https://www.googletagmanager.com; style-src 'self' 'report-sample' 'unsafe-inline' https://www.stage-new.ifx.virtual-identity.com/ https://www.infineon.com https://*.hotjar.com https://cdn.botframework.com https://fonts.googleapis.com https://oc-cdn-public-eur.azureedge.net; object-src 'self'; connect-src 'self' https://www.infineon.com https://softwaretools.infineon.com https://toolbox-cloud-staging.cloudapps.infineon.com https://stg-community.infineon.com https://community.infineon.com https://maps.googleapis.com https://siteintercept.qualtrics.com https://api.flockler.com https://asset-out-cdn.video-cdn.net https://c.video-cdn.net https://ca.video-cdn.net https://d.video-cdn.net https://infineon.product-discontinuation.com https://licensing.bitmovin.com https://ma307-r.analytics.edgekey.net https://oc-cdn-public-eur.azureedge.net https://stats.g.doubleclick.net https://vod.video-cdn.net https://www.google-analytics.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; font-src 'self' data: https://e.video-cdn.net https://fonts.gstatic.com https://*.hotjar.com; frame-src 'self' https://www.infineon.com https://chatbot.infineon.com https://oc-cdn-public-eur.azureedge.net https://players.brightcove.net https://*.hotjar.com https://www.facebook.com https://www.youtube.com https://www.promeas.com; img-src 'self' data: https://www.infineon.com https://www.infineon-brandportal.com https://pbs.twimg.com https://www.kununu.com https://www.glassdoor.com https://s722891043.t.eloqua.com https://siteintercept.qualtrics.com https://asset-out-cdn.video-cdn.net https://media-api.flockler.com https://media-exp1.licdn.com https://pixel.quantserve.com https://px.ads.linkedin.com https://s1968580696.t.eloqua.com https://www.bluewind.it https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.de https://www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://maps.google.com https://*.hotjar.com; manifest-src 'self'; media-src 'self' data:; base-uri 'self'; report-uri https://www.infineon.com/rest/csp/report; worker-src blob:; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: ws: wss: https:; report-uri https://l.iplsc.com/logger/ 2 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://robbreport.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2 block-all-mixed-content; report-uri https://dmgm.report-uri.com/r/t/csp/reportOnly 2 default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; frame-ancestors 'self'; report-uri https://leafgroup.report-uri.com/r/d/csp/wizard 2 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://stylecaster.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 2 default-src 'self'; frame-ancestors 'self' https://teams.microsoft.com https://local.teams.office.com https://devspaces.skype.com https://ssauth.skype.com https://teams.microsoft.com.mcas.ms https://teams.microsoft.com.us3.cas.ms https://local.teams.office.com:8080 https://outlook-sdf.office.com https://outlook.office.com/ https://assignments.onenote.com https://browser-sandbox.meshxp.net/ https://spoolclientsdk.skype.com https://acsinternal-cte-beta.azurewebsites.net https://acssample-beta.azurewebsites.net https://acssample-stable.azurewebsites.net; base-uri 'none'; manifest-src 'self'; script-src 'self' 'wasm-unsafe-eval' 'report-sample' http://amcdn.msftauth.net https://amcdn.msftauth.net https://*.office365.com https://shell.cdn.office.net https://cdn.fluidpreview.office.net https://js.monitor.azure.com https://res-1.cdn.office.net https://res.cdn.office.net https://ch5.fluidpreview.office.net https://cdn.dev.fluidpreview.office.net https://dev.loop.microsoft.com https://res-sdf.cdn.office.net; style-src 'self' 'unsafe-inline' 'report-sample' https://*.office.net https://res.cdn.office.net https://cdn.fluidpreview.office.net https://ch5.fluidpreview.office.net https://cdn.dev.fluidpreview.office.net https://dev.loop.microsoft.com https://res-sdf.cdn.office.net; font-src 'self' data: https://*.office.net https://spoprod-a.akamaihd.net https://static2.sharepointonline.com fs.microsoft.com; img-src 'self' blob: data: https://*.office.com https://*.office365.com https://outlook.live.com https://*.teams.microsoft.com https://*.officeapps.live.com https://web.vortex.data.microsoft.com https://shell.cdn.office.net https://urlp.asm.skype.com https://urlp.sfbassets.com https://login.live.com https://storage.live.com; connect-src 'self' blob: https://* wss://whiteboard.microsoft.com/sync wss://*.whiteboard.microsoft.com wss://whiteboard.microsoft.com wss://*.svc.ms wss://dogfood.augloop.svc.cloud.microsoft wss://*.dogfood.augloop.svc.cloud.microsoft wss://*.augloop-dogfood.officeppe.com wss://augloop-dogfood.officeppe.com wss://augloop.svc.cloud.microsoft wss://*.augloop.svc.cloud.microsoft wss://*.augloop.office.com wss://augloop.office.com wss://augloop-gcc.office.com wss://*.augloop-gcc.office.com; worker-src 'self'; frame-src 'self' https://* https://webshell.suite.office.com; media-src 'none'; object-src 'none'; form-action 'self' https://*; report-uri https://csp.microsoft.com/report/WhiteboardWebClient-WhiteboardApp-PROD; report-to csp-endpoint; 2 default-src 'self' https://themes.googleusercontent.com/ https://apps.geodan.nl https://acc.apps.geodan.nl https://platform.twitter.com/ https://syndication.twitter.com/ http://www.rovid.nl https://geodata.rivm.nl https://statistiek.rijksoverheid.nl https://mebi.rivm.nl https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://data.rivm.nl/ https://chemkap.rivm.nl; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://statistiek.rijksoverheid.nl http://platform.twitter.com/ https://cdn.syndication.twimg.com https://mebi.rivm.nl https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://data.rivm.nl/ https://apps.rivm.nl https://chemkap.rivm.nl https://*.mopinion.com; object-src https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/; style-src 'self' 'unsafe-inline' https://platform.twitter.com/ https://ton.twimg.com/ https://mebi.rivm.nl https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://*.mopinion.com; img-src 'self' https://rivm.nl/ https://*.rivm.nl/ https://statistiek.rijksoverheid.nl/ https://geodata.nationaalgeoregister.nl/ https://syndication.twitter.com/ https://pbs.twimg.com/ https://ton.twimg.com/ https://abs.twimg.com/ https://platform.twitter.com/ http://abs.twimg.com/ data: http://www.rovid.nl https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://service.pdok.nl/ https://data.rivm.nl/ https://*.openstreetmap.org/ https://chemkap.rivm.nl; frame-src 'self' https://cibrapportage.rivm.nl https://esp-ext.rivm.nl https://login-ext.rivm.nl https://chemkap.rivm.nl https://www.infectieradar.nl; frame-ancestors 'self' https://www.atlasleefomgeving.nl https://*.gezondeleefomgeving.nl https://*.woondossier.nl/ https://roosendaal.incijfers.nl https://*.nhnieuws.nl https://chemkap.rivm.nl https://www.infectieradar.nl; child-src https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://data.rivm.nl/ ; font-src 'self' https://rivm.nl/ https://*.rivm.nl/ https://themes.googleusercontent.com/ https://cstm.rivm.nl/ https://*.mopinion.com https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ data: ; connect-src 'self' https://mebi.rivm.nl/ https://statistiek.rijksoverheid.nl/ https://statistiek.rijksoverheid.nl/* https://cstm.rivm.nl/ https://cstm.rivm.nl/* https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://acc-api.rivm.nl https://api.rivm.nl/ https://api.pdok.nl/* https://*.mopinion.com; report-uri /report-csp-violation 2 default-src https: 'unsafe-inline' 2 default-src data: blob: about: 'self' 'unsafe-inline' 'unsafe-eval' https: wss:; report-uri /csp/report?always; 2 script-src 'self' 'unsafe-eval' 'unsafe-inline' *.drip.com *.hsappstatic.net *.sleeknote.com *.zdassets.com *.zendesk.com *.hubspot.com *.hubspot.net *.hs-analytics.net *.hs-banner.com *.cloudflare.com *.zi-scripts.com *.g2crowd.com unpkg.com *.tiktok.com *.quora.com *.bing.com *.redditstatic.com *.ads-twitter.com *.licdn.com *.facebook.net *.snapchat.com sc-static.net *.clearbitscripts.com *.dreamdata.cloud 2 default-src 'self'; script-src 'self' 'unsafe-inline' https://cdn-ukwest.onetrust.com/scripttemplates/ https://websdk.appsflyer.com/ https://www.google.com/recaptcha/enterprise.js https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com/gtag/js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdn.segment.com; style-src 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' https://www.moonpay.com https://api.moonpay.com https://api.coingecko.com https://cdn-ukwest.onetrust.com https://*.launchdarkly.com https://geolocation.onetrust.com https://o465989.ingest.sentry.io https://vitals.vercel-insights.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://logs.browser-intake-datadoghq.com https://cdn.segment.com; font-src 'self' https://static.moonpay.com; frame-src 'self' https://buy.moonpay.com https://sell.moonpay.com https://www.google.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'self' https://cdn-ukwest.onetrust.com https://images.ctfassets.net https://static.moonpay.com; manifest-src 'self'; media-src 'self'; worker-src 'self'; frame-ancestors 'none'; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub4f9819648cf6c369f00daa5b3a3a0ea7&dd-evp-origin=content-security-policy&ddsource=csp-report 2 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https://* data: ; frame-src https://* about: javascript: 2 default-src https: 'unsafe-inline' data: 2 : default-src 'self'; report-uri https://mtsrs.report-uri.com/r/d/csp/reportOnly; 2 worker-src https: 'unsafe-inline'; report-uri https://api.mp.pl/csp-violation/ 2 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; 2 default-src 'self'; script-src 'report-sample' 'self' https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js https://www.recaptcha.net/recaptcha/api.js www.gstatic.com; style-src 'report-sample' 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' careem.com https://www.google-analytics.com; font-src 'self'; frame-src 'self' https://www.googletagmanager.com https://www.recaptcha.net https://www.youtube.com; img-src 'self' https://upload-cdn.careem.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self' https://upload-cdn.careem.com; report-uri https://646c74d0974ac544f93aad6a.endpoint.csper.io/?v=3; worker-src 'none'; form-action 'self'; 2 default-src 'self' www.slu.se student.slu.se internt.slu.se artdatabanken.se www.universitetsdjursjukhuset.se; img-src 'self'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' *.euro.confirmit.com *.getsitecontrol.com *.episerver.net *.siteimproveanalytics.com *.sitester.com www.universitetsdjursjukhuset.se *.slu.se sp.tinymce.com fonts.gstatic.com translate.google.com translate.googleapis.com; style-src 'self' https: 'unsafe-inline'; font-src 'self' data:; object-src 'none'; form-action 'self'; base-uri 'self'; frame-src *.kaltura.nordu.net *.slu.se *.emg-srs.com *.youtube.com; frame-ancestors 'self'; connect-src 'self' *.vizzit.se digitalfeedback.euro.confirmit.com matomo.slu.se; report-to cspViolations; report-uri /api/CspViolationReport 2 default-src blob: data: 'self' 'unsafe-inline' 'unsafe-eval' https: wss: moz-extension: chrome-extension: http://fonts.googleapis.com/ http://whova.com http://*.twimg.com; report-uri https://whova.com/_csp 2 default-src 'self'; script-src 'report-sample' 'self' https://rum.layer0.co/latest.js https://cdn.optimizely.com/js/25353130117.js https://tags.srv.stackadapt.com/saq_pxl *.stackadapt.com https://cdn.cookielaw.org https://cdn.treasuredata.com/sdk/2.5/td.min.js https://cdn.treasuredata.com/sdk/3.1/td.min.js https://dynamic.criteo.com/js/ld/ld.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/994487809/ https://eu01.in.treasuredata.com/js/v3/event/src/js_pageview_mms_phoenix https://in.treasuredata.com/js/v3/event/src/js_pageview_mms_phoenix https://js-cdn.dynatrace.com https://marsconfigurator.ui.mms.com/main.js https://sslwidget.criteo.com/event *.klaviyo.com https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://www.dwin1.com/3219.js https://www.googletagmanager.com 'unsafe-inline' 'unsafe-eval'; style-src 'report-sample' 'self' https://tags.srv.stackadapt.com/sa.css https://cdnjs.cloudflare.com 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' data: https://eu01.in.treasuredata.com/js/v3/event/src/js_pageview_mms_phoenix https://eu01.in.treasuredata.com/js/v3/enable_global_id https://logx.optimizely.com/v1/events https://tags.srv.stackadapt.com/saq_pxl *.stackadapt.com https://bf98027gkr.bf.dynatrace.com https://cdn-marsconfigurator-service.mms.com https://cdn.cookielaw.org https://gtm.mms.com https://www.google-analytics.com https://www.google.com https://googleads.g.doubleclick.net; font-src 'self' https://cdnjs.cloudflare.com https://marsconfigurator.service.mms.com data:; frame-src 'self' https://td.doubleclick.net/ https://a25353130117.cdn.optimizely.com/ https://9452702.fls.doubleclick.net https://gum.criteo.com https://widget.trustpilot.com; img-src 'self' data: https://ad.360yield.com https://ad.doubleclick.net/ https://ade.clmbtech.com https://ads.stickyadstv.com https://c.bing.com https://cdn.cookielaw.org https://cdn.media.amplience.net https://cm.g.doubleclick.net https://contextual.media.net https://criteo-partners.tremorhub.com https://criteo-sync.teads.tv https://e1.emxdgt.com https://eb2.3lift.com https://exchange.mediavine.com https://gum.criteo.com https://https https://i.liadm.com https://ib.adnxs.com https://marsconfigurator.service.mms.com https://match.sharethrough.com https://matching.ivitrack.com https://partner.mediawallahscript.com https://pixel.rubiconproject.com https://r.casalemedia.com https://rtb-csync.smartadserver.com https://s.ad.smaato.net https://secure.adnxs.com https://simage2.pubmatic.com https://sync-criteo.ads.yieldmo.com https://sync-t1.taboola.com https://sync.outbrain.com https://tg.socdm.com https://trends.revcontent.com https://ups.analytics.yahoo.com https://visitor.omnitagjs.com https://www.google.ca https://www.google.com https://www.googletagmanager.com https://x.bidswitch.net *.stackadapt.com; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:; 2 default-src 'self' *; media-src 'self' * data: ; font-src 'self' * data: ; img-src 'self' data: blob: *; script-src * 'unsafe-inline' 'unsafe-eval' data: *; style-src 'self' 'unsafe-inline' *; worker-src 'self' * blob: ; report-uri /api/csp-violation 2 default-src *; script-src data: http: https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: 'unsafe-inline' https: *.bootstrapcdn.com; img-src * 'self' data: blob:; font-src *; connect-src https:; media-src *; object-src 'none'; frame-src *; report-uri https://www.hsag.com/_csp; 2 default-src https: 'unsafe-inline' 'unsafe-eval'; worker-src blob:; img-src https: data:; font-src https: data:; report-uri https://idg.report-uri.io/r/default/csp/reportOnly 2 default-src 'self' https://*.ebizautos.com; img-src *; script-src 'self' 'unsafe-inline' *; font-src *; media-src *; frame-src *; manifest-src 'self'; style-src 'self' 'unsafe-inline' *; connect-src https://*; object-src 'none'; worker-src 'none'; base-uri 'self'; 2 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.co.uk region1.analytics.google.com www.sagaftra.org www.google.ca *.googleapis.com www.google.ie cdnjs.cloudflare.com *.gstatic.com www.rnengage.com *.doubleclick.net maxcdn.bootstrapcdn.com html5-player.libsyn.com img04.en25.com www.google.com *.eloqua.com www.youtube.com code.jquery.com *.siteimproveanalytics.io momentjs.com cdn01.boxcdn.net www.google-analytics.com *.oraclecloud.com *.custhelp.com fast.fonts.net analytics.google.com www.googletagmanager.com siteimproveanalytics.com cdn.honey.io web-writer.us.smartlook.cloud cdn.datatables.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 2 font-src *.googleapis.com fonts.gstatic.com fonts.googleapis.com https://fonts.gstatic.com *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: static.curations.bazaarvoice.com maxcdn.bootstrapcdn.com cdn.dynamicyield.com *.hotjar.com x.klarnacdn.net *.yotpo.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.bazaarvoice.com stg.api.bazaarvoice.com www.facebook.com *.wahooligan.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com js.stripe.com *.affirm.com *.affirm.ca display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com https://www.googletagmanager.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com insight.adsrvr.org match.adsrvr.org www.affirm.com sandbox.affirm.com bugcrowd.com imgs.cdn-btsg.com *.cloudfront.net consentag.eu track.cordial.io gum.criteo.com bid.g.doubleclick.net *.fls.doubleclick.net td.doubleclick.net www.facebook.com script.google.com *.googleapis.com *.hotjar.com *.iterable.com *.klarnaservices.com *.online-metrix.net privacyportal-cdn.onetrust.com imgs.signifyd.com *.vimeo.com vimeo.com *.wahooligan.com record.webeyez.com d.emails.wahoofitness.com wahoofitness.yonyx.com *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.googleapis.com *.gstatic.com maps.googleapis.com maps.gstatic.com *.affirm.com *.affirm.ca display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com https://helloextend-static-assets.s3.amazonaws.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com *.adnxs.com public.adobecc.com data.adxcel-ec2.com insight.adsrvr.org match.adsrvr.org *.amazonaws.com *.atdmt.com *.bing.com *.bazaarvoice.com imgs.cdn-btsg.com *.clarity.ms cdn.cookielaw.org dis.criteo.com gum.criteo.com *.ctnsnet.com ad.doubleclick.net cm.g.doubleclick.net stats.g.doubleclick.net cdn.dynamicyield.com www.facebook.com *.google.com *.googletagmanager.com *.hotjar.com *.iterable.com kcc0.com *.klarnaevt.com *.klarnaservices.com *.klarnauserservices.com *.ktxlytics.io www.lightboxcdn.com simage2.pubmatic.com alb.reddit.com imgs.signifyd.com image.simplecastcdn.com t.co tk0x1.com *.wahoofitness.com *.xg4ken.com ads.yahoo.com *.analytics.yahoo.com *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com *.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com www.gstatic.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com js.stripe.com *.affirm.com *.affirm.ca apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com https://*.helloextend.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.adnxs.com js.adsrvr.org cdn.jsdelivr.net lightboxapi.azurewebsites.net cdn.attn.tv bam-cell.nr-data.net *.bazaarvoice.com bat.bing.com bugcrowd.com assets.bugcrowdusercontent.com imgs.cdn-btsg.com *.clarity.ms static.curations.bazaarvoice.com consentag.eu cdn.cookielaw.org track.cordial.io script.crazyegg.com static.criteo.net sslwidget.criteo.com *.ctnsnet.com cdn.dynamicyield.com st.dynamicyield.com connect.facebook.net *.fontawesome.com *.google.com googleads.g.doubleclick.net *.hotjar.com *.iterable.com *.ktxlytics.io www.lightboxcdn.com cdn.livesession.io i.loopme.me js-agent.newrelic.com bam.nr-data.net code.jquery.com eu-library.klarnaservices.com eu-library.playground.klarnaservices.com oc-library.klarnaservices.com oc-library.playground.klarnaservices.com x.klarnacdn.net geolocation.onetrust.com cdn.optimizely.com www.redditstatic.com www.refersion.com assets.reflow.tv cdn.segment.com imgs.signifyd.com static.ads-twitter.com analytics.twitter.com d.emails.wahoofitness.com record.webeyez.com sec.webeyez.com *.xg4ken.com *.yotpo.com www.youtube.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com display.ugc.bazaarvoice.com https://fonts.googleapis.com *.fontawesome.com static.curations.bazaarvoice.com maxcdn.bootstrapcdn.com cdn.cookielaw.org cdn.dynamicyield.com *.hotjar.com www.lightboxcdn.com x.klarnacdn.net *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.bazaarvoice.com data: mpsnare.iesnare.com www.wahoofitness.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.googleapis.com *.affirm.com *.affirm.ca api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com https://*.helloextend.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.attentivemobile.com *.attn.tv bam-cell.nr-data.net *.bing.com imgs.cdn-btsg.com *.clarity.ms cdn.cookielaw.org track.cordial.io script.crazyegg.com i.ctnsnet.com stats.g.doubleclick.net *.dynamicyield.com www.facebook.com analytics.google.com *.analytics.google.com *.hotjar.com *.hotjar.io mpsnare.iesnare.com *.iterable.com wss: gdpr.loopme.com i.loopme.me *.klarnaservices.com *.klarnauserservices.com *.ktxlytics.io rs.livesession.io bam.nr-data.net *.onetrust.com insight.reflow.tv api.segment.io cdn.segment.com imgs.signifyd.com bt.signifyd.com bt.signifyd.com:1103 bt.signifyd.com:11103 d.emails.wahoofitness.com vimeo.com record.webeyez.com send.webeyez.com *.yotpo.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://b73c76520e1c6fd88a089eacc1b590fe.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 2 form-action *.facebook.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.fls.doubleclick.net *.doubleclick.net *.hotjar.com *.hotjar.io wss://*.hotjar.com *.omtrdc.net *.twitter.com covers.odilo.io *.ads-twitter.com *.facebook.com *.facebook.net cdn.cookielaw.org www.googletagmanager.com online.bancosantander.es a.omappapi.com *.googleapis.com extend.vimeocdn.com www.google-analytics.com t.co adservice.google.com *.linkedin.com region1.google-analytics.com sso.santanderopenacademy.com *.santanderopenacademy.com *.universia.net fonts.gstatic.com in-automate.sendinblue.com z.omappapi.com api.omappapi.com snap.licdn.com images.findawayworld.com *.tiktok.com privacyportal-de.onetrust.com sibautomation.com use.typekit.net pro-becas-images-s3.s3.eu-west-1.amazonaws.com; frame-ancestors 'self' sso.santanderopenacademy.com *.santanderopenacademy.com; connect-src 'self' cdn.equalweb.com *.universia.net pro-becas-images-s3.s3.eu-west-1.amazonaws.com www.linkedin.com script.hotjar.com img.youtube.com px4.ads.linkedin.com t.co surveystats.hotjar.io analytics.twitter.com www.google.es mboxedge37.tt.omtrdc.net santanderuniversidad.tt.omtrdc.net www.googletagservices.com www.google.ie www.facebook.com cdn.cookielaw.org googleads.g.doubleclick.net stats.g.doubleclick.net www.google.com pagead2.googlesyndication.com region1.analytics.google.com region1.google-analytics.com vc.hotjar.io metrics.hotjar.io wss://ws.hotjar.com ws.hotjar.com content.hotjar.io www.google-analytics.com px.ads.linkedin.com analytics.tiktok.com *.pangle-ads.com *.omappapi.com *.vimeo.com sso.santanderopenacademy.com *.santanderopenacademy.com; font-src 'self' script.hotjar.com fonts.gstatic.com data:; frame-src 'self' www.youtube.com www.google.com *.doubleclick.net track.adform.net www.facebook.com *.universia.net sso.santanderopenacademy.com *.santanderopenacademy.com *.vimeo.com; img-src 'self' data: su-commons-documents.s3.eu-west-1.amazonaws.com pro-becas-images-s3.s3.eu-west-1.amazonaws.com i.ytimg.com non-productive-alfred-s3.s3.eu-west-1.amazonaws.com *.universia.net img.youtube.com cdn.cookielaw.org www.facebook.com fonts.gstatic.com www.google.ie www.google.com www.google.es www.googletagmanager.com www.google-analytics.com px.ads.linkedin.com px4.ads.linkedin.com t.co analytics.twitter.com covers.odilo.io images.findawayworld.com *.doubleclick.net *.odilotk.es; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'unsafe-eval' www.google.com cdn.jsdelivr.net cdn.equalweb.com code.jquery.com track.adform.net s2.adform.net www.googletagservices.com cdn.cookielaw.org googleads.g.doubleclick.net connect.facebook.net static.hotjar.com metrics.hotjar.io script.hotjar.com www.googletagmanager.com www.google-analytics.com snap.licdn.com static.ads-twitter.com analytics.tiktok.com *.googleapis.com pro-becas-images-s3.s3.eu-west-1.amazonaws.com *.gstatic.com *.omappapi.com; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com www.googletagmanager.com fonts.googleapis.com *.omappapi.com; worker-src *.universia.net 2 object-src players.brightcove.net www.realpage.com s.realpage.com vjs.zencdn.net;img-src * blob: data: ; font-src acsbapp.com www.realpage.com s.realpage.com use.typekit.net fonts.gstatic.com vjs.zencdn.net maxcdn.bootstrapcdn.com www.slant.co data:; style-src *.typekit.net *.realpage.com fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' *.realpage.com *.seismic.com www.realpagelearning.com *.yieldstar.com *.mpfyieldstar.com www.on-site.com; report-uri https://cspreports.realpage.com/api/reports/save/report-only; 2 default-src 'self'; script-src 'self' *.argenta.be *.googleapis.com *.adobedtm.com *.googletagmanager.com *.doubleclick.net *.adsrvr.org *.teads.tv *.facebook.net *.hotjar.com *.tiqcdn.com *.pingdom.net *.google.ie 'unsafe-inline' 'unsafe-eval' wasm-eval; style-src 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' https://agentaspaarbank.tt.omtrdc.net *.googleapis.com *.simargenta.be *.argenta.be *.teads.tv *.googlesyndication.com *.pingdom.net; font-src 'self'; frame-src 'self' *.tst-argenta.be *.adsrvr.org *.teads.tv *.doubleclick.net; img-src 'self' *.argenta.be *.simargenta.be *.facebook.com *.google.be *.google.com *.google.ie *.teads.tv *.gstatic.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; 2 default-src 'self'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.walkme.com https://analytics.tiktok.com https://connect.facebook.net https://extend.vimeocdn.com/ga/41833415.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10892526870/ https://js.adsrvr.org/up_loader.1.1.0.js https://maps.googleapis.com https://up.pixel.ad/assets/up.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com; style-src 'self' 'report-sample' 'unsafe-inline' https://fonts.googleapis.com https://*.walkme.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://analytics.tiktok.com https://maps.googleapis.com https://www.google-analytics.com https://*.walkme.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://insight.adsrvr.org https://pixel.sitescout.com https://player.vimeo.com https://td.doubleclick.net https://video.ball.com https://www.youtube.com https://*.walkme.com; img-src 'self' data: https://maps.googleapis.com https://maps.gstatic.com https://pixel.sitescout.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; form-action 'self'; frame-ancestors 'self' https://ball-com-2021-cms.bluemod.me/ https://vision-dev-cms.ball.com https://vision-test-cms.ball.com https://vision-cms.ball.com; 2 default-src 'self' *.smartschool.be; script-src 'self' 'unsafe-inline' 'unsafe-eval' c0.wp.com https://ssl.p.jwpcdn.com stats.wp.com use.typekit.net p.jwpcdn.com *.google-analytics.com; script-src-attr 'none'; style-src 'self' *.smartschool.be 'unsafe-inline' c0.wp.com; font-src 'self' *.smartschool.be *.typekit.net wordpress.com data:; img-src 'self' *.typekit.net pixel.wp.com *.google-analytics.com stats.g.doubleclick.net data:; connect-src performance.typekit.net stats.g.doubleclick.net; report-uri /csp-violation.php 2 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: stats.epayworldwide.com imgsct.cookiebot.com *.gstatic.com consentcdn.cookiebot.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 2 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; connect-src https: wss:; report-uri /csp-report 2 child-src 'self' blob:; connect-src 'self' script.crazyegg.com tracking.crazyegg.com www.google-analytics.com maps.googleapis.com stats.addtoany.com pagestates-tracking.crazyegg.com/healthcheck assets-tracking.crazyegg.com/healthcheck va.msg.liveperson.net analytics.google.com stats.g.doubleclick.net cadcdnprod01v2-daffhpb7b8cdfkhx.z01.azurefd.net; default-src 'self'; font-src 'self' data: fonts.gstatic.com cadcdnprod01v2-daffhpb7b8cdfkhx.z01.azurefd.net; frame-ancestors 'self'; frame-src 'self' lpcdn.lpsnmedia.net va.idp.liveperson.net static.addtoany.com share.transistor.fm www.onlinebanktours.com player.vimeo.com fintactix.com bancorpsouth.custhelp.com cadcdnprod01v2-daffhpb7b8cdfkhx.z01.azurefd.net insight.adsrvr.org match.adsrvr.org va.msg.liveperson.net 9936641.fls.doubleclick.net td.doubleclick.net www.fintactix.com; img-src 'self' data: d21y75miwcfqoq.cloudfront.net cadcdnuat01.azureedge.net cadcdnuat01v2-chechzengkggh4gt.z01.azurefd.net maps.gstatic.com maps.googleapis.com i.vimeocdn.com cadcdnprod01v2-daffhpb7b8cdfkhx.z01.azurefd.net https://www.facebook.com/tr/ lpcdn.lpsnmedia.net googleads.g.doubleclick.net www.google.com ad.doubleclick.net ib.adnxs.com/pixie; media-src 'self' cadcdnuat01v2-chechzengkggh4gt.z01.azurefd.net cadcdnprod01v2-daffhpb7b8cdfkhx.z01.azurefd.net lpcdn.lpsnmedia.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com script.crazyegg.com lptag.liveperson.net accdn.lpsnmedia.net lpcdn.lpsnmedia.net va.v.liveperson.net cadcdnuat01.azureedge.net cadcdnuat01v2-chechzengkggh4gt.z01.azurefd.net static.cloudflareinsights.com maps.googleapis.com static.addtoany.com cadcdnprod01v2-daffhpb7b8cdfkhx.z01.azurefd.net js.adsrvr.org/up_loader.1.1.0.js connect.facebook.net www.googleadservices.com acdn.adnxs.com/dmp/up/pixie.js; style-src 'self' 'unsafe-inline' fonts.googleapis.com cadcdnprod01v2-daffhpb7b8cdfkhx.z01.azurefd.net; 2 font-src fonts.gstatic.com use.fontawesome.com *.fontawesome.com audioeye.com *.audioeye.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com www.youtube.com youtu.be www.youtube-nocookie.com audioeye.com *.audioeye.com checkout.sezzle.com sandbox.checkout.sezzle.com https://www.googletagmanager.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com fortnine.ca *.fortnine.ca defender.com *.defender.com https://c683207.ssl.cf2.rackcdn.com www.youtube.com *.youtube.com youtu.be www.google.ca www.googletagmanager.com www.facebook.com cdn.datamanager.arinet.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com polyfill.io apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com fortnine.ca *.fortnine.ca defender.com *.defender.com *.newrelic.com bam.nr-data.net *.nr-data.net fullstory.com www.youtube.com *.youtube.com youtu.be googleads.g.doubleclick.net connect.facebook.net static.cloudflareinsights.com *.cloudflareinsights.com js.authorize.net *.fontawesome.com audioeye.com *.audioeye.com checkout-sdk.sezzle.com sandbox.checkout-sdk.sezzle.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com display.ugc.bazaarvoice.com fortnine.ca *.fortnine.ca defender.com *.defender.com fonts.googleapis.com use.fontawesome.com *.fontawesome.com audioeye.com *.audioeye.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.algolia.net *.algolia.com *.algolianet.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com fortnine.ca *.fortnine.ca defender.com *.defender.com algolianet.com *.algolianet.com bam.nr-data.net *.nr-data.net analytics.google.com www.facebook.com js.authorize.net jstest.authorize.net ws1.postescanada-canadapost.ca *.postescanada-canadapost.ca audioeye.com *.audioeye.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src fortnine.ca *.fortnine.ca defender.com *.defender.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/chromeenterprise_google 2 img-src https: blob:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; 2 default-src 'self' 'unsafe-inline' hcfmhvpbqfb6.statuspage.io iwantmyname.com www.gstatic.com *.iwantmyname.com *.centralnicgroup.com ; connect-src 'self' data: adblockers.opera-mini.net api.adblocknext.com api.awesomeblocker.com api.iwantmyname.com assets.evrpg.com cdn.honey.io cdn.rawgit.com cdn.siftscience.com fonts.googleapis.com hcfmhvpbqfb6.statuspage.io iwantmyname.com mozbar.moz.com perf-eu1.hsforms.com region1.analytics.google.com rum.optimizely.com stats.g.doubleclick.net translate.googleapis.com view.light-speed.com wss://api.iwantmyname.com *.hubspot.com *.analytics.google.com *.google-analytics.com *.statuspage.io *.centralnicgroup.com * ; img-src 'self' data: about: cdn.honey.io fonts.googleapis.com fonts.gstatic.com hexagon-analytics.com images.iwantmyname.com perf-eu1.hsforms.com region1.analytics.google.com shareasale.com syndication.twitter.com translate.google.com use.fontawesome.com www.googletagmanager.com *.hubspot.com *.analytics.google.com *.google-analytics.com *.typekit.net * ; font-src 'self' data: assets.evrpg.com cdn.honey.io fonts.googleapis.com fonts.gstatic.com ncspublicasset.s3.eu-west-3.amazonaws.com pro.fontawesome.com ray.st region1.analytics.google.com use.fontawesome.com use.typekit.net *.analytics.google.com *.google-analytics.com * ; media-src 'self' data: ; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net pro.fontawesome.com * ; style-src-elem 'self' 'unsafe-inline' adblockers.opera-mini.net cdn.honey.io cdn.jsdelivr.net cdn.rawgit.com fonts.googleapis.com fonts.gstatic.com gc.kis.v2.scr.kaspersky-labs.com iwantmyname.com js-eu1.hs-analytics.net js-eu1.hs-banner.com js-eu1.hsleadflows.net js-eu1.usemessages.com js.hs-scripts.com pro.fontawesome.com s7.addthis.com translate.google.com use.fontawesome.com www.google-analytics.com *.hubspot.com *.centralnicgroup.com * ; frame-src 'self' *.google.com hcfmhvpbqfb6.statuspage.io mozbar.moz.com platform.twitter.com region1.analytics.google.com webmarshal.home www.googletagmanager.com *.analytics.google.com *.google-analytics.com * ; worker-src 'self' blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com api.getvero.com cdn.honey.io cdn.optimizely.com cdn.rawgit.com cdn.siftscience.com cdn.statuspage.io cdnjs.cloudflare.com hcfmhvpbqfb6.statuspage.io iwantmyname.com js-eu1.hs-analytics.net js-eu1.hs-banner.com js-eu1.hs-scripts.com js-eu1.hsleadflows.net js-eu1.usemessages.com js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsleadflows.net platform.twitter.com s7.addthis.com statuspage-production.s3.amazonaws.com translate.googleapis.com use.typekit.net view.light-speed.com www.google.com www.gstatic.com *.cloudfront.net *.hubspot.com *.googletagmanager.com *.analytics.google.com *.google-analytics.com *.centralnicgroup.com * ; report-uri https://iwantmyname.com/CSP_report; 2 font-src fonts.gstatic.com use.typekit.net *.fontawesome.com https://*.tassimo.com https://*.lorespresso.com https://fonts.gstatic.com https://use.fontawesome.com https://d6tizftlrpuof.cloudfront.net https://staticw2.yotpo.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://*.adyen.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com https://*.tassimo.com https://*.lorespresso.com https://*.fls.doubleclick.net https://vars.hotjar.com https://*.pinterest.com https://*.criteo.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.ftcdn.net *.behance.net *.adyen.com https://*.tassimo.com https://*.lorespresso.com https://www.google.com https://www.google.com.ua https://adservice.google.com https://ade.googlesyndication.com https://www.googletagmanager.com https://*.doubleclick.net https://eu-west-1-wtb-tag-api.swaven.com https://*.usabilla.com https://d6tizftlrpuof.cloudfront.net https://*.bing.com https://*.pinterest.com https://*.yotpo.com https://*.clarity.ms https://*.cookielaw.org https://jde.blueconic.net https://*.contentsquare.net https://*.bidswitch.net https://*.adnxs.com https://*.casalemedia.com https://*.360yield.com https://*.media.net https://*.mediavine.com https://*.outbrain.com https://*.pubmatic.com https://*.rubiconproject.com https://*.sharethrough.com https://*.smartadserver.com https://*.taboola.com https://*.teads.tv https://*.3lift.com https://*.yahoo.com https://*.adform.net https://*.omnitagjs.com https://*.criteo.com https://id5-sync.com https://*.ivitrack.com https://*.tremorhub.com https://*.yieldlab.net https://*.yieldmo.com https://*.openx.net https://*.krxd.net https://*.1rx.io https://*.thebrighttag.com https://*.eyeota.net https://*.tapad.com https://*.postcodeanywhere.co.uk https://*.igodigital.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.adyen.com https://unpkg.com *.avada.io https://*.tassimo.com https://*.lorespresso.com https://www.google.com https://www.gstatic.com https://*.googleapis.com https://www.googleoptimize.com https://www.googletagmanager.com https://*.blueconic.net https://jdeco11112.pcapredict.com https://*.swaven.com https://*.usabilla.com https://cdn.cookielaw.org https://connect.facebook.net https://*.hotjar.com https://p.teads.tv https://www.dwin1.com https://bat.bing.com https://s.pinimg.com https://swrap.tradedoubler.com https://ad.avtm.fr https://*.clarity.ms https://staticw2.yotpo.com https://mpsnare.iesnare.com https://*.contentsquare.net https://*.criteo.com https://*.cloudfront.net https://*.postcodeanywhere.co.uk https://*.igodigital.com https://*.boost.ai *.yotpo.com https://js-agent.newrelic.com/ https://bam.eu01.nr-data.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://*.tassimo.com https://*.lorespresso.com https://fonts.googleapis.com https://use.fontawesome.com https://*.blueconic.net https://d6tizftlrpuof.cloudfront.net https://staticw2.yotpo.com https://*.postcodeanywhere.co.uk *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://mpsnare.iesnare.com data: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.adobe.io performance.typekit.net *.sentry.io *.adyen.com https://get.geojs.io *.avada.io https://*.tassimo.com https://*.lorespresso.com https://*.blueconic.net https://*.swaven.com https://www.google.com https://www.google-analytics.com https://*.googleapis.com https://*.g.doubleclick.net https://pagead2.googlesyndication.com https://cdn.cookielaw.org https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.clarity.ms https://*.onetrust.com https://ct.pinterest.com https://mpsnare.iesnare.com wss://mpsnare.iesnare.com https://*.contentsquare.net https://*.boost.ai *.yotpo.com https://bam.eu01.nr-data.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://d6tizftlrpuof.cloudfront.net https://*.boost.ai 'self' 'unsafe-inline'; 2 default-src 'self' http: https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self'; 2 font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.dotdigital-pages.com *.dotdigital.com js.stripe.com cdn.dnky.co webchat.dotdigital.com *.us1.gigya.com *.openpay.mx *.openpay.co *.mercadolibre.com *.opencontrol.mx *.kaptcha.com *.openpay.pe *.paynet.com.mx *.google.com *.google.com.br *.criteo.com *.doubleclick.net *.cloudfront.net *.nr-data.net *.enviou.com.br *.facebook.com *.facebook.net *.newrelic.com http://receiver.posclick.dinamize.com *.gigya-api.com *.panini.com.br c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com *.us1.gigya.com 'self' data: 'unsafe-inline' data: *.postimg.cc *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com *.openpay.mx *.google.com *.google.com.br *.panini.canto.global https://panini.canto.global *.cloudfront.net *.doubleclick.net *.g.doubleclick.net *.ivitrack.com *.bidswitch.net *.criteo.com *.nr-data.net *.enviou.com.br *.facebook.com *.facebook.net *.newrelic.com http://receiver.posclick.dinamize.com *.gigya-api.com *.panini.com.br www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.adyen.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com js.stripe.com cdn.conekta.io conektaapi.s3.amazonaws.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.us1.gigya.com s7.addthis.com *.mlstatic.com *.mercadopago.com *.s3.amazonaws.com *.openpay.co *.openpay.pe *.google-analytics.com *.google.com/recaptcha/ *.gstatic.com/recaptcha/ *.google.com *.google.com.br *.vendavalida.com.br *.zdassets.com *.criteo.com *.enviou.com.br *.cloudfront.net *.nr-data.net *.facebook.com *.facebook.net *.newrelic.com http://receiver.posclick.dinamize.com *.gigya-api.com *.panini.com.br assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com cdn.dnky.co webchat.dotdigital.com 'unsafe-inline' data: unsafe-inline *.googleapis.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net *.adobe.io performance.typekit.net www.sandbox.paypal.com commerce.adobe.net qa-api.magedevteam.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.conekta.io api.comapi.com webchat.dotdigital.com *.openpay.mx *.openpay.co ekr.zdassets.com/ *.mercadopago.com *.mercadolibre.com *.openpay.pe *.google.com *.google.com.br *.criteo.com *.vendavalida.com.br *.zendesk.com *.doubleclick.net *.us1.gigya.com *.cloudfront.net *.nr-data.net *.enviou.com.br *.facebook.com *.facebook.net *.newrelic.com http://receiver.posclick.dinamize.com *.gigya-api.com *.panini.com.br www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com t.elasticsuite.io *.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src portal.bulkgate.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com *.benu.hu data: *.googleapis.com *.hotjar.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com portal.bulkgate.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com portal.bulkgate.com *.facebook.com business.facebook.com data: *.google.com *.youtube.com *.publitas.com *.fliphtml5.com *.hotjar.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net *.vimeocdn.com s.ytimg.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com portal.bulkgate.com *.facebook.com business.facebook.com https://redchamps.com www.safemage.com *.benu.hu *.cloudfront.net *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com image.arukereso.hu *.google.hu *.hotjar.com *.arukereso.hu *.bing.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com portal.bulkgate.com *.gstatic.com business.facebook.com *.avada.io https://cdnjs.cloudflare.com maps.googleapis.com *.google.com *.googletagmanager.com https://googleads.g.doubleclick.net *.googleadservices.com *.prefixbox.com *.publitas.com *.hotjar.com *.benu.hu *.arukereso.com gravity-dev-assets.oss-eu-central-1.aliyuncs.com benuhu.engine.yusp.com https://maileon-cdn.s3.eu-central-1.amazonaws.com/met/met.js clarity.ms *.clarity.ms *.bing.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com portal.bulkgate.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.googleapis.com *.prefixbox.com *.benu.hu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com portal.bulkgate.com *.gstatic.com business.facebook.com *.benu.hu *.google-analytics.com *.prefixbox.com *.doubleclick.net *.services.visualstudio.com *.hotjar.com *.hotjar.io benuhu.engine.yusp.com *.maileon.hu 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 base-uri 'self'; default-src 'none'; child-src; connect-src 'self' https://rec.smartlook.com http://rec.smartlook.com rec.smartlook.com https://*.cookiebot.com http://*.cookiebot.com *.cookiebot.com https://*.sharethis.com http://*.sharethis.com *.sharethis.com https://bam.nr-data.net http://bam.nr-data.net bam.nr-data.net https://api.brightfunnel.com http://api.brightfunnel.com api.brightfunnel.com https://*.qualtrics.com http://*.qualtrics.com *.qualtrics.com https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://api.company-target.com http://api.company-target.com api.company-target.com https://ws.zoominfo.com http://ws.zoominfo.com ws.zoominfo.com https://segments.company-target.com http://segments.company-target.com segments.company-target.com; font-src 'self' https://fonts.gstatic.com http://fonts.gstatic.com fonts.gstatic.com https://use.typekit.net http://use.typekit.net use.typekit.net data:; form-action 'self' https://*.twitter.com http://*.twitter.com *.twitter.com; frame-ancestors 'none'; frame-src https://youtube.com http://youtube.com youtube.com https://*.twitter.com http://*.twitter.com *.twitter.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net https://*.cookiebot.com http://*.cookiebot.com *.cookiebot.com https://pixel.sitescout.com http://pixel.sitescout.com pixel.sitescout.com; img-src 'self' https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://www.google.com http://www.google.com www.google.com https://www.google.co.uk http://www.google.co.uk www.google.co.uk https://*.sharethis.com http://*.sharethis.com *.sharethis.com https://*.terminus.services http://*.terminus.services *.terminus.services https://*.linkedin.com http://*.linkedin.com *.linkedin.com https://pixel.sitescout.com http://pixel.sitescout.com pixel.sitescout.com https://*.qualtrics.com http://*.qualtrics.com *.qualtrics.com https://match.prod.bidr.io http://match.prod.bidr.io match.prod.bidr.io https://segments.company-target.com http://segments.company-target.com segments.company-target.com blob: data:; media-src https://youtube.com http://youtube.com youtube.com; object-src 'none'; manifest-src 'self'; script-src 'self' https://www.googletagmanager.com http://www.googletagmanager.com www.googletagmanager.com https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://www.googleadservices.com http://www.googleadservices.com www.googleadservices.com https://*.googleapis.com http://*.googleapis.com *.googleapis.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net https://*.cookiebot.com http://*.cookiebot.com *.cookiebot.com https://*.sharethis.com http://*.sharethis.com *.sharethis.com https://*.brightfunnel.com http://*.brightfunnel.com *.brightfunnel.com https://*.newrelic.com http://*.newrelic.com *.newrelic.com https://*.terminus.com http://*.terminus.com *.terminus.com https://*.terminus.services http://*.terminus.services *.terminus.services https://*.getsmartcontent.com http://*.getsmartcontent.com *.getsmartcontent.com https://img.en25.com http://img.en25.com img.en25.com https://*.qualtrics.com http://*.qualtrics.com *.qualtrics.com https://bam.nr-data.net http://bam.nr-data.net bam.nr-data.net https://snap.licdn.com http://snap.licdn.com snap.licdn.com https://up.pixel.ad http://up.pixel.ad up.pixel.ad https://ws-assets.zoominfo.com http://ws-assets.zoominfo.com ws-assets.zoominfo.com https://tag.demandbase.com http://tag.demandbase.com tag.demandbase.com https://*.convertcalculator.co http://*.convertcalculator.co *.convertcalculator.co 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.typekit.net http://*.typekit.net *.typekit.net https://*.googleapis.com http://*.googleapis.com *.googleapis.com 'unsafe-inline' 2 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.doubleclick.net www.parisaeroport.fr www.google.co.uk region1.analytics.google.com *.facebook.com *.googleusercontent.com *.arcgis.com www.google.be www.google.se *.googleapis.com privacy.trustcommander.net *.gstatic.com tag.yieldoptimizer.com www.google.nl *.commander1.com tag.adaraanalytics.com *.clarity.ms www.google.ch www.google.es www.google.it api.geevisit.com *.facebook.net www.google.de translate.google.com static.geetest.com www.google.ca www.misterfly.com www.google.dk github.com www.google.fr www.addictive-tracker.com www.google.pl analytics.google.com cdn.trustcommander.net ssl.google-analytics.com cms.analytics.yahoo.com www.google.com cdn.tagcommander.com www.google.gr manager.tagcommander.com www.youtube.com static.parisaeroport.fr addictive-tracker.com sync.srv.stackadapt.com search.aeroportsdeparis.fr *.adsrvr.org www.googletagmanager.com services.arcgisonline.com *.demdex.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 2 font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.dotdigital-pages.com *.dotdigital.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co api.comapi.com webchat.dotdigital.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es api.comapi.com webchat.dotdigital.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src * 2 object-src 'none'; connect-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.cpggpc.ca https://www.google-analytics.com https://siteintercept.qualtrics.com https://www.facebook.com https://sslstats.canadapost.ca https://*.wistia.com https://dpm.demdex.net https://csi.gstatic.com https://adservice.google.com https://*.googlesyndication.com https://*.g.doubleclick.net https://maps.googleapis.com https://vmss.boldchat.com https://www.linkedin.com https://canadapost.tt.omtrdc.net https://services.postcodeanywhere.co.uk https://embedwistia-a.akamaihd.net https://cdn.cookielaw.org https://geolocation.onetrust.com; font-src 'self' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://fonts.gstatic.com https://*.arcgis.com; form-action 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca https://*.epost.ca https://www.facebook.com https://google.com; frame-ancestors 'self' https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.canadapost.ca; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.cpggpc.ca https://www.adobetag.com https://assets.adobedtm.com https://siteintercept.qualtrics.com https://zn0xleir6swszany9-canadapostdigital.siteintercept.qualtrics.com https://connect.facebook.net https://snap.licdn.com https://z.moatads.com https://static.ads-twitter.com https://www.googletagmanager.com https://www.google.com https://www.googletagservices.com https://*.google-analytics.com https://*.googleadservices.com https://www.gstatic.com https://*.googlesyndication.com https://adservice.google.com https://adservice.google.ca https://maps.googleapis.com https://cdn.ampproject.org https://*.doubleclick.net https://*.twitter.com https://cdn.syndication.twimg.com https://dpm.demdex.net https://*.wistia.com https://*.frontlinesvc.com https://*.arcgis.com https://www.linkedin.com https://vmss.boldchat.com https://sb.scorecardresearch.com https://www.rnengage.com https://sjs.bizographics.com https://www.instagram.com https://secure.adnxs.com https://app.five9.com https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' https://*.frontlinesvc.com https://fonts.googleapis.com https://translate.googleapis.com https://*.twitter.com https://*.canadapost.ca https://*.canadapost-postescanada.ca https://*.postescanada-canadapost.ca https://*.epost.ca https://*.arcgis.com https://*.arcgisonline.com https://app.five9.com; report-uri https://www.canadapost-postescanada.ca/cwc/components/rs/csp-reports; 2 font-src fonts.gstatic.com use.typekit.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.infonet.com.py *.infonet.com.py:8888/ https://vpos.infonet.com.py:8888/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net integration-5ojmyuq-qoiivjresdo6e.us-5.magentosite.cloud cdn.leadster.com.br www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net * plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com unpkg.com commerce.adobedtm.com assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.infonet.com.py:8888/ *.newrelic.com *.nr-data.net *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.fontawesome.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io p13n.adobe.io p13n-mr.adobe.io * plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com commerce.adobedtm.com commerce.adobedc.net *.snplow.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.infonet.com.py:8888 *.infonet.com.py *.nr-data.net https://viacep.com.br https://www.viacep.com.br https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 frame-ancestors 'self'; block-all-mixed-content; default-src 'self'; script-src 'self' 'report-sample' 'unsafe-inline' https://*qualtrics.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://www.googletagmanager.com https://googletagmanager.com maps.googleapis.com https://flex.cybersource.com https://maps.google.com http://localhost:35729; style-src 'self' 'report-sample' blob: 'unsafe-inline'; object-src 'none'; frame-src 'self' www.googletagmanager.com maps.google.com maps.googleapis.com https://*.cybersource.com; child-src 'self' www.googletagmanager.com; img-src 'self' data: blob: www.google-analytics.com ssl.google-analytics.com www.google.com analytics.google.com www.googletagmanager.com *.googleapis.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com; font-src 'self' data: https://flex.cybersource.com https://testflex.cybersource.com; connect-src 'self' https://*qualtrics.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com about: www.googletagmanager.com maps.googleapis.com maps.google.com ws://localhost:35729/livereload; manifest-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self'; prefetch-src 'self'; worker-src 'self'; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://axaxl.com https://eus-prd-f8372a898644-xp2-cd.azurewebsites.net https://cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://cf-images.us-east-1.prod.boltdns.net https://manifest.prod.boltdns.net https://bcbolt446c5271-a.akamaihd.net https://id.rlcdn.com *.company-target.com https://company-target.com https://api.company-target.com *.demandbase.com https://demandbase.com https://tag.demandbase.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.google.com *.gstatic.com *.googleadservices.com *.doubleclick.net *.fls.doubleclick.net https://www.google-analytics.com https://ajax.googleapis.com https://www.googletagmanager.com https://adservice.google.com https://www.google.com https://www.gstatic.com https://tagmanager.google.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.google.co.uk https://doubleclick.net https://bid.g.doubleclick.net https://match.prod.bidr.io *.linkedin.com https://snap.licdn.com https://px.ads.linkedin.com https://vjs.zencdn.net *.newrelic.com *.nr-data.net https://bam.nr-data.net https://js-agent.newrelic.com *.brightcove.com *.brightcove.net *.media.brightcove.net *.api.brightcove.net https://secure.brightcove.com https://brightcove.com https://players.brightcove.net https://metrics.brightcove.com f1.media.brightcove.com https://edge.api.brightcove.com https://p.adsymptotic.com *.adsymptotic.com *.newscred.com analytics.newscred.com pixel.newscred.com t.newscred.com https://analytics.newscred.com https://pixel.newscred.com https://t.newscred.com https://img04.en25.com *.eloqua.com https://s754241824.t.eloqua.com https://view.ceros.com; report-uri https://axaxl.com/cspviolation; report-to https://axaxl.com/cspviolation 2 script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https:; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' data: blob: https:; font-src 'self' data: https:; connect-src 'self' wss: https:; object-src 'self'; child-src blob:; frame-src 'self' https:; worker-src blob:; frame-ancestors 'none'; base-uri 'none'; report-uri https://47327c6a613c1754bda1362d946d96dd.report-uri.com/r/t/csp/reportOnly; report-to csp-endpoint 2 font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com https://geowidget.easypack24.net *.fontawesome.com fonts.gstatic.com fonts.googleapis.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de sandbox.przelewy24.pl secure.przelewy24.pl *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://geowidget-app.inpost.pl/ https://sandbox-easy-geowidget.easypack24.net/ pay.google.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org static.przelewy24.pl www.gstatic.com gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ tagmanager.google.com https://www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com *.avada.io *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com cdn.dnky.co webchat.dotdigital.com https://geowidget.easypack24.net https://geowidget.inpost.pl *.fontawesome.com fonts.googleapis.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com https://www.google-analytics.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.easypack24.net *.inpost.pl *.openstreetmap.org sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com https://get.geojs.io *.avada.io *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 frame-ancestors 'self'; report-uri https://www.goldcoastbulletin.com.au/csp-reports 2 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.jsdelivr.net bam.nr-data.net *.gstatic.com l.evidon.com *.googleapis.com www.googletagmanager.com www.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 2 default-src *; img-src * 'self' data: https: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://checkoutshopper-test.adyen.com/ https://checkoutshopper-live.adyen.com/checkoutshopper/sdk/4.7.2/adyen.js https://checkoutshopper-test.adyen.com/checkoutshopper/v1/analytics/log https://checkoutshopper-live.adyen.com/ https://www.paypal.com/ https://www.espares.co.uk/ https://www.espares.ie/ https://dev.visualwebsiteoptimizer.com/ https://www.googletagmanager.com/ https://www.googletagmanager.com/gtm.js https://bat.bing.com/ https://ajax.aspnetcdn.com/ https://assets.empathybroker.com/ https://widget.trustpilot.com/bootstrap/ https://www.dwin1.com/ https://script.hotjar.com/ https://static.hotjar.com/ https://www.googlecommerce.com/trustedstores/api/js https://*.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/ouibounce/ https://www.google.com https://apis.google.com/ https://spareparts.whoson.com https://webchat.mitel.io/ https://www.googleadservices.com/pagead/ https://app.yieldify.com/yieldify/ https://td.yieldify.com/yieldify/ https://googleads.g.doubleclick.net https://platform.twitter.com/ https://connect.facebook.net/ https://www.google-analytics.com/ https://connectdistribution.whoson.com/ https://webchat.mitel.io/ https://tag.perfectaudience.com/serve/ https://www.zenaps.com/ https://tracker.marinsm.com/ https://www.awin1.com/ https://tpc.googlesyndication.com/ wss://am.freshrelevance.com/ https://tracker.departapp.com/ https://cdn-ads.google-analytics.com/ https://www.gstatic.com/recaptcha/ https://imasdk.googleapis.com/ https://adservice.google.com/ https://api.microsofttranslator.com/ https://www.microsofttranslator.com/ https://translate.googleapis.com/ https://tagmanager.google.com/ https://tagmanager.google.com/debug https://tagmanager.google.com/debug/api/vtinfo https://tagmanager.google.com/debug/debuguiApp-bundle.js https://orbitvu.co/ https://cdn.orbitvu.co https://ui.powerreviews.com/ https://display.powerreviews.com/ https://static.powerreviews.com/ https://writeservices.powerreviews.com/; style-src 'self' 'unsafe-inline' *; 2 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.forgerock.com *.wistia.com *.wistia.net *.listenloop.com *.company-target.com *.google-analytics.com *.googleoptimize.com *.mktoresp.com *.doubleclick.net *.driftt.com *.techtarget.com *.driftqa.com *.pingdom.net *.swiftypecdn.com *.swiftype.com *.abtasty.com *.cookielaw.org *.hotjar.com *.hotjar.io *.nr-data.net *.marketo.com *.twitter.com *.soundcloud.com *.youtube.com *.akamaihd.net *.bing.com *.clarity.ms app.hushly.com hubfront.hushly.com cdn.bizible.com *.acquia.com *.bugsnag.com *.acquia.io *.demandbase.com *.pingidentity.com; font-src * data:; frame-src 'self' static.addtoany.com *.lift.acquia.com *.acquia.io s.company-target.com go.forgerock.com fast.wistia.net; img-src * data: blob:; media-src * blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.forgerock.com *.google.com *.googletagmanager.com *.google-analytics.com *.googleoptimize.com *.mktoresp.com cdn.bizible.com *.googleadservices.com *.twitter.com *.ads-twitter.com *.licdn.com *.engagio.com *.listenloop.com *.demandbase.com *.driftt.com *.facebook.net *.adroll.com *.adroll.mgr.consensu.org *.newrelic.com *.hotjar.com googleads.g.doubleclick.net https://dn1f1hmdujj40.cloudfront.net *.swiftypecdn.com geoip-js.com *.pingdom.net *.abtasty.com *.techtarget.com *.cookielaw.org *.nr-data.net *.marketo.com *.marketo.net *.twimg.com app.hushly.com hubfront.hushly.com *.jquery.com *.onetrust.com *.maxmind.com s3.amazonaws.com *.bugsnag.com *.wistia.net *.bing.com *.clarity.ms www.forgerock.com *.lift.acquia.com *.acquia.io http://www.forgerock.com blob: *.adoberesources.net *.pingidentity.com cdn.jsdelivr.net https://fast.wistia.com https://fast.wistia.net https://static.addtoany.com https://unpkg.com; style-src 'self' 'unsafe-inline' *.forgerock.com *.googleapis.com *.cloudflare.com *.swiftypecdn.com *.driftt.com *.marketo.com *.wistia.com *.wistia.net *.twitter.com *.twimg.com app.hushly.com hubfront.hushly.com *.typekit.net *.pingidentity.com; report-uri https://forgerock.report-uri.com/r/t/csp/reportOnly 2 default-src https: 'self' data: blob:; script-src https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'self' 'unsafe-inline' blob:; report-uri https://services.fandom.com/csp-logger/csp/f2 2 default-src 'self' 'unsafe-eval' 'unsafe-inline' essentialed.com *.essentialed.com passged.com *.passged.com d2lpurk2qe2oc.cloudfront.net d3ebkza70oew6x.cloudfront.net dpg0n9q1lsnov.cloudfront.net d37nqy2yusfq54.cloudfront.net d2pfk5on3dtp5q.cloudfront.net js-agent.newrelic.com bam.nr-data.net *.typekit.net *.google.com *.google.ca *.google.com.mx *.google.co.uk *.google.de *.googletagmanager.com *.google-analytics.com *.googleapis.com *.doubleclick.net *.googlesyndication.com *.gstatic.com *.wistia.com *.wistia.net *.litix.io *.credly.com *.hubspot.com *.hs-banner.com *.hs-analytics.net *.hs-analytics.com *.hs-scripts.com *.hsforms.com *.hsforms.net *.hscollectedforms.net *.plyr.io *.crazyegg.com *.hotjar.com analytics.tiktok.com *.bing.com hiset.org *.clarity.ms *.jquery.com *.fontawesome.com *.cloudflare.com *.bootstrapcdn.com *.paypal.com *.paypalobjects.com js.stripe.com *.facebook.com *.facebook.net widget.trustpilot.com *.wisernotify.com *.wisermapp.com wnreports.azurewebsites.net data: ws: wss: about: blob:; frame-ancestors 'self' essentialed.com *.essentialed.com passged.com *.passged.com; report-to csp-endpoint 2 report-to default; frame-src 'self' *.recaptcha.net *.olark.com; font-src 'self' data: *.olark.com; script-src 'self' 'unsafe-inline' *.true.nl *.googletagmanager.com *.google-analytics.com *.piwik.pro *.recaptcha.net *.gstatic.com *.bing.com *.olark.com *.youtube.com *.vimeo.com *.hotjar.com *.licdn.com *.clarity.ms *.pardot.com *.reddit.com *.redditstatic.com *.twitter.com *.t.co; img-src 'self' data: *.olark.com; media-src 'self' data: *.olark.com; object-src 'self'; default-src 'self' 'unsafe-inline' *.true.nl *.google-analytics.com *.piwik.pro *.olark.com *.pardot.com *.linkedin.com *.clarity.ms *.hotjar.com *.google.com *.doubleclick.net *.reddit.com *.redditstatic.com *.twitter.com *.t.co 2 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: game.xa2xperia.com *.facebook.net *.gstatic.com api-www.wasptha.com update.waspadfpj.com gameweb.rsgaming888.com www.onlinegames22.com lobby.gold88dragon.com www.dohan88b.net www.dohan88e.net cdn.dcloud.net.cn m.pgf-thek63.com wss://wss.waspzf.com wbgame.bd33fgabh.com *.googleapis.com play.gold88dragon.com translate.google.com www.recaptcha.net www.gwp6868.net m.pgf-thzvvo.com bpweb.wlyss.net 87h0gp2tfu.ipkdwipf.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 2 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: match.sharethrough.com cdn.trustcommander.net *.floabank.fr eu.acsbapp.com *.rubiconproject.com try.abtasty.com core.greenbureau.com cdn-eu.realytics.net *.linkedin.com ariane.abtasty.com *.yahoo.net widgets.greenbureau.com *.casalemedia.com sync-criteo.ads.yieldmo.com *.dynatrace.com api.dtk.abtasty.com www.awin1.com google.com ads.avads.net dcinfos-cache.abtasty.com www.google-analytics.com *.googleapis.com www.dwin1.com gddglis.com www.google.fr statics.pushaddict.com *.adsrvr.org criteo-sync.teads.tv contextual.media.net *.licdn.com criteo-partners.tremorhub.com *.gstatic.com notifpush.com banque.banque-casino.fr secure-api.notifadz.com www.google.com *.bidswitch.net lantern.roeye.com api-v6.realytics.net matomo.floa.com ps.avads.net c.contentsquare.net *.smartadserver.com jadserve.postrelease.com *.criteo.com tag.dtk.abtasty.com *.doubleclick.net lantern.roeyecdn.com ad.360yield.com *.facebook.net github.com *.googlesyndication.com q-aeu1.contentsquare.net livechat.greenbureau.com t.contentsquare.net *.facebook.com csxd.moncoupdepouce.com topics.avads.net eu-cdn.acsbapp.com api.realytics.io eb2.3lift.com banquecasino-prod.prediggo.io *.adform.net secure-apis.notifadz.com srm.ba.contentsquare.net static.avads.net exchange.mediavine.com api-v4.realytics.net *.outbrain.com visitor.omnitagjs.com accesswidget-log-receiver.acsbapp.com ib.adnxs.com e1.emxdgt.com secure-trig.notifadz.com gjigle.com www.googletagmanager.com adservice.google.com *.criteo.net tr.cloud-media.fr agent.greenbureau.com sk.ht events.sk.ht *.taboola.com ad.yieldlab.net k-aeu1.contentsquare.net uploads.greenbureau.com www.youtube.com i.realytics.io m.realytics.io simage2.pubmatic.com img.youtube.com nocookie.avads.net id5-sync.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 2 font-src https://*.gstatic.com *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.narvar.com *.narvar.qa script.hotjar.com fonts.googleapis.com fonts.gstatic.com *.inside-graph.com integration-cdn.toshi.co acsbapp.com shopping.qantas.com appdown.pstatic.net data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.facebook.com *.cardinalcommerce.com www.facebook.com *.kaptcha.com bid.g.doubleclick.net ct.pinterest.com www.rsa3dsauth.co.uk www.securesuite.co.uk *.americanexpress.com 3dsecure-vrp.de 'self' 'unsafe-inline'; frame-ancestors au-tracker.inside-graph.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.google.com *.doubleclick.net *.facebook.com *.pinterest.com *.sharethis.com *.hotjar.co vimeo.com acsbapp.com *.kaptcha.com player.smartzer.com www.google.com www.facebook.com accounts.accessibe.com dashboard.accessibe.com cestream.me 3ds.sia.eu acs2.3dsecure.no www.houzz.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.adyen.com https://*.gstatic.com *.googleapis.com *.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.narvar.com *.narvar.qa adservice.google.com script.hotjar.com www.google.sa www.google.ca *.bing.com *.clarity.ms data:* web1.acsbapp.com integration-sandbox-cdn.toshi.co www.google.bg www.google.be www.google.co.uk www.google.nl www.gstatic.com translate.google.com idsync.rlcdn.com consent.linksynergy.com au-live.inside-graph.com bam-cell.nr-data.net integration-cdn.toshi.co bat.bing.com www.google.com.au google.com.au *.searchspring.io *.media.tumblr.com s.ytimg.com maps.googleapis.com maps.gstatic.com au-cdn.inside-graph.com www.google.co.in d3cgm8py10hi0z.cloudfront.net track.linksynergy.com *.sharethis.com *.micpn.com *.pinterest.com zimmermann.com www.google.tn www.google.com.hk www.google.com.et www.google.com.eg www.google.co.tz www.google.ci www.google.co.ke www.google.cm www.google.lk www.google.com.ng www.google.ne www.google.com.mm www.google.co.mz www.google.co.id www.google.bi www.google.com.kh www.google.co.ve www.google.cd www.google.com.gh www.google.so www.google.com.af www.google.ht www.google.com.ni www.google.la www.google.cg www.google.bf www.google.sn www.google.com.ly www.google.mg www.google.com.sb www.google.com.pg www.google.com.np sync.sharethis.com www.google.com.py www.google.ml www.google.com.sl www.google.co.ls www.google.to www.google.gm www.google.rw www.google.com.vn www.google.com.sv www.google.co.kr www.google.com.bo www.google.com.sg www.google.mw www.google.si www.google.tl www.google.sc www.google.co.zm www.google.tg www.google.com.pk 4mrr1kwk.micpn.com www.google.ge www.google.com.fj www.google.com.na www.google.td www.google.ee www.google.mk www.google.bj www.google.mn www.google.bt www.google.co.bw www.google.fi www.google.com.uy www.google.co.th www.google.com.pe www.google.cv www.google.co.zw www.google.ga www.google.by www.google.iq www.google.com.ec www.google.co.jp www.google.com.pa www.google.dz www.google.ws analytics.tiktok.com www.google.gy data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.googleapis.com *.gstatic.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com https://cdn.searchspring.net/intellisuggest/is.min.js analytics.tiktok.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com *.searchspring.net *.acsbapp.com au-tracker.inside-graph.com cdn.scarabresearch.com intljs.rmtag.com *.inside-graph.co js-agent.newrelic.com *.inside-graph.com acsbapp.com tag.lexer.io *.toshi.co *.bugsnag.com *.sharethis.com script.crazyegg.com *.clarity.ms www.fullstory.com songbirdstag.cardinalcommerce.com www.gstatic.com vimeocdn.com youtube.com googletagmanager.com maps.googleapis.com fullstory.com bat.bing.com 4mrr1kwk.micpn.com s.pinimg.com tag.rmp.rakuten.com *.hotjar.com ut.rd.linksynergy.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com/ fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.inside-graph.com *.searchspring.net webchat.dotdigital.com cdn.honey.io *.aptrinsic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.narvar.com *.narvar.qa au-cdn.inside-graph.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com https://beacon.searchspring.io/beacon analytics.tiktok.com data.stbuttons.click www.google.com.au translate.googleapis.com *.searchspring.io *.acsbapp.co cdn.acsbapp.com au-live.inside-graph.com bam.nr-data.net uat.tryzens-analytics.com:12280 *.scarabresearch.com wss://au-live.inside-graph.com *.bugsnag.com *.postcodeanywhere.co.uk *.sharethis.com script.crazyegg.com stats.g.doubleclick.net *.pinterest.com track.lexer.io www.tryzens-analytics.com:12280 www.google.co.ke www.google.bi pagestates-tracking.crazyegg.com www.google.com.sl www.google.co.ao www.google.cm www.google.com.np www.google.cd www.google.co.ve www.google.lk www.google.co.tz www.google.com.ng www.google.so www.google.ne www.google.co.id www.google.co.ls www.google.tn assets-tracking.crazyegg.com www.google.ht www.google.co.mz acsbapp.com www.google.com.co cp.crwdcntrl.net www.google.ci tracking.crazyegg.com www.google.co.za www.google.tl www.google.com.pk www.google.com.sv www.google.com.ly www.google.mg www.google.tg www.google.gm www.google.com.eg www.google.co.kr www.google.bf www.google.sn www.google.ga www.google.bj ad.doubleclick.net www.google.cg www.google.com.ar www.google.co.ma www.google.com.et www.google.fr www.google.com.na www.google.co.uk www.google.nl www.google.ml www.google.rw www.google.com.uy www.google.com.bo www.google.com.ni www.google.ki www.google.ee www.google.com.gt www.google.com.py www.google.com.gh www.google.com.kh www.google.com.vn www.google.ru www.google.cv www.google.com.mm www.google.co.zm www.google.vu www.google.com.ec www.google.es www.google.at bat.bing.com vc.hotjar.io www.google.de ws.hotjar.com content.hotjar.io metrics.hotjar.io www.google.ca www.tryzens-analytics.com ct.pinterest.com www.google.com.pe www.google.co.in www.google.ge 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://289r1hnfc9.execute-api.eu-west-1.amazonaws.com/prod/zmn-cspdata; report-to report-endpoint; 2 font-src fonts.gstatic.com use.typekit.net *.fontawesome.com data: *.gstatic.com *.googleapis.com *.klarnacdn.net *.worldpay.com *.cnetcontent.com *.1worldsync.com *.designo.software *.cloudflare.com static.criteo.net data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://secure-test.worldpay.com/shopper/3ds/ddc.html *.bazaarvoice.com www.facebook.com api.bazaarvoice.com stg.api.bazaarvoice.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com https://pay.google.com https://secure-test.worldpay.com *.bazaarvoice.com *.worldpay.com *.ometria.com *.sitescout.com *.doubleclick.net *.pixel.ad *.veinteractive.com www.facebook.com *.zenaps.com campaign.odicci.com g3d-app.com services.sdiapi.com *.addthis.com *.addtoany.com *.twitter.com *.ryman.co.uk *.robertdyas.co.uk *.londongraphics.co.uk *.commbox.io *.klarnaservices.com *.klarna.com *.google.com *.hotjar.com *.hotjar.io *.lightwidget.com www.paypalobjects.com ometria.email display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.criteo.com *.criteo.net *.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cloudflare.com *.gstatic.com *.bazaarvoice.com apps.bumpyardpro.com images.unsplash.com source.unsplash.com *.ryman.co.uk *.robertdyas.co.uk *.londongraphics.co.uk *.brsrvr.com cm.everesttech.net *.ometria.com *.googleapis.com *.awin1.com *.zenaps.com *.doubleclick.net *.sitescout.com *.google.com *.pixel.ad assets.robertdyas-static.co.uk www.google.com.ua www.google.com.uk www.facebook.com robertdyasuk.twgdns.com *.klarnacdn.net *.clarity.ms *.bing.com *.assets-servd.host *.contentsquare.net apps.commbox.io *.amazonaws.com *.twimg.com *.twitter.com *.cnetcontent.com *.1worldsync.com g3d-app.com *.cloudfront.net *.ediemidnightzombies.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com www.feedoptimise.com cdn.feedoptimise.com *.designo.software *.google.co.uk *.superpointlesshamsters.com *.criteo.com *.criteo.net *.nr-data.net tprg.cloudflareaccess.com *.google.co.in data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://storage.googleapis.com/prshim/v1/payment-shim.js https://www.google.com/recaptcha/api.js *.gstatic.com *.cloudflare.com https://pay.google.com/gp/p/js/pay.js https://payments.worldpay.com/resources/cse/js/worldpay-cse-1.0.2.min.js *.bazaarvoice.com *.iesnare.com apps.bumpyardpro.com *.brsrvr.com www.google.com *.cnetcontent.com *.worldpay.com *.ometria.com *.googleapis.com *.serving-sys.com *.doubleclick.net *.flx1.com *.veinteractive.com *.dwin1.com *.criteo.com static.cloudflareinsights.com *.criteo.net snap.licdn.com g3d-app.com *.klarnacdn.net *.klarnaservices.com *.facebook.net *.sdiapi.com *.googleoptimize.com *.taggstar.com *.commbox.io *.clarity.ms *.bing.com *.hotjar.com bam-cell.nr-data.net cdn.cookielaw.org *.contentsquare.net *.addthis.com *.addtoany.com *.addthisedge.com *.twitter.com *.twimg.com *.google.com *.1worldsync.com *.lightwidget.com *.ediemidnightzombies.com smct.co s7.addthis.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com www.feedoptimise.com cdn.feedoptimise.com *.designo.software *.moatads.com *.superpointlesshamsters.com *.flockr.co *.webtrends-optimize.com cdn.attn.tv *.webtrends-optimize.workers.dev *.attentivemobile.com ryman-gb.attn.tv robertdyas-gb.attn.tv 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.cloudflare.com *.fontawesome.com *.bazaarvoice.com *.cnetcontent.com apps.bumpyardpro.com *.googleapis.com cdn.taggstar.com cdn.cookielaw.org *.klarnacdn.net *.commbox.io *.worldpay.com *.twitter.com *.google.com *.1worldsync.com display.ugc.bazaarvoice.com *.designo.software *.flockr.co 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com apps.bumpyardpro.com apps.commbox.io *.cnetcontent.com *.1worldsync.com *.designo.software static.criteo.net 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.bazaarvoice.com *.dxpapi.com api.edq.com *.ometria.com *.demdex.net *.serving-sys.com *.veinteractive.com *.sdiapi.com rum-collector-2.pingdom.net bam-cell.nr-data.net api.taggstar.com *.sciencebehindecommerce.com *.klarnaservices.com *.klarnacdn.net *.klarnaevt.com *.googleapis.com *.clarity.ms *.worldpay.com pay.google.com *.google.com *.hotjar.com *.hotjar.io wss://*.hotjar.com wss://*.hotjar.io cdn.cookielaw.org *.contentsquare.net *.onetrust.com *.cloudhub.io *.ryman.co.uk *.robertdyas.co.uk *.londongraphics.co.uk *.1worldsync.com *.cnetcontent.com *.addthis.com *.doubleclick.net *.ediemidnightzombies.com ekr.zdassets.com/ api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.google.com.ua bat.bing.com *.taggstar.com *.google.co.uk *.superpointlesshamsters.com *.criteo.com *.criteo.net 'self' 'unsafe-inline'; child-src *.criteo.com *.criteo.net http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src fonts.googleapis.com fonts.gstatic.com 'self' data: 'unsafe-inline' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.google.com www.googletagmanager.com *.adyen.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.sharethis.com platform.cloud-iq.com.au *.facebook.com *.doubleclick.net *.bedbathntable.com.au *.dotdigital-pages.com *.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.adyen.com https://static.afterpay.com https://site-assets.afterpay.com/ *.sharethis.com maps.googleapis.com maps.gstatic.com dev.visualwebsiteoptimizer.com *.google.com *.facebook.com *.cloud-iq.com.au *.afterpay.com *.gstatic.com *.linksynergy.com *.google.com.au *.bedbathntable.com.au bbnt-m2-image-library.s3-ap-southeast-2.amazonaws.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com t.zip.co static.zipmoney.com.au data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.gstatic.com *.google.com www.googletagmanager.com *.adyen.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com *.sharethis.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com applepay.cdn-apple.com dev.visualwebsiteoptimizer.com *.afterpay.com *.newrelic.com cdnjs.cloudflare.com bam-cell.nr-data.net platform.cloud-iq.com.au *.crazyegg.com *.facebook.net *.facebook.com *.rakuten.com googleads.g.doubleclick.net cdn.lr-ingest.io *.foursixty.com *.bedbathntable.com.au *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com static.zipmoney.com.au zip.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com *.sharethis.com fonts.googleapis.com unpkg.com *.foursixty.com *.bedbathntable.com.au *.cloud-iq.com.au 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.sharethis.com *.crazyegg.com googleads.g.doubleclick.net bam-cell.nr-data.net *.lr-ingest.io *.foursixty.com *.google-analytics.com *.doubleclick.net *.bedbathntable.com.au *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 script-src 'self' *.grabone.co.nz 'unsafe-inline' 'unsafe-eval' data: maps.googleapis.com ajax.googleapis.com www.googletagmanager.com tagmanager.google.com *.google.com cdn.optimizely.com static.chartbeat.com js-agent.newrelic.com *.nr-data.net www.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net tags.crwdcntrl.net static.criteo.net *.criteo.com *.appboycdn.com *.braze.com storage.googleapis.com cdn.polyfill.io browser-update.org www.googletagservices.com adservice.google.co.nz adservice.google.com nzme-ads.co.nz securepubads.g.doubleclick.net cdn.ampproject.org *.imrworldwide.com tpc.googlesyndication.com; style-src 'self' blob: *.grabone.co.nz 'unsafe-inline' tagmanager.google.com fonts.googleapis.com *.fontawesome.com storage.googleapis.com *.fontawesome.com *.google.com; default-src *.googlesyndication.com *.criteo.com static.criteo.net *.appboycdn.com bid.g.doubleclick.net accounts.google.co.nz blob: storage.googleapis.com popup.laybuy.com *.braze.com *.imrworldwide.com *.grabone.co.nz www.googletagservices.com data.apn.co.nz *.creativecdn.com accounts.google.com 'self' data: www.youtube.com bcp.crwdcntrl.net; img-src 'self' data: *.grabone.co.nz *.cdn.grabone.com maps.googleapis.com ping.chartbeat.net www.google-analytics.com www.googletagmanager.com *.gstatic.com *.doubleclick.net www.google.com www.google.co.nz www.google.com.au www.google.co.uk bcp.crwdcntrl.net www.facebook.com static.criteo.net *.criteo.com android-webview-video-poster: android-webview: storage.googleapis.com c.cfjump.com *.imrworldwide.com pagead2.googlesyndication.com *.cloudfunctions.net *.googleusercontent.com; media-src 'self' *.grabone.co.nz data: storage.googleapis.com c.cfjump.com; child-src 'self' *.grabone.co.nz data: data.apn.co.nz www.youtube.com blob: bcp.crwdcntrl.net *.criteo.com static.criteo.net bid.g.doubleclick.net *.creativecdn.com *.appboycdn.com *.braze.com storage.googleapis.com www.googletagservices.com *.googlesyndication.com accounts.google.co.nz accounts.google.com popup.laybuy.com *.imrworldwide.com; connect-src 'self' *.grabone.co.nz 2149140224.log.optimizely.com rum.optimizely.com www.grabonebottle.co.nz *.appboycdn.com *.braze.com *.googleapis.com *.googleadservices.com *.newrelic.com *.google-analytics.com *.chartbeat.com *.googletagmanager.com *.gstatic.com browser-update.org api.commissionfactory.com c.cfjump.com securepubads.g.doubleclick.net cdn.ampproject.org *.doubleclick.net tags.crwdcntrl.net nzme-ads.co.nz *.googletagservices.com *.google.co.nz *.google.com *.fontawesome.com *.imrworldwide.com pagead2.googlesyndication.com *.nr-data.net *.cloudfunctions.net; font-src 'self' *.grabone.co.nz fonts.gstatic.com *.fontawesome.com data: storage.googleapis.com *.fontawesome.com; report-uri https://csp-report.digital.nzme.co.nz/log/new-grabone-co-nz 2 default-src 'self'; connect-src 'self' https://*.intentmedia.net https://*.etraveligroup.net https://*.doubleclick.net https://*.adform.net https://www.google-analytics.com https://widgets.hotels.com https://bat.bing.com https://etgrs2.com https://*.akstat.io https://*.go-mpulse.net https://*.siteblindado.com https://*.qualtrics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.etraveli.com https://*.etraveligroup.com https://*.cdn-net.com https://bat.bing.com https://www.googletagmanager.com https://connect.facebook.net https://pay.google.com https://adtr.io https://*.bidr.io https://tag.yieldoptimizer.com https://*.visualwebsiteoptimizer.com https://*.google-analytics.com https://*.intentmedia.net https://*.adform.net https://*.mouseflow.com https://*.nrich.ai https://*.doubleclick.net https://*.eancdn.com https://*.bidswitch.net https://green.erne.co https://*.rentalcars.com https://widget.trustpilot.com https://www.googleadservices.com https://cdn.klarna.com https://maps.googleapis.com https://widget.getyourguide.com https://widgets.hotels.com https://*.klarnacdn.net https://*.go-mpulse.net https://*.siteblindado.com https://*.qualtrics.com; style-src 'self' 'unsafe-inline' data: blob: https://widgets.hotels.com https://fonts.googleapis.com; img-src 'self' data: https://*.etraveli.com https://*.visualwebsiteoptimizer.com https://*.bidswitch.net https://*.doubleclick.net https://*.nrich.ai https://*.hybrid.ai https://*.w55c.net https://*.adsrvr.org https://*.rlcdn.com https://*.bidr.io https://*.seadform.net https://green.erne.co https://tag.yieldoptimizer.com https://dpm.demdex.net https://*.adform.net https://*.zemanta.com https://beacon.krxd.net https://sd.turn.com https://*.google-analytics.com https://maps.googleapis.com https://tag.adaraanalytics.com https://www.facebook.com https://widgets.hotels.com https://bat.bing.com https://www.google.com https://www.google.se https://maps.gstatic.com https://www.googletagmanager.com https://*.akstat.io https://*.qualtrics.com; font-src 'self' https://fonts.gstatic.com https://widgets.hotels.com; frame-ancestors 'self'; frame-src 'self' https://pay.google.com https://*.cdn-net.com https://*.cdn.intentmedia.net https://www.facebook.com https://widget.getyourguide.com https://system.etrack1.com https://widgets.hotels.com https://secure.rentalcars.com https://widget.trustpilot.com https://*.qualtrics.com; object-src 'self' https://*.cdn-net.com 2 report-uri https://gfcorporate.report-uri.com/r/d/csp/wizard ; default-src 'self' www.gfms.com gfms.com gfcorporate.report-uri.com *.google.at *.google.be *.google.cz *.google.dk *.google.fi *.google.fr *.google.de *.google.it *.google.nl *.google.no *.google.pl *.google.ro *.google.ru *.google.es *.google.se *.google.ch *.google.com.tr *.google.co.uk *.google.com.ar *.google.ca *.google.com *.google.com.br *.google.com.mx *.google.com.au *.google.cn *.google.co.in *.google.co.id *.google.co.jp *.google.com.my *.google.co.nz *.google.com.sg *.google.co.kr *.google.com.tw *.google.com.vn *.google.bg *.google.hr *.google.ee *.google.gr *.google.hu *.google.lv *.google.lu *.google.mk *.google.pt *.google.rs *.google.si *.google.com.ph *.google.co.th *.google.com.eg *.google.co.il *.google.co.za *.google.ae ; connect-src 'self' *.google-analytics.com apikeys.civiccomputing.com *.googleapis.com center.lon5.atomz.com clapi.civiccomputing.com sp1004e61f.guided.lon5.atomz.com sp1004e61a.guided.lon5.atomz.com sp1004e5dd.guided.lon5.atomz.com stats.g.doubleclick.net www.facebook.com uberall.com locator.uberall.com api.moin.ai www.gfpstools.com cdn.linkedin.oribi.io assets.georgfischer.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat cdn.cookielaw.org *.onetrust.com ; font-src 'self' fonts.gstatic.com widget.moin.ai static-prod.uberall.com static.prod.uberall.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com ajax.googleapis.com cc.cdn.civiccomputing.com connect.facebook.net cdnjs.cloudflare.com gstatic.com maps.googleapis.com siteimproveanalytics.com snap.licdn.com static-prod.uberall.com uberall.com locator.uberall.com www.youtube.com www.pagespeed-mod.com www.googleoptimize.com mktdplp102cdn.azureedge.net www.pagespeed-mod.com widget.moin.ai platform.contentfry.com cdn.cookielaw.org cookie-cdn.cookiepro.com privacyportal.onetrust.com geolocation.onetrust.com r1.dotdigital-pages.com r1-t.trackedlink.net r1.ddlnk.net www.googleadservices.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com widget.moin.ai ; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: assets.georgfischer.com www.linkedin.com *.global.siteimproveanalytics.io nswow-imageresizer.azurewebsites.net px.ads.linkedin.com www.facebook.com *.google.com gfms.com www.gfms.com static-prod.uberall.com static.prod.uberall.com www.linkedin.com s7e5a.scene7.com *.g.doubleclick.net *.svc.dynamics.com i.ytimg.com maps.gstatic.com www.gfpstools.com locator.uberall.com *.amazonaws.com *.googletagmanager.com *.googleapis.com *.google-analytics.com *.analytics.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat cdn.cookielaw.org *.onetrust.com ; child-src 'self' analytics-eu.clickdimensions.com live.solique.ch www.youtube.com ; form-action 'self' ; frame-ancestors 'self' ; frame-src 'self' 'unsafe-inline' 'unsafe-eval' data: analytics-eu.clickdimensions.com google.com ir.tools.investis.com irs.tools.investis.com live.solique.ch recruitingapp-5505.de.umantis.com registration.gesevent.com six-swiss-exchange.com tools.google.com uberall.com widget.moin.ai *.svc.dynamics.com www.gfps.com ir2.flife.de www.youtube.com r1.dotdigital-pages.com display.contentfry.com googletagmanager.com youtube.com ; 2 font-src fonts.googleapis.com fonts.gstatic.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com https://*.salesforce.com/ 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com https://fecdn.user1st.info/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.bird.eu www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://fecdn.user1st.info/ https://*.online-metrix.net/ https://*.giuseppezanotti.com/ https://*.web.loc/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com songbirdstag.cardinalcommerce.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://developer.adobe.com https://magento.com https://fecdn.user1st.info/ https://*.online-metrix.net/ https://*.giuseppezanotti.com/ https://*.web.loc/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://*.giuseppezanotti.com/ https://*.web.loc/ https://s3-us-west-2.amazonaws.com/ blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net https://*.googleapis.com thm.visa.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com https://developer.adobe.com https://fecdn.user1st.info/ https://*.online-metrix.net/ https://maps.google.com https://maps.gstatic.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src https: data: wss: blob: 'unsafe-inline' 'unsafe-eval'; report-uri /csp-violation-report.php 2 object-src 'none'; script-src 'self' cdn.jsdelivr.net https://asset.mastercard.com https://assets.adobedtm.com https://cdn.cookielaw.org https://cdn.dynamicyield.com https://play.vidyard.com https://unpkg.com platform.instagram.com platform.twitter.com play.vidyard.com; script-src-attr 'self'; style-src 'self'; frame-ancestors 'self' 2 script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' cdnjs.cloudflare.com kit.fontawesome.com apps.elfsight.com static.elfsight.com cdn.usebootstrap.com *.cloudmaestro.com www.gstatic.com www.google-analytics.com www.google.com googletagmanager.com *.googletagmanager.com *.optimizely.com stockist.co *.stockist.co; report-uri /.webscale/csp-report 2 default-src 'self' *.glginsights.com; script-src 'self' *; style-src 'self' *; img-src 'self' https://*.glginsights.com data: 2 connect-src 'self' consent-pref.trustarc.com consent.trustarc.com consent-reporting.trustarc.com *.g.doubleclick.net *.greatag.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com; font-src 'self' fonts.gstatic.com consent.trustarc.com data:; frame-src 'self' consent-pref.trustarc.com *.greatag.com d14qt9b6zkutf5.cloudfront.net *.greatamericaninsurancegroup.com charts.aghost.net www.youtube.com; img-src 'self' consent-pref.trustarc.com consent.trustarc.com consent.truste.com data: *.g.doubleclick.net *.greatag.com img.youtube.com *.dtn.com https://*.googletagmanager.com; script-src-attr 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' consent.trustarc.com *.g.doubleclick.net https://*.googletagmanager.com; script-src 'unsafe-eval' 'self' 'unsafe-inline' *.g.doubleclick.net https://*.googletagmanager.com; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; report-uri https://greatamericancrop.report-uri.com/r/t/csp/reportOnly https://www.greatag.com/CSPReporting; 2 default-src 'self' cdn.synthetix.com ssc.synthetix.com; img-src 'self' syn-document-manager.s3.amazonaws.com cdn.synthetix.com ssc.synthetix.com data: *.google-analytics.com *.google.co.uk *.google.com *.facebook.com *.googletagmanager.com *.hotjar.com *.hotjar.io; font-src *.gstatic.com *.hotjar.com *.hotjar.io; frame-src *.facebook.com *.twitter.com *.hotjar.com *.hotjar.io *.google.com *.youtube.com https://wjecwebsitelive.blob.core.windows.net https://securelinks1.cmadvantage.co.uk/ https://wjec-cbac.leadfamly.com/ *.issuu.com/; object-src https://wjecwebsitelive.blob.core.windows.net; connect-src 'self' syn-document-manager.s3.amazonaws.com cdn.synthetix.com ssc.synthetix.com *.synthetix.com *.hotjar.io *.google-analytics.com *.hotjar.com *.fullstory.com *.doubleclick.net wss://*.hotjar.com *.getaddress.io *.analytics.google.com; style-src 'self' 'unsafe-inline' cdn.synthetix.com ssc.synthetix.com *.synthetix.com *.googleapis.com *.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com cdn.synthetix.com ssc.synthetix.com *.synthetix.com *.googletagmanager.com googleapis.com *.hotjar.com *.gstatic.com *.fullstory.com *.google-analytics.com *.aspnetcdn.com *.googleadservices.com *.facebook.net *.doubleclick.net 2 default-src 'none'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.fontawesome.com *.jquery.com *.twitter.com cdn.syndication.twimg.com *.google-analytics.com *.google.com *.gstatic.com *.googleapis.com *.jsdelivr.net *.cqg.com *.amazonaws.com *.zdassets.com *.zopim.com *.ckeditor.com *.wistia.com api.smooch.io *.googletagmanager.com; object-src 'self'; style-src 'unsafe-inline' 'self' *.twitter.com *.jsdelivr.net *.mailchimp.com *.twimg.com *.googleapis.com *.ckeditor.com *.gstatic.com; img-src 'unsafe-inline' 'self' *.google.com *.google-analytics.com *.googletagmanager.com *.twitter.com *.twimg.com data: *.zopim.io *.gstatic.com *.googleapis.com *.ckeditor.com *.wistia.com embedwistia-a.akamaihd.net api.smooch.io accounts.zendesk.com; media-src 'self' *.zdassets.com blob:; frame-src 'self' *.twitter.com *.youtube.com *.google.com *.cqg.com; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' embedwistia-a.akamaihd.net *.github.com *.gstatic.com data:; connect-src wss: 'self' www.google.co.in region1.analytics.google.com *.google.com *.google-analytics.com stats.g.doubleclick.net *.cqg.com *.zdassets.com *.zendesk.com widget-mediator.zopim.com *.wistia.com *.litix.io embedwistia-a.akamaihd.net api.smooch.io; report-uri /report-csp-violation; upgrade-insecure-requests 2 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: blob:; font-src https: data:; report-uri /csp-report 2 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: amadeus.com *.doubleclick.net cdn.cookielaw.org *.omtrdc.net *.twitter.com *.facebook.com www.google.com.ly www.google.com.kw www.google.es www.google.com.sv www.google.co.uk www.google.com.bd *.wistia.com cdn.openshareweb.com *.demdex.net www.google.co.uz *.facebook.net www.google.com.qa www.google.com.do *.linkedin.com www.google.com.uy img06.en25.com www.google.co.th www.google.ge www.googletagmanager.com resources.digital-cloud.medallia.eu www.google.az *.everesttech.net www.google.iq *.gstatic.com www.google.rs www.google.com.mx *.googleadservices.com www.google-analytics.com www.google.cm maxcdn.bootstrapcdn.com t.co www.google.com.pe www.google.tn www.google.hn www.google.com.br *.eloqua.com www.google.co.id www.google.de www.google.fr www.google.cl www.google.com.eg www.google.co.ao www.google.fi wss://collection.decibelinsight.net geoip-js.com www.google.hu www.google.lu www.shareaholic.net img.youtube.com www.google.com.pk www.google.com.ng www.youtube.com www.google.pl www.google.co.cr www.google.co.in www.google.co.jp www.google.com www.google.kz apps.shareaholic.com www.google.cz *.onetrust.com www.google.lk www.google.ca www.google.com.lb www.google.com.au www.google.mu www.google.ci www.google.bg www.google.jo www.google.ae www.google.com.bo www.google.no tags.tiqcdn.com www.google.am analytics.shareaholic.com www.google.com.gh www.google.co.ma www.google.co.ke www.google.com.tr www.google.co.ug js.maxmind.com www.google.com.sg www.google.ch collection.decibelinsight.net www.google.co.za *.googleapis.com www.google.it www.google.al www.google.hr www.google.dz cdnjs.cloudflare.com adservice.google.com www.google.com.ec ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 2 font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com 'unsafe-inline' data: *.channelsight.com *.bazaarvoice.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com *.twitter.com *.facebook.com *.snapchat.com *.tiktok.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.twitter.com s.amazon-adsystem.com *.facebook.com *.doubleclick.net insight.adsrvr.org *.filestackapi.com *.addthis.com flexfaceoffsweeps.azurewebsites.net match.adsrvr.org viewinyourspace.com *.viewinyourspace.com *.myepigraph.com playcanv.as *.snapchat.com *.clinch.co *.pinterest.com https://recaptcha.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.bird.eu *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.bazaarvoice.com *.google.com *.taboola.com *.facebook.com *.facebook.net *.hubspot.com *.hsforms.com r.turn.com *.adnxs.com pixel.mediaiqdigital.com *.gravatar.com *.channelsight.com cscoreproweustor.blob.core.windows.net *.skil.com *.gstatic.com *.googleapis.com *.doubleclick.net *.seeitinyourspace.com *.pinterest.com *.nextdoor.com *.reddit.com insight.adsrvr.org *.ispot.tv egopowerplus.com *.egopowerplus.com egopowerplus.com.au *.flexpowertools.com pixel.roymorgan.com *.myepigraph.com *.intentiq.com edge.curalate.com *.linkedin.com *.trackedlink.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.cloudflare.com *.twitter.com *.google-analytics.com *.google.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bazaarvoice.com *.filestackapi.com *.facebook.net *.crazyegg.com js.hs-scripts.com *.taboola.com js.adsrvr.org js.hs-analytics.net js.hs-banner.com js.hscollectedforms.net *.googleapis.com geoip-js.com secure-ds.serving-sys.com *.adnxs.com bs.serving-sys.com *.addthis.com *.addthisedge.com z.moatads.com cscoreproweustor.blob.core.windows.net flexsweepstakes2022.azurewebsites.net js.monitor.azure.com edge.curalate.com ipinfo.io *.tiktok.com sc-static.net *.channelsight.com unpkg.com *.jsdelivr.net viewinyourspace.com *.viewinyourspace.com *.cookielaw.org *.addevent.com *.pinimg.com *.nextdoor.com *.crwdcntrl.com *.crwdcntrl.net mjca-yijws.global.ssl.fastly.net cdn.480app.com cdn.nmgassets.com *.clinch.co *.vimeo.com *.redditstatic.com *.snapchat.com adriano-au.avanser.com *.amazon-adsystem.com *.licdn.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com display.ugc.bazaarvoice.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bazaarvoice.com cscoreproweustor.blob.core.windows.net *.channelsight.com cdn.jsdelivr.net unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com api.bazaarvoice.com *.vimeo.com vod-progressive.akamaized.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.bazaarvoice.com *.crazyegg.com forms.hubspot.com *.channelsight.com *.google-analytics.com *.doubleclick.net *.taboola.com secure-ds.serving-sys.com viewinyourspace.com *.viewinyourspace.com chervon-website-api.herokuapp.com chervon-website-api-dev.herokuapp.com *.jotform.com dc.services.visualstudio.com *.addthis.com edge.curalate.com geoip-js.com *.hsforms.com *.facebook.com *.tiktok.com *.snapchat.com *.cookielaw.org *.rain-staging.com *.seeitinyourspace.com *.gstatic.com blob: *.googleapis.com *.pinterest.com cdn.nmgassets.com jdl.nmgplatform.com colrep.sitelabweb.com *.google.com lm.serving-sys.com us-central1-epigraph-product-configurator.cloudfunctions.net *.intentiq.com *.flexpowertools.com *.skil.com *.egopowerplus.com *.linkedin.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self' *.google.com google.com *.google.de google.de *.google.at google.at *.google.be google.be *.google.fi google.fi *.google.no google.no *.google.ru google.ru *.google.se google.se *.google.co.uk google.co.uk *.google.nl google.nl *.google.fr google.fr *.google.pl google.pl *.google.es google.es *.google.it google.it *.google.ch google.ch *.google.dk google.dk *.google.lt google.it *.google.cz google.cz *.google-analytics.com google-analytics.com *.googletagmanager.com googletagmanager.com *.googleapis.com googleapis.com *.sharp.de sharp.de *.sharp.at sharp.at *.sharp.be sharp.be *.sharp.fi sharp.fi *.sharp.no sharp.no *.sharp.ru sharp.ru *.sharp.se sharp.se *.sharp.co.uk sharp.co.uk *.sharp.nl sharp.nl *.sharp.fr sharp.fr *.sharp.pl sharp.pl *.sharp.es sharp.es *.sharp.it sharp.it *.sharp.ch sharp.ch *.sharp.se sharp.se *.sharp.dk sharp.dk *.sharp.cz sharp.cz *.sharp.eu sharp.eu *.sharpmarketing.eu imgs.aws.sharp.eu *.actonsoftware.com cdn.cookielaw.org stats.g.doubleclick.net bam.nr-data.net; script-src 'self' 'unsafe-inline' *.actonservice.com actonservice.com *.googletagmanager.com googletagmanager.com *.google-analytics.com *.google.com googleapis.com *.googleapis.com *.youtube.com youtube.com bam.nr-data.net js-agent.newrelic.com cdn.cookielaw.org *.sharpmarketing.eu *.gstatic.com *.hotjar.com snap.licdn.com bat.bing.com; style-src 'self' 'unsafe-inline' *.sharpmarketing.eu; img-src 'self' data: *.cookielaw.org cookielaw.org *.google.ca google.ca *.google.co.in google.co.in *.google.ro google.ro *.google.co.jp google.co.jp *.gogle.co.id google.co.id *.google.co.th google.co.th *.google.ae google.ae *.google.co.nz google.co.nz *.google.com google.com *.google.de google.de *.google.at google.at *.google.be google.be *.google.fi google.fi *.google.no google.no *.google.ru google.ru *.google.se google.se *.google.co.uk google.co.uk *.google.nl google.nl *.google.fr google.fr *.google.pl google.pl *.google.es google.es *.google.it google.it *.google.ch google.ch *.google.dk google.dk *.google.lt google.it *.google.cz google.cz imgs.aws.sharp.eu i.ytimg.com d35hoao4dw4qk2.cloudfront.net www.google-analytics.com *.sharpmarketing.eu *.actonsoftware.com px.ads.linkedin.com bat.bing.com px4.ads.linkedin.com www.google.co.za www.google.bg googleads.g.doubleclick.net www.google.gr; frame-src *; frame-ancestors 'self' *.sharp.de sharp.de *.sharp.at sharp.at *.sharp.be sharp.be *.sharp.fi sharp.fi *.sharp.no sharp.no *.sharp.ru sharp.ru *.sharp.sk sharp.sk *.sharp.se sharp.se *.sharp.co.uk sharp.co.uk *.sharp.nl sharp.nl *.sharp.fr sharp.fr *.sharp.pl sharp.pl *.sharp.es sharp.es *.sharp.it sharp.it *.sharp.ch sharp.ch *.sharp.se sharp.se *.sharp.dk sharp.dk *.sharp.hu sharp.hu *.sharp.lt sharp.it *.sharp.co.jp sharp.co.jp *.sharp.cz sharp.cz *.sharp.eu sharp.eu; child-src *; font-src 'self' data:; connect-src 'self' *.google-analytics.com google-analytics.com cdn.linkedin.oribi.io bam.nr-data.net cdn.cookielaw.org stats.g.doubleclick.net privacyportal-eu.onetrust.com *.sharpmarketing.eu *.hotjar.com vc.hotjar.io bat.bing.com; report-uri https://apps.sharp.eu/sharp/apps/eu/csp-violation/report.php; upgrade-insecure-requests 2 script-src 'self' cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com player.vimeo.com www.youtube.com; script-src-attr 'self'; style-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://use.fontawesome.com; style-src-attr 'self'; frame-ancestors 'self' 2 default-src 'self' https://api.certspotter.com https://web.api.sslmate.com data: blob: 'unsafe-inline' 'unsafe-eval'; base-uri 'none'; report-uri https://web.api.sslmate.com/csp-report 2 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.klarnacdn.net *.fontawesome.com *.alothemes.com *.magepow.com 'unsafe-inline' data: *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.nosto.com *.nos.to *.facebook.com *.hsforms.net *.hsforms.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.fetchify.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.doubleclick.net *.facebook.com account.fetchify.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.nosto.com *.nos.to *.kaptcha.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.klarna.com *.klarnaevt.com *.klarnacdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.alothemes.com *.magepow.com *.nosto.com *.nos.to *.google.co.uk *.windows.net *.hsforms.net *.hsforms.com *.googleapis.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.klarna.com *.klarnacdn.net *.klarnaservices.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.alothemes.com *.magepow.com *.nosto.com *.nos.to *.cardinalcommerce.com *.braintreegateway.com *.klevu.com *.ksearchnet.com *.newrelic.com *.nr-data.net *.yotpo.com *.hsforms.net *.hsforms.com *.googleapis.com *.webgains.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com cc-cdn.com *.klarnacdn.net unsafe-inline *.fontawesome.com *.alothemes.com *.magepow.com *.nosto.com *.nos.to *.typekit.net *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.alothemes.com *.magepow.com *.nosto.com *.nos.to *.nr-data.net *.doubleclick.net *.hsforms.net *.hsforms.com *.webgains.io *.hub-box.com *.googleapis.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.googletagmanager.com *.gstatic.com *.googleapis.com www.google.com *.hotjar.com www.google-analytics.com www.youtube.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 2 font-src https://*.gstatic.com fonts.gstatic.com https://cdn.segment.com https://api.segment.io https://*.hokodo.co www.googleservices.com *.google.com *.gstatic.com https://*.klarnacdn.net *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com www.xtento.com https://*.hokodo.co https://photos.pixlee.co https://photos.pixlee.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://*.gstatic.com www.xtento.com cdn.xtento.com https://site-assets.afterpay.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.google.com https://www.google.co.uk https://www.gstatic.com https://d1fd8aj8bhyfe9.cloudfront.net https://cdn-ukwest.onetrust.com *.klevu.com *.ksearchnet.com flagpedia.net https://register.feefo.com https://api.feefo.com https://s3-eu-west-1.amazonaws.com pixlee.com *.pixlee.com *.pixlee.co https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com www.xtento.com cdn.xtento.com https://js.afterpay.com https://cdn.segment.com https://*.hokodo.co https://*.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://party11141.pcapredict.com https://assets.pxlecdn.com https://region1.analytics.google.com https://register.feefo.com https://js-agent.newrelic.com https://bam.nr-data.net https://services.postcodeanywhere.co.uk https://d3dh5c7rwzliwm.cloudfront.net https://d32106rlhdcogo.cloudfront.net https://dgf0rw7orw6vf.cloudfront.net https://cdn-ukwest.onetrust.com *.klevu.com *.ksearchnet.com *.gstatic.com maps.googleapis.com https://*.feefo.com/ https://euwa.puzzel.com pixlee.com *.pixlee.com *.pixlee.co https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com/ fonts.googleapis.com https://*.klarnacdn.net https://static.klaviyo.com https://register.feefo.com https://services.postcodeanywhere.co.uk *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com *.gstatic.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com https://cdn.segment.com https://api.segment.io https://*.hokodo.co https://*.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://party11141.pcapredict.com https://assets.pxlecdn.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://register.feefo.com https://inbound-analytics.pixlee.com https://pce.afd.co.uk https://bam.nr-data.net https://cdn-ukwest.onetrust.com https://geolocation.onetrust.com https://region1.google-analytics.com *.klevu.com *.ksearchnet.com www.gstatic.com maps.googleapis.com https://api.feefo.com https://collect.feefo.com https://api.puzzel.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src https: 'self' data: blob:; script-src https: 'self' blob: 'unsafe-inline' 'unsafe-eval' https://googletagmanager.com/gtm.js https://www.googletagmanager.com/gtm.js https://pagead2.googlesyndication.com https://v.hvl.no; style-src https: 'self' data: 'unsafe-inline' https://v.hvl.no https://app.everviz.com https://fonts.googleapis.com; connect-src https: 'self' wss://ws.hotjar.com/api/v2/client/ws https://stats.g.doubleclick.net/g/collect https://pagead2.googlesyndication.com; frame-ancestors 'self' https://hvl.instructure.com; report-uri https://hogskulenpaavestlandet.report-uri.com/r/d/csp/reportOnly; 2 report-uri https://fathom.report-uri.com/r/t/csp/wizard; default-src 'none'; form-action 'none'; object-src 'none'; frame-ancestors 'none'; block-all-mixed-content; upgrade-insecure-requests 2 default-src https: http: data: wss://*.forter.com 'unsafe-inline' 'unsafe-eval'; connect-src https: http: wss://*.forter.com; frame-ancestors 'self' https: http: *.czs.org 172.21.2.30 www.chasepaymentechhostedpay.com object-src 'self'; img-src 'unsafe-eval' 'unsafe-inline' data: blob: *; font-src 'self' data: https: http: *.typekit.net; script-src 'unsafe-eval' 'unsafe-inline' blob: data: https: http: 'self' emarketing.activenetwork.com d8a4d633e88a.cdn0.forter.com d8a4d633e88a.cdn1.forter.com d8a4d633e88a.cdn2.forter.com d8a4d633e88a.cdn3.forter.com d8a4d633e88a.cdn4.forter.com d8a4d633e88a.cdn5.forter.com d8a4d633e88a.cdn6.forter.com d8a4d633e88a.cdn7.forter.com d8a4d633e88a.cdn8.forter.com d8a4d633e88a.cdn9.forter.com kpstat.forter.com:7043 www.google.com maps.google.com maps.googleapis.com ssl.google-analytics.com www.google-analytics.com www.gstatic.com embed.idonate.com use.typekit.net cdn-js.net cdnjs.cloudflare.com d35u1vg1q28b3w.cloudfront.net partners.cmptch.com static.cmptch.com scriptcdn.net auctioneer.50million.club m.addthis.com s7.addthis.com m.addthisedge.com lkysearchex3688-a.akamaihd.net analyticspage.tools apiurl.org appsource.cool countmake.cool fp166.digitaloptout.com eluxer.net mirextpro.com z.moatads.com secure.myshopcouponmac.com payperclickadz.com cdn.pmqzads.com qdatasales.com widget-prime.rafflecopter.com srvvtrk.com pwm-image.trendmicro.com gateway.zscloud.net; style-src 'unsafe-eval' 'unsafe-inline' 'self' accessibility-bookmarklets.org emarketing.activenetwork.com cdnjs.cloudflare.com use.fontawesome.com fonts.googleapis.com hello.myfonts.net pwm-image.trendmicro.com; report-uri https://bzcsp.report-uri.com/r/d/csp/reportOnly 2 default-src https: data: 'unsafe-inline' 'unsafe-eval' wss://*.hotjar.com blob: wss://*.hotjar.io blob:; report-uri https://fantastic.report-uri.com/r/d/csp/reportOnly 2 font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com *.fontawesome.com connect.facebook.net static-tracking.klaviyo.com www.gravatar.com in.hotjar.com www.facebook.com *.cloudflare.com *.trackedlink.net *.cloudfront.net *.atatus.com imgs.signifyd.com cdn-scripts.signifyd.com s.pinimg.com dmc1acwvwny3.cloud static.hotjar.com cdn1.stamped.io script.hotjar.com bm-rx.atatus.com imgs.cdn-btsg.com js.braintreegateway.com analytics.google.com assets.adobedtm.com dpm.demdex.net fonts.googleapis.com amcglobal.sc.omtrdc.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com googleads.g.doubleclick.net bid.g.doubleclick.net *.ftcdn.net *.behance.net t.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com cloudinary.com *.cloudinary.com blob maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de cloudinary.com *.cloudinary.com *.authorize.net 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com js.stripe.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cloudinary.com *.cloudinary.com cdnjs.cloudflare.com connect.facebook.net static-tracking.klaviyo.com www.gravatar.com in.hotjar.com www.facebook.com *.trackedlink.net *.cloudfront.net *.atatus.com imgs.signifyd.com cdn-scripts.signifyd.com s.pinimg.com dmc1acwvwny3.cloud static.hotjar.com cdn1.stamped.io script.hotjar.com bm-rx.atatus.com imgs.cdn-btsg.com js.braintreegateway.com analytics.google.com assets.adobedtm.com dpm.demdex.net diypestcontrol.ladesk.com 1-vbus-us-tx.ladesk.com ct.pinterest.com amcglobal.sc.omtrdc.net cm.everesttech.net widgets.magentocommerce.com googleads.g.doubleclick.net *.ftcdn.net *.behance.net t.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io b.stats.paypal.com dub.stats.paypal.com *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com blob *.weltpixel.com *.authorize.net https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net data: widgets.automizely.com widgets.automizely.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com cloudinary.com *.cloudinary.com store.paradoxlabs.com connect.facebook.net static-tracking.klaviyo.com www.gravatar.com in.hotjar.com www.facebook.com *.cloudflare.com *.cloudfront.net diypestcontrol.com ct.pinterest.com *.trackedlink.net *.atatus.com imgs.signifyd.com cdn-scripts.signifyd.com s.pinimg.com dmc1acwvwny3.cloud static.hotjar.com cdn1.stamped.io script.hotjar.com bm-rx.atatus.com imgs.cdn-btsg.com js.braintreegateway.com blob https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net ajax.googleapis.com fonts.googleapis.com widgets.automizely.com widgets.automizely.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com apis.google.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.stripe.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cloudinary.com *.cloudinary.com cdnjs.cloudflare.com *.vimeo.com js.hsforms.net bat.bing.com ct.pinterest.com connect.facebook.net static-tracking.klaviyo.com www.gravatar.com in.hotjar.com www.facebook.com *.cloudflare.com *.stamped.io *.googletagmanager.com *.signifyd.com https://imgs.cdn-btsg.com *.trackedlink.net *.cloudfront.net *.atatus.com imgs.signifyd.com s.pinimg.com dmc1acwvwny3.cloud static.hotjar.com script.hotjar.com bm-rx.atatus.com dpm.demdex.net www.dwin1.com diypestcontrol.ladesk.com cm.everesttech.net widgets.magentocommerce.com bid.g.doubleclick.net *.ftcdn.net *.behance.net fpdbs.paypal.com fpdbs.sandbox.paypal.com i.ytimg.com validator.swagger.io b.stats.paypal.com dub.stats.paypal.com checkout.paypal.com *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com cdn1.stamped.io blob 'self' data: https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.authorize.net cdn.ampproject.org www.gstatic.com https://www.googletagmanager.com tagmanager.google.com unpkg.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com widgets.automizely.com widgets.automizely.io unsafe-inline assets.braintreegateway.com cloudinary.com *.cloudinary.com *.fontawesome.com connect.facebook.net static-tracking.klaviyo.com www.gravatar.com in.hotjar.com www.facebook.com *.cloudflare.com *.trackedlink.net *.cloudfront.net *.atatus.com imgs.signifyd.com cdn-scripts.signifyd.com s.pinimg.com dmc1acwvwny3.cloud static.hotjar.com cdn1.stamped.io script.hotjar.com bm-rx.atatus.com imgs.cdn-btsg.com js.braintreegateway.com analytics.google.com dpm.demdex.net assets.adobedtm.com amcglobal.sc.omtrdc.net cm.everesttech.net widgets.magentocommerce.com googleads.g.doubleclick.net bid.g.doubleclick.net *.ftcdn.net *.behance.net t.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io b.stats.paypal.com dub.stats.paypal.com c.paypal.com checkout.paypal.com *.paypal.com *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com blob https://static.klaviyo.com www.gstatic.com maxcdn.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src connect.facebook.net static-tracking.klaviyo.com www.gravatar.com in.hotjar.com www.facebook.com *.trackedlink.net *.cloudfront.net *.atatus.com imgs.signifyd.com cdn-scripts.signifyd.com s.pinimg.com dmc1acwvwny3.cloud static.hotjar.com cdn1.stamped.io script.hotjar.com bm-rx.atatus.com imgs.cdn-btsg.com js.braintreegateway.com analytics.google.com assets.adobedtm.com dpm.demdex.net amcglobal.sc.omtrdc.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com googleads.g.doubleclick.net bid.g.doubleclick.net *.ftcdn.net *.behance.net t.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com cloudinary.com *.cloudinary.com blob 'self' 'unsafe-inline'; media-src *.adobe.com cloudinary.com *.cloudinary.com connect.facebook.net static-tracking.klaviyo.com www.gravatar.com in.hotjar.com www.facebook.com *.trackedlink.net *.cloudfront.net *.atatus.com imgs.signifyd.com cdn-scripts.signifyd.com s.pinimg.com dmc1acwvwny3.cloud static.hotjar.com cdn1.stamped.io script.hotjar.com bm-rx.atatus.com js.braintreegateway.com analytics.google.com assets.adobedtm.com dpm.demdex.net amcglobal.sc.omtrdc.net cm.everesttech.net widgets.magentocommerce.com googleads.g.doubleclick.net bid.g.doubleclick.net *.ftcdn.net *.behance.net t.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com imgs.cdn-btsg.com blob 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.adobe.io performance.typekit.net *.sentry.io api.automizely.com api.automizely.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de cloudinary.com *.cloudinary.com forms.hsforms.com connect.facebook.net static-tracking.klaviyo.com www.gravatar.com in.hotjar.com www.facebook.com *.cloudflare.com assets.adobedtm.com a.klaviyo.com ct.pinterest.com stats.g.doubleclick.net maps.googleapis.com *.trackedlink.net *.cloudfront.net *.atatus.com imgs.signifyd.com cdn-scripts.signifyd.com s.pinimg.com dmc1acwvwny3.cloud static.hotjar.com cdn1.stamped.io script.hotjar.com bm-rx.atatus.com imgs.cdn-btsg.com js.braintreegateway.com cm.everesttech.net *.adobe.com widgets.magentocommerce.com googleads.g.doubleclick.net bid.g.doubleclick.net *.ftcdn.net *.behance.net t.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com blob https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io *.authorize.net cdn.ampproject.org www.googleapis.com *.google-analytics.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com connect.facebook.net static-tracking.klaviyo.com www.gravatar.com in.hotjar.com www.facebook.com *.trackedlink.net *.cloudfront.net *.atatus.com imgs.signifyd.com cdn-scripts.signifyd.com s.pinimg.com dmc1acwvwny3.cloud static.hotjar.com cdn1.stamped.io script.hotjar.com bm-rx.atatus.com js.braintreegateway.com analytics.google.com assets.adobedtm.com dpm.demdex.net amcglobal.sc.omtrdc.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com googleads.g.doubleclick.net bid.g.doubleclick.net *.ftcdn.net *.behance.net t.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io b.stats.paypal.com dub.stats.paypal.com checkout.paypal.com *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com cloudinary.com *.cloudinary.com imgs.cdn-btsg.com blob http: https: blob: 'self' 'unsafe-inline'; default-src assets.adobedtm.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com https://use.typekit.net https://www.gstatic.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com https://*.google.com *.doubleclick.net *.facebook.com *.dotdigital-pages.com *.dotdigital.com https://www.facebook.com https://tpc.googlesyndication.com https://consentcdn.cookiebot.com https://assets.braintreegateway.com https://*.paypal.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: https://*.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.trackedlink.net https://www.google.fi https://maps.gstatic.com https://maps.googleapis.com https://log.pinterest.com https://eckerolinechatbottest.blob.core.windows.net https://fonts.gstatic.com https://assets.braintreegateway.com https://*.paypal.com https://imgsct.cookiebot.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal https://ajax.cloudflare.com https://js-agent.newrelic.com https://bam-cell.nr-data.net https://bam.eu01.nr-data.net https://bam.nr-data.net https://assets.pinterest.com https://maps.googleapis.com https://eckerolinechatbottest.blob.core.windows.net https://api.videoly.co https://www.google.fi https://www.googleadservices.com https://tpc.googlesyndication.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://js.braintreegateway.com https://assets.braintreegateway.com https://www.paypalobjects.com https://*.paypal.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://fast.fonts.net https://eckerolinechatbottest.blob.core.windows.net https://use.typekit.net https://p.typekit.net https://assets.braintreegateway.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.google-analytics.com *.facebook.com *.facebook.net https://*.google.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://bam-cell.nr-data.net https://bam.eu01.nr-data.net https://bam.nr-data.net https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://maps.googleapis.com https://fonts.gstatic.com https://vimeo.com https://consentcdn.cookiebot.com https://api.sandbox.braintreegateway.com https://client-analytics.sandbox.braintreegateway.com https://*.braintree-api.com https://api.braintreegateway.com https://client-analytics.braintreegateway.com https://*.paypal.com https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com 'self' 'unsafe-inline'; child-src https://assets.braintreegateway.com https://*.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.doubleclick.net analytics.google.com www.google.ca www.google.co.in *.clarity.ms c9rr8q7a5h.kameleoon.eu discoverflow.co www.google.com.vc static.scarabresearch.com www.google.nl na-data.kameleoon.io *.twitter.com www.googletagmanager.com recommender.scarabresearch.com *.gstatic.com *.facebook.com *.hotjar.com analytics.discoverflow.co static.katalon.com cdn.scarabresearch.com www.google.dm storerocket.io bat.bing.com www.google.com pvev5nmsdp.kameleoon.eu api.mapbox.com udc-neb.kampyle.com cdn.storerocket.io embed.binkies3d.com *.quantummetric.com statin.lat store-stats.cwpweb.cc www.google.tt ogudghp8be.kameleoon.eu adservice.google.com *.googleapis.com nebula-cdn.kampyle.com t.co vc.hotjar.io www.google.com.br 9jo4x7j80d.kameleoon.eu www2.discoverflow.co www.google-analytics.com m06p2cs2rp.kameleoon.eu www.google.com.pa lla-cms-prod.directus.app cro.movil.pa *.ads-twitter.com data.kameleoon.io www.google.co.uk kip.katalon.com ssl.google-analytics.com static.kameleoon.com www.google.gy www.google.com.co webchannel-content.eservice.emarsys.net *.facebook.net cdnjs.cloudflare.com www.google.com.jm metrics.hotjar.io www.googleoptimize.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 2 font-src *.typekit.net fonts.gstatic.com use.typekit.net *.klarnacdn.net *.klevu.com *.ksearchnet.com *.stripe.com klarna.com *.klarna.com *.klarnaevt.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.instagram.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.klarna.com *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.cdninstagram.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.klevu.com *.ksearchnet.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com beacon-qa.magento-datasolutions.com beacon-stage.magento-ds.com beacon.magento-ds.com beacon-audiences.magento-ds.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.instagram.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.klarna.com *.klarnacdn.net *.klarnaservices.com js.klevu.com *.ksearchnet.com *.stripe.com klarna.com *.klarnaevt.com *.trustpilot.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com beacon-audiences.magento-ds.com fonts.googleapis.com *.klarnacdn.net *.klevu.com *.ksearchnet.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net p13n-mr.adobe.io *.adobedc.net *.demdex.net beacon-audiences.magento-ds.com www.google-analytics.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.sentry.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com *.klevu.com *.ksearchnet.com *.stripe.com klarna.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 child-src 'self' tickets.papaki.com help.papaki.com support.papaki.gr accounts.google.com cdn.papaki.com payform.everypay.gr esecure.sia.eu payform-api.everypay.gr tpc.googlesyndication.com vpos.eurocommerce.gr; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: wss:; form-action 'self' vpos.eurocommerce.gr www.facebook.com eu.gateway.mastercard.com; frame-ancestors 'self'; frame-src 'self' https:; img-src 'self' data: https:; font-src 'self' https:; media-src assets-eu1-cloud.deskpro.com cdn.papaki.com; object-src 'self'; style-src 'self' 'unsafe-inline' assets-eu1-cloud.deskpro.com cdn.papaki.com cdnjs.cloudflare.com code.jquery.com fonts.googleapis.com maxcdn.bootstrapcdn.com; report-uri https://53af897d0dcebe7788bb17e0b500e3ef.report-uri.com/r/d/csp/wizard 2 default-src https: data: 'unsafe-eval' 'unsafe-inline'; script-src-elem 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.abstractscorecard.com www.googletagmanager.com www.mycadmium.com abstract.cadmiumcd.com abs.gocadmium.com; style-src-elem 'unsafe-eval' 'unsafe-inline' www.abstractscorecard.com www.mycadmium.com abstract.cadmiumcd.com abs.gocadmium.com; report-uri /csp-violation-report-endpoint/ 2 upgrade-insecure-requests 2 img-src https://higherlogicdownload.s3.amazonaws.com/CSIRESOURCES/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/CSIRESOURCES/ https://img.youtube.com/vi/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/CSIRESOURCES/ https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ fonts.googleapis.com https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/CSIRESOURCES/ https://higherlogicdownload.s3.amazonaws.com/CSIRESOURCES/ https://higherlogiclongterm.s3.amazonaws.com/CSIRESOURCES/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ higherlogiccloudfront.s3.amazonaws.com fonts.googleapis.com https://higherlogicdownload.s3.amazonaws.com/CSIRESOURCES/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/CSIRESOURCES/ 'self' https://higherlogiclongterm.s3.amazonaws.com/CSIRESOURCES/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; media-src https://higherlogiclongterm.s3.amazonaws.com/CSIRESOURCES/ https://higherlogicdownload.s3.amazonaws.com/CSIRESOURCES/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/CSIRESOURCES/ https://higherlogicstream.s3.amazonaws.com/CSIRESOURCES/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/CSIRESOURCES/ https://higherlogicdownload.s3.amazonaws.com/CSIRESOURCES/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d132x6oi8ychic.cloudfront.net cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/CSIRESOURCES/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; script-src-elem https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d3uf7shreuzboy.cloudfront.net/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; worker-src 'self'; frame-src https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; default-src 'self'; base-uri 'self'; connect-src 'self' hl-managedservices.informz.net; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 2 default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; report-uri content.php?action=150&module=core&handler=ContentSecurityPolicyHandler&mode=reportCspViolation; 2 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' pt www.googletagmanager.com *.dynatrace.com *.googleapis.com *.assurantsolutions.com *.optimizely.com www.google.com www.enterice.com www.google-analytics.com www.gstatic.com az416426.vo.msecnd.net ajax.aspnetcdn.com glassboxdigital.com cdn.gbqofs.com www.googleoptimize.com *.inmoment.com *.asapp.com *.trustarc.com stats.g.doubleclick.net cdn.quantummetric.com cdn.userway.org; connect-src 'self' *.dynatrace.com *.optimizely.com www.enterice.com www.google-analytics.com dc.services.visualstudio.com report.assurant.gbqofs.io *.googleapis.com *.inmoment.com *.asapp.com *.trustarc.com stats.g.doubleclick.net api.userway.org; img-src 'self' data: maps.gstatic.com *.googleapis.com *.ggpht.com www.trustlogo.com www.enterice.com www.google-analytics.com mywirelessclaim.com *.assurantsolutions.com www.google.com www.googletagmanager.com ajax.aspnetcdn.com mobileclaimstest.azureedge.net *.trustarc.com consent.truste.com stats.g.doubleclick.net dashboard.umbraco.org fonts.gstatic.com cdn.userway.org; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.enterice.com maxcdn.bootstrapcdn.com ajax.aspnetcdn.com *.asapp.com www.googletagmanager.com cdn.userway.org; font-src 'self' fonts.gstatic.com *.trustarc.com cdn.userway.org; frame-src 'self' *.optimizely.com www.google.com www.surveymonkey.com *.asapp.com *.trustarc.com *.inmoment.com cdn.userway.org; worker-src blob:; report-uri /umbraco/Surface/CSPReport/SaveCSPReport; 2 font-src *.gstatic.com data: *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.zopim.com *.zopim.io *.klevu.com *.ksearchnet.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.facebook.com 'self' data: *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com https://www.youtube.com http://www.sandbox.paypal.com *.twitter.com *.facebook.com 'self' data: c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.bing.com *.zopim.com *.zopim.io *.doubleclick.net *.google.com *.google.co.in *.mastercard.com https://www.facebook.com/ *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bing.com *.zopim.com *.zdassets.com *.google.com *.dwin1.com *.getsitecontrol.com/ https://js-agent.newrelic.com/ https://connect.facebook.net/ https://cdn.cookielaw.org/ https://cdn.equalweb.com js.klevu.com *.ksearchnet.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.fontawesome.com *.bing.com *.klevu.com *.ksearchnet.com unsafe-inline tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com *.zopim.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.zdassets.com *.zopim.com *.zopim.io wss://widget-mediator.zopim.com *.google-analytics.com https://stats.g.doubleclick.net/ *.getsitecontrol.com/ https://bam.nr-data.net/ https://cdn.equalweb.com/ https://events.getsitectrl.com/ https://www.facebook.com/ https://cdn.cookielaw.org/ *.klevu.com *.ksearchnet.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src https://cdn.checkout.com *.fontawesome.com https://instantcredit.net/ *.klarnacdn.net *.googleapis.com *.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors https://instantcredit.net/ 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.awin1.com *.zenaps.com *.fls.doubleclick.net https://js.checkout.com *.klarna.com https://instantcredit.net/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.awin1.com *.zenaps.com cdn.doofinder.com *.klarna.com *.klarnaevt.com *.klarnacdn.net * www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com https://cdn.checkout.com *.klarnacdn.net cdn.doofinder.com *.plugins.emarsys.net *.scarabresearch.com https://instantcredit.net/ https://code.jquery.com/ *.klarna.com *.klarnaservices.com * *.fontawesome.com *.googleapis.com *.gstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://cdn.checkout.com *.fontawesome.com *.doofinder.com https://instantcredit.net/ *.klarnacdn.net unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://the.sciencebehindecommerce.com https://js.checkout.com *.klarnaevt.com *.doofinder.com wss://*.doofinder.com *.scarabresearch.com *.eservice.emarsys.net https://instantcredit.net/ https://test.instantcredit.net/ *.klarnacdn.net *.klarna.com *.klarnaservices.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.yotpo.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://api.itau.com.br/ https://api.itau.com.br:443/ https://sts.itau.com.br/ https://sts.itau.com.br:443/ https://secure.api.itau/ https://secure.api.itau:443/ https://apisandbox.redeecommerce.rede.com.br/ https://apiquerysandbox.redeecommerce.rede.com.br/ https://api.redeecommerce.rede.com.br/ https://apiquery.redeecommerce.rede.com.br/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 frame-src 'self' www.youtube.com www.google.com js.playground.klarna.com js.klarna.com https://checkoutshopper-test.adyen.com https://pay.google.com https://wchat.freshchat.com https://connect.getflowbox.com return.4sellers.de *.webpush.freshchat.com ct.pinterest.com vercel.live *.sovendus.com *.adyen.com *.dotdigital-pages.com dotdigital-pages.com gum.criteo.com fledge.eu.criteo.com 2 font-src *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com *.googleapis.com *.livechatinc.com *.acsbap.com *.acsbapp.com https://acsbapp.com/apps/app/dist/fonts/ *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com www.googletagmanager.com www.google-analytics.com *.icims.eu www.youtube.com cookiepedia.co.uk www.linkedin.com www.google.co.uk www.instagram.com onlinelibrary.wiley.com www.alzheimer-europe.org *.livechatinc.com *.trustpilot.com *.trustpilot.net *.apetito.integration-5ojmyuq-lhjhdamkykkd6.eu-3.magentosite.cloud *.wiltshirefarmfoods.com https://seo.mageplaza.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com player.vimeo.com *.youtube.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com vars.hotjar.com www.facebook.com www.linkedin.com www.google.co.uk www.instagram.com onlinelibrary.wiley.com www.alzheimer-europe.org *.livechatinc.com *.trustpilot.com *.trustpilot.net *.apetito.integration-5ojmyuq-lhjhdamkykkd6.eu-3.magentosite.cloud *.wiltshirefarmfoods.com td.doubleclick.net pagead2.googlesyndication.com analytics.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com www.youtube.com validator.swagger.io *.trackedlink.net *.amplience.net fpdbs.paypal.com fpdbs.sandbox.paypal.com *.yotpo.com p.adsymptotic.com bat.bing.com www.facebook.com cdn-ukwest.onetrust.com *.livechatinc.com cookiesuksouth.blob.core.windows.net www.google.co.in px.ads.linkedin.com cookiepedia.co.uk www.linkedin.com www.google.co.uk www.instagram.com onlinelibrary.wiley.com www.alzheimer-europe.org *.wiltshirefarmfoods.com *.trustpilot.com *.trustpilot.net *.apetito.integration-5ojmyuq-lhjhdamkykkd6.eu-3.magentosite.cloud *.postcodeanywhere.co.uk acsbap.com acsbapp.com *.acsbap.com *.acsbapp.com https://cdn.acsbapp.com/apps/app/dist/media/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com *.cardinalcommerce.com geo.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.onetrust.com *.livechatinc.com static.hotjar.com www.gstatic.com *.stripe.com *.trustpilot.com maps.googleapis.com *.pcapredict.com snap.licdn.com connect.facebook.net bat.bing.com secure.leadforensics.com js-agent.newrelic.com script.hotjar.com ict.infinity-tracking.net cookiepedia.co.uk www.linkedin.com www.google.co.uk www.instagram.com onlinelibrary.wiley.com www.alzheimer-europe.org *.trustpilot.net *.bam.nr-data.net *.apetito.integration-5ojmyuq-lhjhdamkykkd6.eu-3.magentosite.cloud *.wiltshirefarmfoods.com *.dwin1.com acsbap.com acsbapp.com *.acsbap.com *.acsbapp.com https://acsbapp.com/apps/app/dist/ https://acsbapp.com/apps/app/assets/js/ td.doubleclick.net pagead2.googlesyndication.com *.conoret.com https://services.postcodeanywhere.co.uk klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.postcodeanywhere.co.uk *.fontawesome.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.bolt.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.ideal-postcodes.co.uk *.stripe.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com maps.googleapis.com *.onetrust.com *.livechatinc.com bam.nr-data.net in.hotjar.com ict.infinity-tracking.net stats.g.doubleclick.net bat.bing.com www.youtube.com cookiepedia.co.uk www.linkedin.com www.google.co.uk www.instagram.com onlinelibrary.wiley.com www.alzheimer-europe.org *.trustpilot.com *.trustpilot.net *.apetito.integration-5ojmyuq-lhjhdamkykkd6.eu-3.magentosite.cloud *.wiltshirefarmfoods.com acsbap.com acsbapp.com *.acsbap.com *.acsbapp.com *.wikipedia.org/w/api.php https://process.acsbapp.com/apps/app/ https://cdn.acsbapp.com/resources/ https://cdn.acsbapp.com/cache/app/ https://cdn.acsbapp.com/config/ https://acsbapp.com/apps/app/assets/js/ td.doubleclick.net pagead2.googlesyndication.com https://services.postcodeanywhere.co.uk klarna.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: dc.services.visualstudio.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 2 default-src 'self'; img-src 'self' https://images.ctfassets.net; connect-src 'self' https://api.bredband2.com static.cloudflare.com https://www.bredband2.com; media-src 'self' https://images.ctfassets.net https://www.bredband2.com; prefetch-src 'self' https://www.bredband2.com/ https://api.bredband2.com; worker-src 'self' https://workers.cloudflare.com https://static.cloudflare.com; frame-ancestors 'self' https://www.bredband2.com; form-action 'self' https://api.bredband2.com https://forms.hsforms.com/; report-uri https://webhook.site/bb-csp-report-only; report-to https://webhook.site/bb-csp-report-only; 2 font-src https://cdn.checkout.com *.useinsider.com *.klarnacdn.net www.searchanise.com *.searchserverapi.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.searchanise.com *.searchserverapi.com *.twitter.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://js.checkout.com *.klarna.com *.dotdigital-pages.com *.dotdigital.com *.useinsider.com www.searchanise.com *.searchserverapi.com *.twitter.com *.mention-me.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.trackedlink.net *.useinsider.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.twitter.com *.twimg.com www.google.ru www.searchanise.com *.searchserverapi.com s3.amazonaws.com *.facebook.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://redchamps.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.attn.tv events.attentivemobile.com https://cdn.checkout.com *.klarnacdn.net *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal widget.freshworks.com m2epro.freshdesk.com *.useinsider.com *.klarna.com *.klarnaservices.com searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com *.searchserverapi.com *.searchanise.com api.amplitude.com *.twitter.com *.twimg.com *.googletagmanager.com *.facebook.net *.mention-me.com *.gstatic.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://cdn.checkout.com widget.freshworks.com m2epro.freshdesk.com *.useinsider.com *.klarnacdn.net www.searchanise.com *.searchserverapi.com searchanise-ef84.kxcdn.com s3.amazonaws.com *.twitter.com ton.twimg.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com unsafe-inline assets.braintreegateway.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src *.useinsider.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.attn.tv events.attentivemobile.com https://js.checkout.com *.klarnaevt.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com widget.freshworks.com m2epro.freshdesk.com *.useinsider.com *.klarnacdn.net *.klarna.com *.klarnaservices.com api.amplitude.com stats.g.doubleclick.net *.google-analytics.com *.mention-me.com www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 frame-src 'self'; base-uri 'self'; report-uri https://csp.microsoft.com/report/ESTS-UX-All 2 default-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.shopmetrics.com *.gigspot.com *.research-cloud.com https://*.jsdelivr.net https://unpkg.com https://*.unpkg.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://*.search.windows.net https://cdnjs.cloudflare.com https://code.jquery.com *.facebook.net *.facebook.com *.doubleclick.net *.googletagmanager.com *.bootstrapcdn.com *.typekit.net https://rmvelocityfrontend.blob.core.windows.net https://rec.i-say.com; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.shopmetrics.com *.gigspot.com *.research-cloud.com https://*.jsdelivr.net https://unpkg.com https://*.unpkg.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://*.search.windows.net https://cdnjs.cloudflare.com https://code.jquery.com *.facebook.net *.facebook.com *.doubleclick.net *.googletagmanager.com *.bootstrapcdn.com *.typekit.net https://rmvelocityfrontend.blob.core.windows.net; frame-src 'self' blob: *.shopmetrics.com *.gigspot.com *.research-cloud.com *.velocity.online *.youtube.com *.youtu.be; base-uri 'self'; form-action 'self' *.shopmetrics.com *.gigspot.com *.velocity.online; img-src * data: about: blob: filesystem: ma-file:; object-src 'none'; font-src 'self' data: *.shopmetrics.com *.bootstrapcdn.com *.typekit.net *.gstatic.com *.jsdelivr.net *.pstatic.net *.github.com; report-uri https://training89.shopmetrics.com/CSPEndpoint.aspx; Report-To default; 2 font-src fonts.gstatic.com use.typekit.net https://*.gstatic.com data: *.sodatech.com *.sodatech.net *.gstatic.com *.typekit.net 'self' data: https://fonts.yieldify-production.com/fonts/100822/e6e8821f-e1ad-4601-aaed-5b3386a4580b.otf https://*.hotjar.io https://*.yieldify-production.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com api.bazaarvoice.com stg.api.bazaarvoice.com pal-test.adyen.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * http://www.facebook.com/tr 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.adyen.com *.sharethis.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com www.xtento.com *.vimeo.com *.jsctool.com *.pinterest.com *.mmcagentur.at *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.demdex.net *.authorize.net *.paypal.com *.googletagmanager.com *.xtento.com *.app-wallee.com *.waltpixel.com *.equitystory.com app-wallee.com www.jsctool.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.weltpixel.com https://odr.promo.dev/ https://*.yieldify.com https://ohws.prospective.ch/ https://tpc.googlesyndication.com/ https://*.hotjar.io https://www.mainadv.com https://ad.ad-srv.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://*.gstatic.com *.sharethis.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com www.xtento.com cdn.xtento.com blob: lindt.test *.lindt.test maps.googleapis.com *.pinterest.com *.postcodeanywhere.co.uk *.klarna.com *.invibes.com *.b26net.com https://www.google-analytics.com *.googletagmanager.com *.cloudfront.net *.teads.tv *.videostep.com *.facebook.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.taboola.com *.doubleclick.net *.outbrain.com *.adobedtm.com *.omtrdc.net *.demdex.net *.everesttech.net *.magentocommerce.com *.sodatech.com *.sodatech.net app-wallee.com d.ratepay.com maps.gstatic.com maps.google.com *.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: *.gstatic.com http://lindt-hg65tr.your-printq.com https://*.cookiepro.com https://assets-v2.yieldify.com/images/189494/2022/4/8/55c67825-1f9d-438d-815a-43a437f03af2.png https://assets-v2.yieldify.com/images/189494/2022/4/21/54125dc1-8b51-4175-bd53-7d33e427cc41.gif https://www.lindt-spruengli.com/ https://px.ads.linkedin.com/ https://*.seznam.cz https://*.hotjar.io https://*.yieldify.com https://i.cdn.nrholding.net https://*.sendtric.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.adyen.com *.sharethis.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com www.xtento.com cdn.xtento.com *.pcapredict.com lindt.slgnt.eu maps.googleapis.com *.pinterest.com *.postcodeanywhere.co.uk *.ratepay.com *.cloudflare.com *.teads.tv *.r66net.com *.facebook.net *.googleadservices.com *.doubleclick.net *.cookiepro.com *.cloudfront.net *.videostep.com *.mfgroup.ch *.taboola.com *.outbrain.com *.adobedtm.com *.authorize.net *.unpkg.com *.fontawesome.com *.sodatech.net *.sodatech.com app-wallee.com d.ratepay.com www.jsctool.com *.googleapis.com maps.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.google.com *.gstatic.com https://www.googletagmanager.com tagmanager.google.com https://static-eu.payments-amazon.com/checkout.js https://*.yieldify.com https://www.googleoptimize.com/optimize.js https://custom.yieldify.com/v1/100510/100822/3d9a49d0c2/bundle.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://tpc.googlesyndication.com/sodar/1s9mPOHO.js https://*.adform.net https://*.seznam.cz https://analytics.tiktok.com/ https://*.hotjar.io https://*.pinimg.com https://*.daktela.com https://www.dwin1.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com/ *.sharethis.com display.ugc.bazaarvoice.com *.fonts.net *.postcodeanywhere.co.uk *.cloudfront.net *.cloudflare.com *.sodatech.com *.sodatech.net *.googleapis.com *.getfirebug.com d.ratepay.com unsafe-inline assets.braintreegateway.com *.gstatic.com tagmanager.google.com https://*.hotjar.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io *.adyen.com *.sharethis.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.paypal.com *.postcodeanywhere.co.uk *.ratepay.com *.luckyorange.net *.cookiepro.com *.mfgroup.ch *.doubleclick.net *.visitors.live wss://in.visitors.live wss://visitors.live wss://in.visitors.live/ wss://visitors.live/ visitors.live *.taboola.com *.demdex.net *.omtrdc.net *.magento.com *.adobe.net *.adobedtm.com *.adobedc.net *.typekit.net *.magedevteam.com *.sodatech.com *.sodatech.net *.teads.tv d.ratepay.com www.jsctool.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.google-analytics.com https://www.google-analytics.com https://*.criteo.com https://*.hotjar.io https://cdn.stickyadstv.com https://*.ads.linkedin.com https://snap.licdn.com *.analytics.google.com https://*.r66net.com https://*.yieldify.com wss://*.hotjar.io https://geolocation.onetrust.com https://*.googleapis.com https://*.daktela.com https://cdn.tailwindcss.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com https://cdn.tailwindcss.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self' https://litium.revolutionrace.se *.tycka.io *.cdn-sitegainer.com *.google.com *.gstatic.com *.googletagmanager.com *.youtube.com *.google-analytics.com s.pinimg.com bat.bing.com *.facebook.net *.tiktok.com *.revolutionrace.se *.googleadservices.com sc-static.net cdn.jsdelivr.net *.cloudflare.com *.criteo.net *.criteo.com *.snapchat.com *.distancify.workers.dev ct.pinterest.com *.doubleclick.net fbcdn.revolutionrace.se wss://fbcdn.revolutionrace.se *.bambuser.com *.facebook.com *.apptus.cloud recommender.scarabresearch.com *.klarnaservices.com *.klarnauserservices.com *.klarnacdn.net *.klarna.com *.sitegainer.com *.scarabresearch.com *.emarsys.net *.symplify.com pro.ip-api.com *.pinterest.com cdn-sitegainer.com sitegainer.com wss://recording.sitegainer.com *.imedia.cz www.seznam.cz fonts.googleapis.com www.pinterest.se maxcdn.bootstrapcdn.com ajax.googleapis.com *.spinnaker-js.com *.kindlycdn.com player.vimeo.com vimeo.com *.kindly.ai ws-eu.pusher.com wss://sage.kindly.ai wss://ws-eu.pusher.com *.klarnaevt.com js.klarna.com *.adyen.com *.storyblok.com js.stripe.com fonts.gstatic.com *.revolutionrace.com *.digitaloceanspaces.com presumably-romantic-eel.edgecompute.app cust-revolutionrace.web.app www.paypal.com 'unsafe-inline' 'unsafe-eval'; img-src data: https://* 'self'; media-src https://*; connect-src *; 2 default-src * data: 'unsafe-inline'; 2 font-src maxcdn.bootstrapcdn.com *.heidelpay.com data: https://cdnjs.cloudflare.com *.gstatic.com 'self' data: https://widgets.trustedshops.com *.zopim.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors unsafe-inline 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.viacash.com *.sharethis.com *.sharethis.mgr.consensu.org http://getresponse-enterprise.com *.botmind.ai *.amazon-adsystem.com payment.preprod.direct.worldline-solutions.com *.modyf.fr *.usercentrics.eu *.actito.com *.fitle.com *.doubleclick.net *.criteo.com *.criteo.net *.modyf.de *.facebook.com *.googlesyndication.com *.voila.events 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com media.wuerth.com cl.avis-verifies.com *.sharethis.com https://www.google.fr https://api.mapbox.com *.tile.openstreetmap.org https://maps.googleapis.com https://maps.gstatic.com 'self' data: https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.prodm2.modyf.com prodm2.modyf.com *.modyf.fr *.modyf.com *.placeholder.com *.getresponse.com *.usercentrics.eu *.bat.bing.com *.zopim.com *.zopim.io *.doubleclick.net *.googleadservices.com *.google.com *.facebook.com *.criteo.com *.outbrain.com *.teads.tv *.sharethrough.com *.stickyadstv.com *.advertising.com *.smaato.net *.omnitagjs.com *.yieldmo.com *.tremorhub.com *.adform.net *.twiago.com *.ivitrack.com *.adnxs.com *.casalemedia.com *.taboola.com *.yahoo.com *.googletagmanager.com *.googleapis.com *.tryggehandel.no *.clarity.ms *.bing.com *.voila.events www.google.com.ua data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.target2sell.com *.barzahlen.de cl.avis-verifies.com *.heidelpay.com *.sharethis.com http://getresponse-enterprise.com *.axept.io *.botmind.io *.botmind.ai *.affilae.com *.gr-cdn.com https://cdnjs.cloudflare.com https://maps.googleapis.com https://cdn.scalapay.com *.google.com *.gstatic.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com payment.preprod.direct.worldline-solutions.com *.modyf.fr *.jquery.com *.getresponse.com *.getresponse360.pl *.fitle.com *.usercentrics.eu *.matomo.cloud *.bat.bing.com *.zopim.com *.zdassets.com *.modyf.com *.facebook.net *.criteo.com *.webleads-tracker.com *.smart-data-systems.com *.kk-resources.com *.realytics.io *.realytics.net *.cnnx.link *.doubleclick.net eqy.link *.criteo.net *.gsitrix.com *.trk42.net *.googleapis.com *.tryggehandel.no s2.adform.net *.clarity.ms *.googlesyndication.com *.voila.events live-video.net *.gr-cdn-e.eu 'self' 'unsafe-inline' 'unsafe-eval'; style-src maxcdn.bootstrapcdn.com http://getresponse-enterprise.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.googleapis.com *.gstatic.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.modyf.fr 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zopim.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.target2sell.com *.heidelpay.com *.sharethis.com *.youtube.com *.axept.io *.botmind.io https://nominatim.openstreetmap.org t.elasticsuite.io *.google-analytics.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site payment.preprod.direct.worldline-solutions.com *.usercentrics.eu *.getresponse.com *.fitle.com *.googlesyndication.com *.zdassets.com *.zopim.com *.google.com *.doubleclick.net *.matomo.cloud *.realytics.io *.webleads-tracker.com *.criteo.com wss://widget-mediator.zopim.com *.avis-verifies.com *.gsitrix.com *.googleapis.com *.clarity.ms maxcdn.bootstrapcdn.com *.voila.events *.gr-cdn.com *.zendesk.com *.modyf.fr 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src *.klevu.com *.ksearchnet.com *.gstatic.com *.fontawesome.com *.googleapis.com maxcdn.bootstrapcdn.com fonts.gstatic.com tvape.com torontovaporizer.ca stonersguardian.com api.payengine.de payengine.de *.olark.com cdn.tvape.fr *.cloudflare.com cdnjs.cloudflare.com cloudflare.com js.klevu.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.google.com accounts.google.com *.canadapost.ca https://sso.epost.ca *.purolator.com hubspot.com forms.hubspot.com hsforms.net forms.hsforms.com hsforms.com js.hsforms.net stonersguardian.com api.payengine.de payengine.de signin.ebay.com auth.ebay.com ebay.com www.ebay.com *.cardinalcommerce.com tvape.de *.rfihub.com *.wibmo.com *.hsforms.com *.epost.ca *.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de consentcdn.cookiebot.com consentcdn.cookiebot.eu www.google.com accounts.google.com *.google.com *.google.com.ua *.google.co.uk *.meetanshi.com *.purolator.com www.facebook.com platform.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com https://hosted.paysafe.com *.sendcloud.sc checkout.sezzle.com sandbox.checkout.sezzle.com tracking.sezzle.com customer-upskkbfxkf3xe5cz.cloudflarestream.com iframe.videodelivery.net static.olark.com online.fliphtml5.com r1.dotmailer-surveys.com pp.payengine.de hsforms.net forms.hsforms.com js.hsforms.net dpm.demdex.net demdex.net youtu.be youtube.com stonersguardian.com api.payengine.de payengine.de vimeo.com 20813811p.rfihub.com *.rfihub.com *.wibmo.com *.hsforms.com *.epost.ca *.paypal.com *.klarna.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com www.google.com accounts.google.com *.google.com *.google.com.ua *.google.co.uk *.gstatic.com *.doubleclick.net mageside.com *.canadapost.ca *.googleapis.com *.meetanshi.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://redchamps.com media.sezzle.com videodelivery.net customer-upskkbfxkf3xe5cz.cloudflarestream.com tvape.co.uk verify.bluecheck.me torontovaporizer.ca cdn.torontovaporizer.ca tvape.com stats.g.doubleclick.net maps.gstatic.com d3svog4tlx445w.cloudfront.net static.olark.com log.olark.com www.googletagmanager.com maps.googleapis.com js.hsforms.net hsforms.net forms.hsforms.com perf.hsforms.com forms.hubspot.com *.tvape.com demdex.net chart.googleapis.com stonersguardian.com api.payengine.de payengine.de r1-t.trackedlink.net img.onesignal.com *.cardinalcommerce.com js.klevu.com x.klarnacdn.net *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de consent.cookiebot.com consent.cookiebot.eu widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com www.google.com accounts.google.com *.google.com *.google.com.ua *.google.co.uk *.gstatic.com *.googletagmanager.com *.doubleclick.net *.googleapis.com *.meetanshi.com *.purolator.com connect.facebook.net twitter.com platform.twitter.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://hosted.paysafe.com https://api.test.paysafe.com https://api.paysafe.com https://songbirdstag.cardinalcommerce.com embed.sendcloud.sc checkout-sdk.sezzle.com sandbox.checkout-sdk.sezzle.com widget.sezzle.com www.youtube.com cdn.jsdelivr.net embed.cloudflarestream.com embed.videodelivery.net knrpc.olark.com static.cloudflareinsights.com maps.googleapis.com www.googletagmanager.com stats.g.doubleclick.net googleads.g.doubleclick.net www.gstatic.com r1-t.trackedlink.net c1.rfihub.net a.rfihub.net pp.payengine.de static.olark.com assets.olark.com api.olark.com a.optnmstr.com r1.dotmailer-surveys.com g1782759016.co js.hsforms.net hsforms.net forms.hsforms.com dpm.demdex.net demdex.net stonersguardian.com ajax.cloudflare.com api.payengine.de payengine.de g594253005.co verify.bluecheck.me g1782759015.co.de g1782759015.co cdn.onesignal.com onesignal.com bam.nr-data.net *.cardinalcommerce.com script.crazyegg.com cdn.noibu.com cdn4.mxpnl.com *.mxpnl.com *.mantisadnetwork.com g594253006.co *.crazyegg.com *.newrelic.com *.klarnacdn.net *.clarity.ms *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.googleapis.com *.googletagmanager.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline static.olark.com media.sezzle.com fonts.googleapis.com hsforms.net forms.hsforms.com dpm.demdex.net demdex.net stonersguardian.com api.payengine.de payengine.de accounts.google.com onesignal.com cdn.tvape.fr verify.bluecheck.me *.cloudflare.com cdnjs.cloudflare.com cloudflare.com js.klevu.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com tvape.co.uk torontovaporizer.ca static.olark.com cdn.torontovaporizer.ca stonersguardian.com api.payengine.de payengine.de cdn.tvape.fr *.cardinalcommerce.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de consentcdn.cookiebot.com consentcdn.cookiebot.eu widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com www.google.com accounts.google.com *.google-analytics.com *.google.com *.meetanshi.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com https://api.test.paysafe.com https://api.paysafe.com gateway.sezzle.com sandbox.gateway.sezzle.com region1.google-analytics.com *.crazyegg.com knrpc.olark.com api.omappapi.com geoip.sezzle.com media.sezzle.com *.googleapis.com stats.g.doubleclick.net developer.google.com hsforms.net forms.hsforms.com demdex.net stonersguardian.com api.payengine.de payengine.de bam.nr-data.net onesignal.com *.cardinalcommerce.com cdn.noibu.com script.crazyegg.com input.noibu.com *.noibu.com wss://input.noibu.com/pv_part verify.bluecheck.me *.bluecheck.me cdn4.mxpnl.com *.mxpnl.com api-js.mixpanel.com *.mixpanel.com *.paypal.com *.amazonaws.com *.klarnaevt.com *.clarity.ms https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://torontovaporizer.ca/; report-to report-endpoint; 2 default-src 'self' 'unsafe-inline' https:; report-uri https://reporturi.savagescape.com/report.php; report-to default 2 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.gstatic.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 2 font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com *.twitter.com *.zopim.com fonts.gstatic.com *.ubteam.com *.ubteam.co.uk *.ubteam.ca *.ubteam.com.au *.ubteam.co.nz *.ubteam.eu *.ubteam.fr *.intercomcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.ubteam.com *.ubteam.co.uk *.twitter.com *.ubteam.ca *.ubteam.com.au *.ubteam.co.nz *.ubteam.eu *.ubteam.fr *.b2clogin.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.wistia.com *.wistia.net *.mercadolibre.com *.google.com *.google.mu *.twitter.com *.vimeo.com *.ubteam.com *.ubteam.co.uk *.ubteam.ca *.ubteam.com.au *.ubteam.co.nz *.ubteam.eu *.ubteam.fr *.brightcove.net *.authorize.net *.braintreegateway.com *.kaptcha.com *.flipsnack.com *.networkmerchants.com *.ceros.com www.xtento.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.googleapis.com *.trackedlink.net 'self' data: *.wistia.com *.wistia.net *.mercadopago.com *.mercadolibre.com *.sagepay.co.uk *.opayo.co.uk *.magentocommerce.com *.paypalobjects.com *.ytimg.com www.xtento.com *.authorize.net *.cardinalcommerce.com *.googleadservices.com *.google-analytics.com *.twitter.com *.newrelic.com *.nr-data.net *.googletagmanager.com *.doubleclick.net *.zopim.com https://ryanscomputers.com https://www.ryanscomputers.com *.lenovo.com *.asus.com *.samsung.com *.raxcdn.com *.wikichip.org *.scan.co.uk *.broadcastbruce.com *.akamaihd.net *.ubteam.com *.ubteam.co.uk *.ubteam.ca *.ubteam.com.au *.ubteam.co.nz *.ubteam.eu *.ubteam.fr 'self' blob: *.news18.com *.google.mu *.google.co.nz *.google.co.uk *.google.com.ua *.google.com.ph *.google.com *.klarna.com *.amazonaws.com *.rackcdn.com/ *.google.com.vn/ *.intercomcdn.com *.mcusercontent.com *.intercomassets.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io *.wistia.com *.wistia.net *.networkmerchants.com *.google.com *.google.mu *.mlstatic.com *.sagepay.co.uk *.sagepay.com www.google.com/recaptcha/api.js js-agent.newrelic.com https://bam.nr-data.net fonts.gstatic.com *.authorize.net *.cardinalcommerce.com *.ccdc02.com *.paypalobjects.com *.ytimg.com *.signifyd.com *.xtento.com *.getfirebug.com *.google-analytics.com *.braintreegateway.com *.zdassets.com *.zopim.com *.akamaihd.net *.googleadservices.com 'unsafe-inline' wss: 'self' data: *.ubteam.com *.ubteam.co.uk *.ubteam.ca *.ubteam.com.au *.ubteam.co.nz *.ubteam.eu *.ubteam.fr *.cloudflareinsights.com *.googletagmanager.com *.embed.typeform.com *.intercom.io *.intercomcdn.com *.ceros.com *.cdnjs.cloudflare.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.googleapis.com *.twitter.com *.gstatic.com *.typekit.net *.getfirebug.com *.google.com *.google.mu *.networkmerchants.com *.mercadopago.com *.zdassets.com *.omtrdc.net *.zopim.com 'unsafe-inline' wss: 'self' data: *.ubteam.com *.ubteam.co.uk *.ubteam.ca *.ubteam.com.au *.ubteam.co.nz *.ubteam.eu *.ubteam.fr *.wistia.com *.wistia.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: * 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com https://get.geojs.io *.avada.io *.networkmerchants.com *.mercadopago.com *.twitter.com *.doubleclick.net *.zdassets.com 'unsafe-inline' wss: *.google-analytics.com *.akamaihd.net *.wistia.com *.wistia.net *.litix.io *.ubteam.com *.ubteam.co.uk *.ubteam.ca *.ubteam.com.au *.ubteam.co.nz *.ubteam.eu *.ubteam.fr *.zendesk.com *.intercom.io *.cdnjs.cloudflare.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com blob: * http: https: blob: 'self' 'unsafe-inline'; default-src blob: * 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src *.gstatic.com data: 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com *.klarnacdn.net *.kalogirou.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.facebook.com www.facebook.com www.youtube.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com www.google.com *.google.com *.doubleclick.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cookiebot.com www.youtube.com *.klarna.com *.contactpigeon.com *.googlesyndication.com *.skroutz.gr *.twitter.com www.xtento.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'self' data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.googleapis.com *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com connect.facebook.net graph.facebook.com business.facebook.com www.google.gr *.cookiebot.com *.google-analytics.com maps.gstatic.com *.kalogirou.com *.contactpigeon.com www.youtube.com *.sharethis.com *.klarnacdn.net *.googlesyndication.com *.cloudflare.com *.klarna.com *.googleadservices.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.skroutz.gr www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com connect.facebook.net graph.facebook.com business.facebook.com *.avada.io 'self' data: *.cookiebot.com *.googleadservices.com stats.g.doubleclick.net googleads.g.doubleclick.net *.contactpigeon.com *.kalogirou.com www.youtube.com *.go-mpulse.net *.sharethis.com *.klarnacdn.net *.klarnaservices.com *.google.gr *.taboola.com *.skroutz.gr *.googlesyndication.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com *.contactpigeon.com *.kalogirou.com www.youtube.com *.klarnacdn.net *.googlesyndication.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.google-analytics.com www.facebook.com *.facebook.net *.google.com connect.facebook.net graph.facebook.com business.facebook.com https://get.geojs.io *.avada.io maps.googleapis.com stats.g.doubleclick.net googleads.g.doubleclick.net *.cookiebot.com *.contactpigeon.com *.kalogirou.com www.youtube.com *.go-mpulse.net *.sharethis.com eu.klarnaevt.com *.klarnacdn.net *.klarnaservices.com *.taboola.com *.akstat.io *.googlesyndication.com *.skroutz.gr *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.contactpigeon.com *.googlesyndication.com 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 2 worker-src 'none'; 2 default-src 'none'; frame-ancestors 'none'; connect-src 'self' www.ntppool.org st.ntppool.org 8ll7xvh0qt1p.statuspage.io; font-src fonts.gstatic.com; form-action 'self' mailform.ntppool.org checkout.stripe.com; img-src 'self' st.ntppool.org st.pimg.net news.ntppool.org *.mapper.ntppool.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.statuspage.io st.ntppool.org st.pimg.net news.ntppool.org www.mapper.ntppool.org js.stripe.com; style-src 'self' fonts.googleapis.com st.ntppool.org st.pimg.net news.ntppool.org; report-uri https://ntppool.report-uri.com/r/t/csp/wizard 2 default-src 'self' ; style-src 'unsafe-inline' 'self'; script-src 'self' 'unsafe-eval' http://mc.yandex.ru/ https://mc.yandex.ru/ http://pagead2.googlesyndication.me/ https://pagead2.googlesyndication.me/ http://c.hit.ua http://counter.yadro.ru/ https://googleads.g.doubleclick.net/ http://vk.me https://apis.google.me https://accounts.google.me; img-src 'self' data: http://counter.yadro.ru/ http://c.hit.ua/ http://mc.yandex.ru http://vk.me/ ; connect-src https://mc.yandex.ru/ ; frame-src https://googleads.g.doubleclick.net https://apis.google.me http://vk.me https://accounts.google.me/ 2 default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: blob: 'unsafe-inline' 2 default-src blob: https:; img-src data: https:; script-src 'unsafe-inline' 'unsafe-eval' blob: https:; style-src 'unsafe-inline' https:; font-src data: https:; frame-src https:; media-src data: https:; object-src 'none'; connect-src https:; frame-ancestors 'self'; 2 font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.addtoany.com/ *.doubleclick.net/ *.addthis.com *.doubleclick.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io camo.githubusercontent.com *.gstatic.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.kosiuko.com/ https://kosiuko.com/ *.afip.gob.ar *.cloudfront.net *.facebook.com *.metricool.com *.google.com.ar *.google.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.addtoany.com *.cloudfront.net *.doubleclick.net *.vimeo.com https://f.vimeocdn.com *.aptrinsic.com *.facebook.net *.facebook.com *.googletagmanager.com track-icommkt.com *.icommarketing.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.doubleclick.net *.vimeo.com https://vimeo.com *.vimeocdn.com https://f.vimeocdn.com *.facebook.net *.facebook.com *.googletagmanager.com track-icommkt.com *.notifications-icommkt.com https://notifications-icommkt.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.aptrinsic.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://biggreensmile.report-uri.io/r/default/csp/reportOnly 2 connect-src 'self' *.google.com *.googleapis.com *.google-analytics.com api.leadinfo.com collector.leadinfo.net consentcdn.cookiebot.com ct.pinterest.com api.expertise.ai metrics.hotjar.io content.hotjar.io vc.hotjar.io wss://ws.hotjar.com www.rensonevents.com; font-src 'self' fonts.gstatic.com cdnjs.cloudflare.com stackpath.bootstrapcdn.com; frame-src 'self' ct.pinterest.com e.issuu.com consentcdn.cookiebot.com www.youtube.com youtube.com www.facebook.com www.google.com; img-src 'self' data: renson-co-renson-kentico-dev-cdn-wa-ep.azureedge.net renson-co-stg-kentico-website-live-cdnep.azureedge.net renson-co-prd-kentico-website-live-cdnep.azureedge.net *.renson.eu *.bynder.com imgsct.cookiebot.com *.googleapis.com *.google-analytics.com *.google.com www.googletagmanager.com *.gstatic.com img.youtube.com i.ytimg.com cdnjs.cloudflare.com chatsimple-widget.s3.us-east-2.amazonaws.com connect.facebook.net www.facebook.com ct.pinterest.com; manifest-src 'self'; script-src-attr 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' www.gstatic.com www.google.com *.googleapis.com *.googlesyndication.com *.google-analytics.com *.googleadservices.com www.googletagmanager.com *.youtube.com cdn.chatsimple.ai https://cdnjs.cloudflare.com/ajax/libs/jquery/ https://cdnjs.cloudflare.com/ajax/libs/tooltipster/ chatsimple-widget.s3.us-east-2.amazonaws.com code.jquery.com constentcdn.cookiebot.com consent.cookiebot.com cdn.leadinfo.net script.hotjar.com static.hotjar.com connect.facebook.net; script-src cdn.leadinfo.net connect.facebook.net *.cookiebot.com *.googlesyndication.com www.google-analytics.com www.googleadservices.com; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' cdn.chatsimple.ai cdnjs.cloudflare.com fonts.googleapis.com stackpath.bootstrapcdn.com; report-uri https://440648cc39180e293ac22cb81bfa4281.report-uri.com/r/d/csp/wizard 2 frame-ancestors 'self';default-src 'self';script-src 'self' 'report-sample' 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google.com;style-src 'self' 'report-sample' 'unsafe-inline' tagmanager.google.com www.googletagmanager.com;object-src 'none';frame-src 'self' www.google.com www.googletagmanager.com;img-src 'self' data: www.googletagmanager.com;font-src 'self' data:;connect-src 'self' region1.google-analytics.com www.googletagmanager.com;manifest-src 'self';base-uri 'self';form-action 'self';media-src 'self';worker-src 'self';report-uri https://eee1b62173267e184943aa9a8123112f.report-uri.com/r/d/csp/wizard; 2 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report/ 2 font-src *.googleapis.com *.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://www.googletagmanager.com/ *.multisafepay.com https://pay.google.com https://plumrocket.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.sooqr.com *.multisafepay.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.sooqr.com *.multisafepay.com https://pay.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://static.klaviyo.com *.fontawesome.com *.sooqr.com *.multisafepay.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io *.multisafepay.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src ctiapi.com s3.amazonaws.com *.fontawesome.com fonts.gstatic.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com ctiapi.com *.hestage.com *.ecklers.com *.ecklerscorvette.com *.macsautoparts.com *.rickscamaros.com *.classicchevy.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.sharethis.com *.doubleclick.net *.clarity.ms *.vantivprelive.com *.google.com *.listrak.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.sharethis.com ctiapi.com s3.amazonaws.com youtube.com *.ecklers.com *.gfycat.com *.imgeng.in *.cloudfront.net *.userid.io *.bing.com *.google.com *.clarity.ms *.listrakbi.com *.riskified.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com us-autocomplete-pro.api.smartystreets.com ctiapi.com *.cloudfront.net *.cloudflare.com *.bc0a.com *.online-metrix.net *.vantivprelive.com *.listrak.com *.listrakbi.com *.listrakbi.net *.userid.io *.bing.com *.datasteam.io *.doubleclick.net *.upsellit.com *.clarity.ms *.murdoog.com *.dwin1.com *.needle.com *.cardinalcommerce.com *.ccdc02.com *.braintreegateway.com *.ytimg.com *.gstatic.com *.ctiapi.com *.riskified.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com ctiapi.com *.fontawesome.com *.cloudfront.net *.listrakbi.net *.listrakbi.com *.googleapis.com unsafe-inline *.gstatic.com 'self' 'unsafe-inline'; object-src ctiapi.com s3.amazonaws.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com us-autocomplete-pro.api.smartystreets.com ctiapi.com *.bc0a.com *.brontops.com *.ecklers.com *.doubleclick.net *.cloudfront.net *.listrak.com *.clarity.ms *.ecklerscorvette.com *.macsautoparts.com *.rickscamaros.com *.classicchevy.com *.demdex.net *.cardinalcommerce.com *.google.com *.google-analytics.com *.paypalobjects.com *.ctiapi.com *.riskified.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com t.elasticsuite.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://humanelement.report-uri.com/r/d/csp/enforce; report-to report-endpoint; 2 report-uri https://cspapi.dev.torrentflood.com/api/csp; default-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' blob: data: *.vimeo.com *.amazonaws.com *.fema.gov *.googleapis.com *.gstatic.com *.kaspersky-labs.com consent.api.osano.com tattle.api.osano.com cmp.osano.com disclosure.api.osano.com *.torrentflood.com *.trustarc.com accessdenied.pnc.com agents.floodsmart.gov analytics.google.com az416426.vo.msecnd.net cdn-forpci33.actonsoftware.com cdn.jsdelivr.net cdnjs.cloudflare.com ggpht.com google-analytics.com hartfordfloodonline.com home-c8.incontact.com marketing.torrentcorp.com maxcdn.bootstrapcdn.com mozbar.moz.com nfipdirect.com nfipdirect.fema.com nfipservices.floodsmart.gov player.vimeo.com pwm-image.trendmicro.com rum-collector-2.pingdom.net rum-static.pingdom.net selectiveflood.com ssl.google-analytics.com static3.avast.com stats.g.doubleclick.net tagmanager.google.com torrentcorp.com torrentflood.com use.fontawesome.com vortex.data.microsoft.com www.google-analytics.com www.google.com www.googletagmanager.com www.youtube.com; frame-ancestors 'self' *.torrentflood.com https://vmp.boldchat.com https://vms.boldchat.com https://*.boldchat.com https://*.torrentflood.com https://thehartford.getflood.com https://torrentflood.com https://www.hartfordfloodonline.com; 2 default-src 'self' https: mcdn.pybydl.com; font-src 'self' https: data:; img-src 'self' https: data: mcdn.pybydl.com; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' mcdn.pybydl.com; style-src 'self' https: 'unsafe-inline' mcdn.pybydl.com; frame-src 'self' https: http: data:; connect-src 'self' https: wss: www.luck-nine.com; report-uri /csp_reports 2 font-src *.typekit.net data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com www.novaturas.lt dev-lt-novaturas.readymage.com * 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com www.novaturas.lt https://track.adform.net https://master.d28zlv4dg2b2g7.amplifyapp.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://img.youtube.com 'self' https://localhost https://novaturas-gwe-1661146907.readymage.com https://novaturas-gwe-1661146907.readymage-media.com https://prod-lt-novaturas.readymage.com https://www.google.com https://hatscripts.github.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ s7.addthis.com 'unsafe-inline' 'unsafe-eval' https://static.hotjar.com https://googleads.g.doubleclick.net https://connect.facebook.net https://www.google.com https://s2.adform.net https://track.adform.net https://cdn.mxapis.com/service-worker.js https://svht.tradedoubler.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com 'unsafe-inline' 'unsafe-eval' *.typekit.net unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ekr.zdassets.com/ 'self' https://bam.eu01.nr-data.net https://staging.nov.indvp.com https://pim.novatours.eu https://development.nov.indvp.com https://analytics.google.com https://stats.g.doubleclick.net ws: api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' https://dev-lt-novaturas.readymage.com https://stage-lt-novaturas.readymage.com https://staging.nov.indvp.com https://pim.novatours.eu https://development.nov.indvp.com https://novaturas-gwe-1661146907.readymage-media.com https://use.typekit.net https://www.googletagmanager.com https://localhost 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com maxcdn.bootstrapcdn.com www.piercingmania.test piercingmania.test piercingmania.co.uk www.piercingmania.co.uk piercingmania.com www.piercingmania.com piercingmania.nl www.piercingmania.nl fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.google.com/ *.doubleclick.net *.facebook.com *.multisafepay.com https://pay.google.com www.googletagmanager.com www.piercingmania.test piercingmania.test piercingmania.co.uk www.piercingmania.co.uk piercingmania.com www.piercingmania.com piercingmania.nl www.piercingmania.nl *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com https://www.magezon.com *.multisafepay.com www.piercingmania.test piercingmania.test piercingmania.co.uk www.piercingmania.co.uk piercingmania.com www.piercingmania.com piercingmania.nl www.piercingmania.nl www.google.nl google.nl google.com bat.bing.com c.bing.com maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.multisafepay.com https://pay.google.com bat.bing.com www.piercingmania.test piercingmania.test piercingmania.co.uk www.piercingmania.co.uk piercingmania.com www.piercingmania.com piercingmania.nl www.piercingmania.nl ajax.googleapis.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com maxcdn.bootstrapcdn.com *.multisafepay.com www.piercingmania.test piercingmania.test piercingmania.co.uk www.piercingmania.co.uk piercingmania.com www.piercingmania.com piercingmania.nl www.piercingmania.nl 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.multisafepay.com googleads.g.doubleclick.net stats.g.doubleclick.net pagead2.googlesyndication.com www.piercingmania.test piercingmania.test piercingmania.co.uk www.piercingmania.co.uk piercingmania.com www.piercingmania.com piercingmania.nl www.piercingmania.nl 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src fonts.gstatic.com use.typekit.net *.fontawesome.com *.googleapis.com *.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://seo.mageplaza.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.addthis.com *.doubleclick.com *.doubleclick.net *.weltpixel.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com api.mercadopago.com events.mercadopago.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net camo.githubusercontent.com *.trackedlink.net *.facebook.com *.metricool.com *.google.com.ar *.google.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com api.mercadopago.com events.mercadopago.com *.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.aptrinsic.com *.facebook.net *.facebook.com *.googleapis.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com api.mercadopago.com events.mercadopago.com https://www.googletagmanager.com tagmanager.google.com unpkg.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.magento-datasolutions.com *.magento-ds.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.googleapis.com *.mailchimp.com *.fontawesome.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.zdassets.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.facebook.net *.facebook.com *.googleapis.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com api.mercadopago.com events.mercadopago.com *.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.aptrinsic.com *.newrelic.com *.demdex.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 2 default-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: https:; font-src data: https:; report-uri https://kilian.report-uri.io/r/default/csp/reportOnlyi; connect-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval' https://client.crisp.chat https://storage.crisp.chat wss://client.relay.crisp.chat wss://stream.relay.crisp.chat 2 font-src *.agrialpro.fr *.lamaison.fr fonts.gstatic.com https://cdnjs.cloudflare.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com dynamic.criteo.com api.oney.io 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com gum.criteo.com youtu.be facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.agrialpro.fr *.lamaison.fr maps.gstatic.com maps.google.com maps.googleapis.com cl.avis-verifies.com www.google.fr https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.google.com maps.googleapis.com *.agrialpro.fr *.lamaison.fr cdn.jsdelivr.net cl.avis-verifies.com connect.facebook.net js-agent.newrelic.com *.criteo.com bam.nr-data.net s7.addthis.com https://cdn.jsdelivr.net/npm/pwacompat@2.0.8/pwacompat.min.js https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.agrialpro.fr *.lamaison.fr https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.agrialpro.fr *.lamaison.fr stats.g.doubleclick.net bam.nr-data.net *.criteo.com maps.googleapis.com ekr.zdassets.com/ t.elasticsuite.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src *.gstatic.com data: *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com maps.googleapis.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 worker-src blob: https:; default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; script-src-elem https: 'unsafe-inline' 'report-sample'; font-src data: https:; connect-src https: wss:; frame-src data: https:; img-src * 'self' data:; report-uri https://infakt.report-uri.com/r/d/csp/reportOnly 2 font-src data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com unpkg.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com display.ugc.bazaarvoice.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src use.typekit.net v2.zopim.com d1azc1qln24ryf.cloudfront.net data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com www.facebook.com vars.hotjar.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com www.tinyme.com.au www.tinyme.sg bat.bing.com ct.pinterest.com www.facebook.com a.klaviyo.com assets.reviews.io www.google.com.au embed-fastly.wistia.com fast.wistia.com https://a.klaviyo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com static.zipmoney.com.au js-agent.newrelic.com bam.nr-data.net s.pinimg.com bat.bing.com connect.facebook.net v2.zopim.com widget.reviews.io static.zdassets.com fast.wistia.com static.hotjar.com script.hotjar.com widget.parcelpoint.com.au https://static.klaviyo.com https://fast.a.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com use.typekit.net p.typekit.net widget.reviews.io d1azc1qln24ryf.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com www.tinyme.com.au www.tinyme.sg api.zipmoney.com.au t.zip.co ct.pinterest.com ekr.zdassets.com fast.a.klaviyo.com telemetrics.klaviyo.com api.reviews.io *.zopim.com bam.nr-data.net bat.bing.com stats.g.doubleclick.net distillery.wistia.com embed-fastly.wistia.com pipedream.wistia.com in.hotjar.com embedwistia-a.akamaihd.net api-cache.reviews.co.uk https://static.klaviyo.com https://fast.a.klaviyo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src www.tinyme.com.au www.tinyme.sg 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com *.weprovide.shop https://script.hotjar.com https://unpkg.com https://use.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com landofcoder.com maps.googleapis.com chart.googleapis.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.trustpilot.com *.weprovide.shop https://dtm.cando.eu https://vars.hotjar.com https://ct.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://d1pna5l3xsntoj.cloudfront.net 'self' data: https://www.google.nl *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com https://static.buckaroo.nl cdn.flbx.io *.cloudfront.net 'self' blob: data http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.weprovide.shop https://maps.google.com https://maps.googleapis.com https://mailing.deli-home.nl *.clarity.ms *.omappapi.com https://ct.pinterest.com https://skantrae.com https://cdn.cookielaw.org data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://core.helloretail.com https://d1pna5l3xsntoj.cloudfront.net *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl *.getflowbox.com landofcoder.com maps.googleapis.com chart.googleapis.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.trustpilot.com *.weprovide.shop https://cdnjs.cloudflare.com https://code.jquery.com https://optanon.blob.core.windows.net https://geolocation.onetrust.com *.omappapi.com https://bam.nr-data.net https://cdn.cookielaw.org https://cdn.jsdelivr.net https://js-agent.newrelic.com https://s.pinimg.com https://script.hotjar.com https://static.hotjar.com *.clarity.ms 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://d1pna5l3xsntoj.cloudfront.net *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl *.fontawesome.com unsafe-inline assets.braintreegateway.com *.trustpilot.com *.weprovide.shop https://optanon.blob.core.windows.net https://a.omappapi.com https://cdn.cookielaw.org https://p.typekit.net https://skantrae.com 'self' 'unsafe-inline'; object-src landofcoder.com maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://core.helloretail.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl *.getflowbox.com *.googleapis.com landofcoder.com maps.googleapis.com chart.googleapis.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.weprovide.shop https://data.deurtotaalmarkt.nl https://data.cando.eu https://bam.nr-data.net *.clarity.ms *.omappapi.com https://ct.pinterest.com https://sp.spheremall.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com https://ws21.hotjar.com wss://ws21.hotjar.com https://cdn.cookielaw.org https://geolocation.onetrust.com gethatch.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; form-action 'self' 2 font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: *.livechatinc.com https://td.doubleclick.net data: 'self' 'unsafe-inline'; form-action www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.packeta.com secure.payu.com merch-prod.snd.payu.com *.weltpixel.com *.livechatinc.com https://consentcdn.cookiebot.com/ *.doubleclick.net api.ratingcaptain.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com static.payu.com *.hsforms.net *.hsforms.com 'self' data: *.gstatic.com *.facebook.com https://www.google.pl *.bing.com *.seznam.cz *.clarity.ms *.pricemania.sk https://imgsct.cookiebot.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com s7.addthis.com *.avada.io *.packeta.com secure.payu.com secure.snd.payu.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com *.livechatinc.com *.bing.com *.seznam.cz *.clarity.ms https://pixel.biano.cz https://consent.cookiebot.com *.biano.sk *.biano.cz *.biano.ro https://consentcdn.cookiebot.com https://api.ratingcaptain.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com maxcdn.bootstrapcdn.com *.googleapis.com *.gstatic.com tagmanager.google.com *.pricemania.sk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.livechatinc.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ekr.zdassets.com/ https://get.geojs.io *.avada.io *.packeta.com secure.payu.com merch-prod.snd.payu.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.facebook.net *.clarity.ms *.bing.com http://www.google-analytics.com *.livechatinc.com *.googlesyndication.com *.biano.cz *.biano.sk *.google.com *.analytics.google.com *.biano.ro https://consentcdn.cookiebot.com googleads.g.doubleclick.net api.ratingcaptain.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 font-src fonts.gstatic.com portal.bulkgate.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com portal.bulkgate.com *.wayforpay.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.facebook.com *.doubleclick.net portal.bulkgate.com *.binotel.com lottie.host ipinfo.io *.wayforpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com https://images.unsplash.com *.google.com.ua *.facebook.com *.gstatic.com *.googleapis.com *.rawgit.com *.jsdelivr.net portal.bulkgate.com *.binotel.com *.binotel.ua data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com maps.googleapis.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.cloudflare.com *.facebook.net *.hotjar.com *.hotjar.io *.google.com *.googleapis.com *.esputnik.com esputnik.com portal.bulkgate.com *.gstatic.com *.binotel.com ipinfo.io *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com portal.bulkgate.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src ipinfo.io 'self' 'unsafe-inline'; media-src *.adobe.com *.binotel.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net cdn.ampproject.org *.doubleclick.net *.hotjar.io *.googleapis.com *.esputnik.com esputnik.com portal.bulkgate.com *.gstatic.com *.binotel.com wss://*.binotel.com:9028 ipinfo.io https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; report-uri https://xl86pc2ky3.execute-api.eu-central-1.amazonaws.com/prod/icorecspupload 2 font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com *.typekit.net data: 'self' 'unsafe-inline'; form-action *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com *.google.com/ *.doubleclick.net *.pinterest.com/ *.gorgias.chat *.gorgias.io *.hotjar.com *.pinimg.com *.tiktok.com *.polyfill.io *.profitmetrics.io *.clarity.ms *.amplitude.com *.google.com *.google.hu *.google.ie *.google.sk *.google.ro *.google.co.in *.cookiebot.com *.optimonk.com *.luigisbox.com *.diego.itg.cloud facebook.com youtube.com pinterest.com/ gorgias.chat gorgias.io hotjar.com pinimg.com tiktok.com polyfill.io profitmetrics.io clarity.ms amplitude.com google.com google.hu google.ie google.sk google.ro google.co.in doubleclick.net cookiebot.com optimonk.com luigisbox.com diego.itg.cloud www.paypal.com www.sandbox.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com test.saferpay.com www.saferpay.com saferpay.com https://consentcdn.cookiebot.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.net *.doubleclick.net *.googletagmanager.com https://www.magezon.com *.pinterest.com/ *.gorgias.chat *.gorgias.io *.hotjar.com *.pinimg.com *.tiktok.com *.polyfill.io *.profitmetrics.io *.clarity.ms *.amplitude.com *.google.hu *.google.ie *.google.sk *.google.ro *.google.co.in *.cookiebot.com *.optimonk.com *.luigisbox.com *.diego.itg.cloud www.paypal.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com test.saferpay.com www.saferpay.com saferpay.com maps.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com tagmanager.google.com https://www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com player.vimeo.com *.adobedtm.com *.googleapis.com *.pinterest.com/ *.gorgias.chat *.gorgias.io *.hotjar.com *.pinimg.com *.tiktok.com *.polyfill.io *.profitmetrics.io *.clarity.ms *.amplitude.com *.google.hu *.google.ie *.google.sk *.google.ro *.google.co.in *.cookiebot.com *.optimonk.com *.luigisbox.com *.diego.itg.cloud facebook.net adobedtm.com adobe.com googleapis.com pinterest.com/ gorgias.chat gorgias.io hotjar.com pinimg.com tiktok.com polyfill.io profitmetrics.io clarity.ms amplitude.com google.com google.hu google.ie google.sk google.ro google.co.in doubleclick.net cookiebot.com optimonk.com luigisbox.com diego.itg.cloud www.paypal.com www.sandbox.paypal.com www.paypalobjects.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com test.saferpay.com www.saferpay.com saferpay.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com *.typekit.net *.optimonk.com *.pinterest.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.google-analytics.com *.google-analytics.com *.facebook.net *.google.com *.pinterest.com/ *.gorgias.chat *.gorgias.io *.hotjar.com *.pinimg.com *.tiktok.com *.polyfill.io *.profitmetrics.io *.clarity.ms *.amplitude.com *.google.hu *.google.ie *.google.sk *.google.ro *.google.co.in *.doubleclick.net *.cookiebot.com *.optimonk.com *.luigisbox.com *.diego.itg.cloud pinterest.com/ gorgias.chat gorgias.io hotjar.com pinimg.com tiktok.com polyfill.io profitmetrics.io clarity.ms amplitude.com google.com google.hu google.ie google.sk google.ro google.co.in doubleclick.net cookiebot.com optimonk.com luigisbox.com diego.itg.cloud www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com test.saferpay.com www.saferpay.com saferpay.com t.elasticsuite.io maps.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src test.saferpay.com www.saferpay.com saferpay.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 frame-src 'self' td.doubleclick.net youtube.com *.youtube.com; report-uri /infra/monitoring/csp 2 font-src *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.retailrocket.net landofcoder.com *.mercadolibre.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.apptrian.com www.facebook.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com *.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com www.apptrian.com www.facebook.com connect.facebook.net graph.facebook.com *.retailrocket.net landofcoder.com *.googleapis.com *.google.com *.gstatic.com *.avada.io *.mlstatic.com *.mercadopago.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.retailrocket.net *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src *.retailrocket.net landofcoder.com 'self' 'unsafe-inline'; media-src www.apptrian.com www.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com connect.facebook.net graph.facebook.com *.retailrocket.net landofcoder.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolibre.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2 default-src 'self' data: *.pinimg.com *.postaffiliatepro.com partneri.affilmax.cz *.doubleclick.net *.facebook.net *.google-analytics.com *.biano.cz *.dognet.sk *.googlesyndication.com *.imedia.cz *.googletagmanager.com *.googleadservices.com ;font-src 'self' data: fonts.gstatic.com *.zbozi.cz *.biano.cz *.biano.sk *.biano.hu ;connect-src 'self' *.google.com *.google.hu *.google.ae *.google.co.uk *.google.cz *.google.sk *.google.de *.google.at *.google.fr *.google.it *.google.sk *.google.pl *.google.nl *.google.ie *.google.com.ua *.googleapis.com *.google-analytics.com *.googletagmanager.com *.zbozi.cz *.exchangeratesapi.io *.pingdom.net *.biano.cz *.biano.sk *.biano.hu *.bianopixel.com *.dognet.sk *.foxentry.cz *.seznam.cz *.facebook.com *.pinterest.com *.doubleclick.net https://*.clarity.ms partner-events.favi.cz partner-events.favi.sk partner-events.favi.hu t.targito.signal-nabytek.cz t.targito.sg-nabytek.cz t.targito.signal-nabytok.sk t.targito.sg-nabytok.sk t.targito.butor-signal.hu t.targito.sg-butor.hu *.clickcease.com *.targito.com *.googlesyndication.com https://saas.bianoapi.com bat.bing.com live.luigisbox.com api.luigisbox.com https://*.api.rvndev.com https://*.api.raventic.ai https://*.api.raventic.dev https://api.raventic.dev ;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.cz *.seznam.cz *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.imedia.cz *.facebook.net *.doubleclick.net *.rival.cz *.fg.cz *.3dliving.cz *.imedia.cz *.zbozi.cz *.exchangeratesapi.io *.facebook.com *.pingdom.net *.biano.cz *.biano.sk *.biano.hu *.bianopixel.com *.dognet.sk *.foxentry.cz *.googlesyndication.com *.pinimg.com *.pinterest.com partneri.affilmax.cz *.postaffiliatepro.com www.heureka.cz im9.cz cz.img9.cz *.glami.cz *.licdn.com *.linkedin.com tracking.srovname.cz https://*.clarity.ms partner-events.favicdn.net cdn.targito.signal-nabytek.cz cdn.targito.sg-nabytek.cz cdn.targito.signal-nabytok.sk cdn.targito.sg-nabytok.sk cdn.targito.butor-signal.hu cdn.targito.sg-butor.hu *.clickcease.com cdn.targito.com https://saas.bianoapi.com bat.bing.com scripts.luigisbox.com cdn.luigisbox.com https://sdk.cdn.rvndev.com https://sdk.rvndn.com ;form-action 'self' *.facebook.com *.facebook.net *.pinterest.com ;frame-src 'self' *.youtube.com *.iplatba.cz *.facebook.com *.imedia.cz *.zbozi.cz *.essox.cz *.foxentry.cz *.doubleclick.net *.googletagmanager.com *.google.com *.heureka.cz *.pinterest.com *.googlesyndication.com login.szn.cz ;worker-src 'self' *.youtube.com *.iplatba.cz *.facebook.com *.imedia.cz *.zbozi.cz *.essox.cz *.foxentry.cz *.doubleclick.net *.googletagmanager.com *.google.com *.heureka.cz *.pinterest.com *.googlesyndication.com login.szn.cz ;frame-ancestors 'self' ;img-src 'self' data: blob: *.gstatic.com *.googleapis.com *.googlecode.com *.googletagmanager.com *.google-analytics.com *.seznam.cz *.doubleclick.net *.google.com *.google.hu *.google.ae *.google.co.uk *.google.cz *.google.sk *.google.de *.google.at *.google.fr *.google.it *.google.sk *.google.pl *.google.nl *.google.ie *.google.com.ua *.imedia.cz *.facebook.com *.facebook.net *.fg.cz *.3dliving.cz *.signal-nabytek.cz *.sg-nabytek.cz *.signal-nabytok.sk *.sg-nabytok.sk *.rival.cz *.vykupto.cz *.signal.pl *.zbozi.cz *.exchangeratesapi.io *.dognet.sk *.foxentry.cz *.pinimg.com *.pinterest.com *.biano.cz *.biano.sk *.biano.hu *.heureka.cz *.heureka.sk im9.cz *.glami.cz *.googleadservices.com https://*.clarity.ms bat.bing.com *.favionline.com *.bing.com cdn.targito.com https://i.cdn.rvndev.com https://i.rvndn.com ;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.seznam.cz *.google.com *.gstatic.com *.fg.cz *.3dliving.cz *.signal-nabytek.cz *.sg-nabytek.cz *.signal-nabytok.sk *.sg-nabytok.sk *.sg-butor.hu *.zbozi.cz *.exchangeratesapi.io *.foxentry.cz cdn.targito.com https://saas.bianoapi.com cdn.luigisbox.com https://sdk.cdn.rvndev.com https://sdk.rvndn.com ;object-src 'self' ; report-uri /frontendreport/report/ 2 object-src 'none';base-uri 'self';script-src 'nonce-EmzGigVJ38co1xjLYVN4DQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src https: 'strict-dynamic' 'report-sample' 'nonce-5XZaEISzCy2SL0W1dlmH/rWwRX/aEeW1WkAfRHtteak='; base-uri 'self';report-to csp-endpoint 1 base-uri 'none'; child-src *.shipt.com *.adsrvr.org *.criteo.com *.criteo.net *.doubleclick.net *.googlesyndication.com *.kampyle.com *.medallia.com *.pinterest.com *.recruitics.com *.sprinklr.com *.use1.pure.cloud *.visammg.com apps.rokt.com hooks.stripe.com js.stripe.com recaptcha.google.com request.eprotect.vantivprelive.com request.eprotect.vantivcnp.com www.google.com/recaptcha/ www.googletagmanager.com www.facebook.com tr.snapchat.com www.youtube.com csxd.shipt.com 'self' blob:; connect-src 'self' *.bing.com *.branch.io *.citrusad.com *.clarity.ms *.contentsquare.net *.criteo.com *.criteo.net *.doubleclick.net *.dynatrace.com *.google.com google.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.kampyle.com *.medallia.com *.mouseflow.com *.shipt.com *.sprinklr.com *.use1.pure.cloud *.bugsnag.com d37hm4w715hh7d.cloudfront.net adservice.google.com analytics.tiktok.com api.rollbar.com api.segment.io api.stripe.com js.stripe.com cdn.segment.com js.stripe.com connect.facebook.net ct.pinterest.com s.yimg.com tr.snapchat.com wss://*.sprinklr.com www.facebook.com www.googletagmanager.com zapier.com https://p2blobstore.blob.core.windows.net; font-src 'self' data: *.kampyle.com *.medallia.com *.sprinklr.com *.shipt.com; form-action *.facebook.com *.shipt.com accounts.google.com appleid.apple.com ct.pinterest.com tr.snapchat.com; frame-ancestors *.shipt.com; img-src 'self' data: blob: *; object-src 'none'; script-src 'nonce-c9a42df1af8d64b42b2d38488aa4366f' 'self' 'report-sample' *.bing.com *.clarity.ms *.criteo.com *.criteo.net *.dstillery.com *.doubleclick.net *.googlesyndication.com *.hlserve.com *.kampyle.com *.medallia.com *.media6degrees.com *.recruitics.com *.shipt.com *.sprinklr.com *.use1.pure.cloud *.dynatrace.com adserver.pandora.com analytics-sm.com js.adsrvr.org s.pinimg.com ct.pinterest.com sc-static.net ajax.cloudflare.com analytics.tiktok.com app.contentsquare.com apps.rokt.com dhqbrvplips7x.cloudfront.net app.link connect.facebook.net cdn.branch.io cdn.mouseflow.com cdn.rollbar.com cdn.segment.com js.stripe.com maps.googleapis.com p2blobstore.blob.core.windows.net request.eprotect.vantivprelive.com request.eprotect.vantivcnp.com t.contentsquare.net tr.snapchat.com snap.licdn.com web.btncdn.com www.google.com/recaptcha/ www.googleadservices.com www.googletagmanager.com www.gstatic.com/recaptcha/ s.yimg.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' *.kampyle.com *.medallia.com *.shipt.com; worker-src 'self' blob:; default-src 'self'; media-src 'self' *.shipt.com *.use1.pure.cloud *.sprinklr.com 1 object-src 'none';base-uri 'self';script-src 'nonce-IL0Vvd85EI6FJ3cEyP7wBA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts 1 object-src 'none';base-uri 'self';script-src 'nonce-dGzFgHyMQnqDUhnz2Edlzw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self'; script-src 'self' 'unsafe-eval' 'sha256-Fu6BQZHI9lIev81cMzan2gbFLQJijUWL2tHnvhvYP1k=' 'sha256-B9HPo9/jX4atLVuuhcrzSKwMHW+UCXph8cK5JNCTkZM=' https://api.observablehq.com https://cdn.jsdelivr.net https://cdn.openai.com https://unpkg.com https://www.googletagmanager.com https://static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://fonts.googleapis.com https://github.githubassets.com; img-src 'self' data: https: https://cdn.openai.com https://d4mucfpksywv.cloudfront.net https://i.vimeocdn.com https://images.openai.com; font-src 'self' data: https://use.typekit.net https://cdn.jsdelivr.net https://fonts.gstatic.com; connect-src 'self' *.google-analytics.com https://region1.google-analytics.com https://cdnmd.global-cache.online https://translate.googleapis.com https://cloudflareinsights.com https://cdn.jsdelivr.net https://cdn.openai.com https://d4mucfpksywv.cloudfront.net https://gist.githubusercontent.com https://o33249.ingest.sentry.io https://openaicom-api-bdcpf8c6d2e9atf6.z01.azurefd.net https://static.observableusercontent.com https://www.google-analytics.com; media-src 'self' data: https://translate.google.com https://cdn.openai.com https://openaicomproductionae4b.blob.core.windows.net; object-src 'none'; frame-src 'self' https://vimeo.com https://openaipublic.blob.core.windows.net https://platform.twitter.com https://www.instagram.com https://m.youtube.com https://player.twitch.tv https://player.vimeo.com https://w.soundcloud.com; base-uri 'self'; manifest-src 'self'; report-uri https://oaic.report-uri.com/r/d/csp/reportOnly 1 object-src 'none';base-uri 'self';script-src 'nonce-UCDw-2929L_8JNBqKNxp2g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src 'report-sample' 'nonce-RaYHx0OuBcbErj1u6qyKHg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';worker-src 'self';report-uri /business/_/AdsLpServingHttp/cspreport 1 object-src 'none';base-uri 'self';script-src 'nonce-TzapbNlN_Qtjxt-7SZz4kg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-GrW7Y_xecvRpOPSAY4KIqw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-6CftNpxSWA7FV3gzkpubdg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-hliGykz3i_32GBGi2mSptQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 report-uri https://www.yelp.com/csp_report_only?id=0142b0cb3a1586f2&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=41d0c45536d2a082f11d1cd0e00fde7f&site=www×tamp=1711589294; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: blob:; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; font-src data: https:; child-src https: yelp-webview://* yelp://* data:; object-src 'none'; worker-src blob: https:; base-uri 'self'; form-action https: 1 require-trusted-types-for 'script';report-uri /_/Gstore/cspreport 1 frame-ancestors 'self' *.qualtrics.com *.my.salesforce.com *.visualforce.com *.visual.force.com *.lightning.force.com; report-uri https://sjc1.qualtrics.com/csp-report 1 object-src 'none';base-uri 'self';script-src 'nonce-X7X6nGIJoP0B_HeXEFl7Gw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src temu: *.temu.com *.kwcdn.com wss://*.temu.com *.paypal.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com *.googleusercontent.com www.googleadservices.com www.google.cn www.google.com.hk www.google.co.uk www.google.ca www.google.com.au www.google.co.nz google.com connect.facebook.net www.facebook.com appleid.cdn-apple.com socialplugin.facebook.net *.cash.app *.forter.com www.paypalobjects.com *.braintree-api.com *.braintreegateway.com cash-f.squarecdn.com api.squareup.com api.lab.amplitude.com *.paidy.com blob: data: 'unsafe-eval' 'unsafe-inline' 'wasm-unsafe-eval'; report-uri /api/sec-csp/110000006/report 1 default-src 'self' https://*.kaspi.kz https://cdn-kaspi.kz https://*.cdn-kaspi.kz; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://kaspi.kz https://*.kaspi.kz https://cdn-kaspi.kz https://*.cdn-kaspi.kz https://*.hotjar.com https://www.googleadservices.com https://mc.yandex.ru https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://yastatic.net https://vk.com https://googleads.g.doubleclick.net https://core-renderer-tiles.maps.yandex.net https://api-maps.yandex.ru https://cdn.segmentstream.com https://cdn.amplitude.com https://analytics.tiktok.com https://suggest-maps.yandex.ru; script-src-elem 'unsafe-inline' https://kaspi.kz https://*.kaspi.kz https://cdn-kaspi.kz https://*.cdn-kaspi.kz https://analytics.tiktok.com https://cdn.segmentstream.com https://cdn.amplitude.com https://cdn.materialdesignicons.com https://suggest-maps.yandex.ru https://www.google-analytics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://mc.yandex.ru https://www.googleadservices.com https://vk.com https://script.hotjar.com https://api-maps.yandex.ru https://yastatic.net https://static.hotjar.com; img-src data: https://kaspi.kz https://*.kaspi.kz https://cdn-kaspi.kz https://*.cdn-kaspi.kz https://mc.yandex.com https://mc.yandex.kz https://mc.yandex.ru https://vk.com https://www.facebook.com https://www.google.com https://www.google.kz https://core-renderer-tiles.maps.yandex.net https://track.segmentstream.com https://www.google-analytics.com https://www.googletagmanager.com https://api-maps.yandex.ru https://i.ytimg.com https://www.google.ru https://www.google.no https://www.google.co.uk https://www.google.co.th; style-src 'unsafe-inline' https://kaspi.kz https://*.kaspi.kz https://*.cdn-kaspi.kz https://fonts.googleapis.com https://cdn.materialdesignicons.com; style-src-elem 'unsafe-inline' https://use.fontawesome.com https://kaspi.kz https://*.kaspi.kz https://cdn-kaspi.kz https://*.cdn-kaspi.kz https://fonts.googleapis.com https://www.gstatic.com; connect-src https://kaspi.kz https://*.kaspi.kz https://cdn-kaspi.kz https://*.cdn-kaspi.kz https://*.hotjar.com https://mc.yandex.com https://mc.yandex.ru https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://www.facebook.com https://connect.facebook.net https://vk.com https://track.segmentstream.com https://*.g.doubleclick.net https://yastatic.net https://api-maps.yandex.ru https://adservice.google.com https://yandexmetrica.com:* https://insights.algolia.io wss://*.kaspi.kz wss://kaspi.kz https://*.amplitude.com https://analytics.tiktok.com https://vc.hotjar.io https://pagead2.googlesyndication.com; media-src https://kaspi.kz https://*.kaspi.kz https://cdn-kaspi.kz https://*.cdn-kaspi.kz; font-src data: https://kaspi.kz https://*.kaspi.kz https://cdn-kaspi.kz https://*.cdn-kaspi.kz https://fonts.gstatic.com https://fonts.googleapis.com https://use.fontawesome.com https://cdn.jsdelivr.net https://yastatic.net; frame-src https://vars.hotjar.com https://bid.g.doubleclick.net https://mc.yandex.ru; object-src 'none'; report-uri https://kaspi.kz/csp-report; 1 script-src 'report-sample' 'nonce-pOdJaUDlu-1Hry83cDrclw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';worker-src 'self';report-uri /business/_/AdsLpServingHttp/cspreport 1 script-src 'nonce-FXIy0KJV8UggVNooDskmQg' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1 frame-ancestors 'self'; report-uri https://www.news.com.au/csp-reports 1 default-src 'self' https:; upgrade-insecure-requests; script-src 'self' 'unsafe-eval' https: 'unsafe-inline'; script-src-attr 'self' 'unsafe-inline' https:; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data: blob:; style-src 'self' 'unsafe-inline' https:; frame-src 'self' https:; child-src 'self' blob: https:; manifest-src 'self'; frame-ancestors 'self' https:; worker-src 'self' https: blob:; form-action 'self' *.twitter.com *.google.com *.facebook.com connect.facebook.net forms.hsforms.com forms.hubspot.com; base-uri 'self'; object-src 'self'; connect-src 'self' https: data:; report-uri https://typeformwww.report-uri.com/r/t/csp/reportOnly 1 script-src 'self' 'unsafe-inline' 'nonce-vg6VffKpVk6XasaEguBGqvnIDHUXbvXM' http://www.google-analytics.com https://*.uservoice.com https://dap.digitalgov.gov https://designsystem.digital.gov https://maps.googleapis.com https://standards.usa.gov https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com 'unsafe-eval' https://optimize.google.com https://gateway.foresee.com https://resources.digital-cloud-gov.voice.medallia.com https://resource.digital.voice.va.gov https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://www.youtube.com https://*.ytimg.com https://cdn.botframework.com 'strict-dynamic' nonce-vg6VffKpVk6XasaEguBGqvnIDHUXbvXM; img-src 'self' data: blob: https://*.gstatic.com https://api.mapbox.com https://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://*.va.gov https://optimize.google.com https://gateway.foresee.com https://static.foresee.com https://cdn-prod.kampyle.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://s3-us-gov-west-1.amazonaws.com https://ok6static.oktacdn.com https://dvp-oauth-application-directory-logos.s3-us-gov-west-1.amazonaws.com https://i.ytimg.com ; frame-ancestors 'none' ; manifest-src 'none' ; default-src 'self' ; frame-src https://dap.digitalgov.gov https://resource.digital.voice.va.gov https://www.googletagmanager.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://www.youtube.com ; child-src https://*.uservoice.com https://www.googletagmanager.com https://www.youtube.com https://optimize.google.com https://resources.digital-cloud-gov.voice.medallia.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com https://optimize.google.com https://fonts.googleapis.com https://gateway.foresee.com https://medallia.s3.amazonaws.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://s3-us-gov-west-1.amazonaws.com ; connect-src 'self' http://localhost:4000 https://*.va.gov https://api.mapbox.com https://events.mapbox.com https://www.google-analytics.com https://stats.g.doubleclick.net http://*.vetsgov-internal https://secure.login.gov https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com https://prod-va-gov-maintenance-windows.s3-us-gov-west-1.amazonaws.com https://analytics.foresee.com https://brain.foresee.com https://survey.foreseeresults.com https://device.4seeresults.com https://health.foresee.com https://gateway.foresee.com https://feedback.digital-cloud-gov.voice.medallia.com https://raw.githubusercontent.com wss://northamerica.directline.botframework.com https://northamerica.directline.botframework.com https://*.speech.microsoft.com wss://*.speech.microsoft.com https://search.usa.gov https://rum.browser-intake-ddog-gov.com https://session-replay.browser-intake-ddog-gov.com ; object-src 'self' blob: ; media-src 'none' ; font-src 'self' data: https://fonts.gstatic.com https://gateway.foresee.com https://medallia.s3.amazonaws.com https://prod-va-gov-assets.s3-us-gov-west-1.amazonaws.com ; block-all-mixed-content ; form-action 'self' https://vicbdc.vba.va.gov https://vaww.vicbdc.ppd.vba.va.gov https://vicbdc.prod.va.gov/ https://secure.login.gov https://feedback.digital-cloud-gov.voice.medallia.com https://public.govdelivery.com ; base-uri http://*.vetsgov-internal https://*.va.gov https://optimize.google.com ; 1 default-src 'none'; connect-src 'self' *.yimg.com https://www.google-analytics.com *.doubleclick.net; font-src 'self' *.typekit.net; frame-src 'self' *.google.com *.marketo.com *.youtube.com; img-src 'self' data: *.yimg.com https://www.google-analytics.com https://www.google.com/ads/ga-audiences *.marketo.com; script-src 'self' 'nonce-NBolvYpIWA+01h2KNuoxAQ==' *.yimg.com https://www.google-analytics.com https://ssl.google-analytics.com 'unsafe-eval' *.addtoany.com *.bootstrapcdn.com *.marketo.com *.github.com/flurrydev/ *.github.com/ydn/ *.googletagmanager.com; style-src 'self' 'unsafe-inline' *.yimg.com *.bootstrapcdn.com github.githubassets.com/assets/ *.marketo.com *.typekit.net; report-uri /csp-report 1 script-src 'nonce-qREWelIyCAeZPtffyW81Zw==' 'strict-dynamic' https: 'unsafe-inline' 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=UELS4b0KSYWm42aVXCSWhghxK7Zc2_UGTnANBzcFH3Mm_YhmbHD7aBdf4c0tURljRu3x&policy_id=9&user_id=&request_id=ba4aea40-36d6-4b17-8da4-f13664b9e610; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1 object-src 'none';base-uri 'self';script-src 'nonce-0e9dHmt-Hgf7Yt7ff2rEYg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 frame-ancestors gofundme.com *.gofundme.com *.hopin.com; 1 script-src 'nonce-YnBDC7SjSMRhgePuTR6Row==' 'strict-dynamic' https: 'unsafe-inline' 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=UELS4b0KSYWm42aVXCSWhghxK7Zc2_UGTnANBzcFH3Mm_YhmbHD7aBdf4c0tURljRu3x&policy_id=9&user_id=&request_id=a5d9e60a-9e39-4b1f-ad7a-43284e1fc519; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1 object-src 'none';base-uri 'self';script-src 'nonce-ttulYF2eyCgtWfdhYmokSw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self'; base-uri 'self'; font-src cdn.jsdelivr.net; frame-src 'self' cse.google.com www.google.com; img-src 'self' *.amazonaws.com www.google.com cdn.jsdelivr.net clients1.google.com www.googleapis.com *.gstatic.com pbs.twimg.com *.hypemarks.com *.tintup.com www.google-analytics.com stats.g.doubleclick.net cdn.webcomponents.ucla.edu data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com *.googletagmanager.com www.youtube.com cse.google.com cdn.jsdelivr.net *.ytimg.com cdnjs.cloudflare.com www.google-analytics.com *.amazonaws.com cdn.webcomponents.ucla.edu *.gstatic.com data:; style-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net cdn.webcomponents.ucla.edu cdnjs.cloudflare.com www.google.com; connect-src 'self' weather.atmos.ucla.edu www.google-analytics.com stats.g.doubleclick.net; report-uri /csp-hotline.php 1 object-src *.leboncoin.fr *.leboncoin.io *.leboncoin.ci; frame-ancestors *.leboncoin.fr *.leboncoin.io *.leboncoin.ci; report-uri https://api.leboncoin.fr/api/csp-report/v1/report/; 1 object-src 'none';base-uri 'self';script-src 'nonce-xEpZumTrTgEDB_tzaN_C1w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-gWKlYdLyKpA63_qmC5FwTw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src 'nonce-1Pr3fUY5hSPxFcPWe76ITA==' 'strict-dynamic' https: 'unsafe-inline' 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=UELS4b0KSYWm42aVXCSWhghxK7Zc2_UGTnANBzcFH3Mm_YhmbHD7aBdf4c0tURljRu3x&policy_id=9&user_id=&request_id=de97ea60-f89a-4616-b7d7-3e59be155483; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1 block-all-mixed-content ; report-uri /csp-report 1 object-src 'none';base-uri 'self';script-src 'nonce-5wdoP5Ve8quOlWbm_pZ1UQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src https: 'self' data: blob:; script-src https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'self' 'unsafe-inline' blob:; report-uri https://services.fandom.com/csp-logger/csp/upstream 1 object-src 'none';base-uri 'self';script-src 'nonce-E1UCDO7Rhmrvs-ZmwdnNJQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src 'nonce-6f4afa300a614db9b634cb92a7de42a1' 'strict-dynamic' 'wasm-unsafe-eval' 'unsafe-eval' *.bdxiguastatic.com *.bytescm.com *.bytetos.com *.toutiao.com *.ibytedapm.com bdxiguastatic.com;img-src blob: data: *.douyinstatic.com *.toutiaoimg.com *.bdxiguastatic.com *.bdxiguaimg.com *.bytexservice.com *.bytednsdoc.com *.douyinpic.com *.byteeffecttos.com *.byteacctimg.com *.byteimg.com *.bytecdn.cn http: *.ixigua.com *.itoutiaoimg.com *.toutiaostatic.com s.360.cn *.bytescm.com *.byted.org pos.baidu.com www.gstatic.com jonypractic.net wx.qlogo.cn;report-to slardar-endpoint;style-src blob: 'self' pwm-image.trendmicro.com www.gstatic.com cdn.jsdelivr.net plugin.newmorehot.com *.bytedance.net lib.baomitu.com *.bdxiguastatic.com 'unsafe-inline';manifest-src *.bytednsdoc.com;frame-src wo.laiwoshop.com pwm-image.trendmicro.com a.safen100.com c.safen110.com m.youtube.com code.woqrcode.com api.xiaoduis.com *.ixigua.com cdn.hunong.xyz cha.chaweather.com cx.chacizus.com v2.maoyinews.xyz *.summer5188.com tj.shshinfo.com www.mgtv.com vip.zhanyangsh.cn; 1 default-src 'none'; script-src icq.com c.icq.com cicq.org 1l-hit.mail.ru www.google-analytics.com buddyicon.foto.mail.ru www.googletagmanager.com top-fwz1.mail.ru 'sha256-DKOsdd00IXAHc7qK64HiC18YrB2K4SfiH8Sl6A9aFyg=' 'sha256-u4WiMVZhYDdCrFwB8Zn3gLba1EI3pqIlFYWFZfXJl2I=' 'sha256-ynzJCJTMBeZF6kbmzoI2rC+vDRozRAHxsPfAruxve88=' 'sha256-j51JRkq0bwz97Hd/1wJQsIy6/aX9cz16Xyp+M8FshTA=' 'self'; style-src c.icq.com icq.com cicq.org 'self' 'unsafe-inline'; img-src data: icq.com c.icq.com cicq.org api.icq.net www.google-analytics.com buddyicon.foto.mail.ru files.icq.com files.imgsmail.ru u.icq.net u.myteam.vmailru.net ub.icq.net ub.myteam.vmailru.net swa.icq.com stats.g.doubleclick.net 'self'; media-src data: icq.com c.icq.com cicq.org api.icq.net www.google-analytics.com files.icq.com api.icq.net files.imgsmail.ru u.icq.net u.myteam.vmailru.net ub.icq.net ub.myteam.vmailru.net 'self'; font-src icq.com c.icq.com cicq.org 'self'; connect-src privacy.icq.com icq.com top-fwz1.mail.ru 'self'; report-uri /system/error 1 object-src 'none';base-uri 'self';script-src 'nonce-_x63DQKusRfkk6jSJjshLQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-8onAdyxJdwP1juS3DsG7Uw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'none'; base-uri 'none'; script-src 'report-sample' 'unsafe-inline' 'self' yandex.ru an.yandex.ru api-maps.yandex.ru mc.yandex.ru yastatic.net pcode.yads.tech *.maps.yandex.net; style-src 'unsafe-inline' yastatic.net; img-src 'self' data: avatars.mds.yandex.net favicon.yandex.net *.captcha.yandex.net yastatic.net *.maps.yandex.net *.yandex.ru avatars.yads.tech; media-src blob: strm.yandex.ru *.strm.yandex.net; font-src yastatic.net; connect-src 'self' blob: an.yandex.ru yandex.ru mc.yandex.ru yastatic.net log.strm.yandex.ru display.yads.tech display-logs.yads.tech; frame-src yandexadexchange.net yandex.ru an.yandex.ru; report-uri https://csp.yandex.net/csp?from=yabs-partner-ro&project=yabs&yandex_login=&platform 1 object-src 'none';base-uri 'self';script-src 'nonce-oMu_aLLKCFy1wkPaxmlxJA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-6dSsGfouocFp_5Ks5NEJHw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-9fe7j3iMf0jJ6j8wiuQvaA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-COPt-WGeAQJqEkeIfmlNPQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-kH0g9f6Xp9bxVOLGcW24mg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src https://www.airtable.com https://airtable-marketing.herokuapp.com https://airtable.com https://static.airtable.com/ 'unsafe-inline' 'unsafe-eval' 'report-sample' https: blob:; style-src 'unsafe-inline' https:; block-all-mixed-content; object-src //pages.airtable.com; base-uri 'none'; report-uri https://airtable.com/.csp/report 1 object-src 'none';base-uri 'self';script-src 'nonce-cHq18WwRSI0yvS8MU6GvlQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-O-vGvB-u47-VZOCDvNX00g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://deadline.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1 object-src 'none';base-uri 'self';script-src 'nonce-j2E80EC5P8Zc6dn5YQ_Uwg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.zijieimg.com *.helo-app.com *.toutiaopage.com *.zjurl.cn *.pstatp.com *.bytecdn.cn *.isnssdk.com *.byteoversea.com *.365yg.com *.ks-cdn.com *.ipstatp.com *.amemv.com *.ibytedtos.com *.ixigua.com *.ixiguavideo.com *.hypstarcdn.com *.tiktokcdn.com *.topbuzzcdn.com *.lemocamcdn.com *.musical.ly *.muscdn.com *.ulikecam.mobi *.faceu.mobi *.wukongwenda.com *.wukongwenda.cn *.toutiao13.com *.toutiaoribao.cn *.ribaoapi.com *.dongchediapp.com *.huoshanzhibo.com *.huoshanxiaoshipin.cn *.huoshanxiaoshipin.net *.huoshanvideo.cn *.huoshanvideo.net *.ieshuodong.cn *.ieshuodong.net *.byteoversea.com *.topbuzz.com *.hypstar.com *.tiktokv.com *.byted.org *.bytedance.net *.bytedance.com *.bytedance.cn *.toutiaocloud.com *.snssdk.com *.toutiao.com *.neihanshequ.com *.wukong.com *.huoshan.com *.douyin.com *.everphoto.cn *.jinritemai.com *.tuchong.com *.stock.tuchong.com *.luckycalendar.cn *.bcy.net *.feishu.cn *.dcdapp.com *.oceanengine.com *.chengzijianzhan.com *.byteimg.com *.google-analytics.com 1 object-src 'none';base-uri 'self';script-src 'nonce-Gj6rOYA6jQGVmLMlI_ZXrQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-tGRt0nwavj_aGyVkPtlOhg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-iwqAgIkD3gSMV0CNxYmupg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-yeDUKiMH9VKSSeCkJZZ7BA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-Qva1-c5IByAyBd-pwQwJ3g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-D5ot7Czi3lKNuRuHXOCnlQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src 'unsafe-inline' 'unsafe-eval' https: blob:; object-src data: https://d1785e74lyxkqq.cloudfront.net https://h.online-metrix.net; base-uri 'none'; report-uri https://tvlk.report-uri.com/r/d/csp/reportOnly 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' app.hubspot.com cdn-3.convertexperiments.com cdnjs.cloudflare.com connect.facebook.net cta-service-cms2.hubspot.com js.hsforms.net js.hs-analytics.net js.hs-banner.com js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com platform.twitter.com play.vidyard.com run.pstmn.io script.crazyegg.com script.hotjar.com static.hotjar.com static.hsappstatic.net use.typekit.net www.googletagmanager.com www.google-analytics.com www.hubspot.com 'strict-dynamic' 'nonce-wRxnSYSkQgBqR8LSeBPpmg=='; report-uri https://send.hsbrowserreports.com/csp/report; 1 object-src 'none';base-uri 'self';script-src 'nonce-3SFWYOw-ECssvIO3-JcbNg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce--RoyqIEj3SedM0R-3Pc6ag' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-91FDH0telPCz1EPVVPaiJQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-GB8ImeZZsGnvpW5mSunmlg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-QXUFDN1ZxyMhMKni6U43sQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-6psSJ1Z1X4pj5niWVbK4cQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-kifLzO2F86Lovb86JI9RvQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-0MkJqWxiWqnjjLFNKHH7kg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-96LBROvthehIOBz15DD16Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-TJCMJNYV-ua-KrrTtf3V6Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-fMHgG6RyU06kf0vd-ZBjIw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-ZnerAT2ICD1bDPQYZvaqLA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-muAa2ObNNbaFBTHZAcXaXA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-2r0HW8hOArus_o01LOJ-1A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-XtsMEihWC2W6_t68U8lh0Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-Jv1-CWNVYQIWbNE7ErgrIg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-VExMTZ2fEVtJsKEn__h5lw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-wZhe1f6QePssWkjQgIcooQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-cTB70-YHxyTl6sZgMfiaSQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-s1DDZlrHhR2YnGEIyP2OHA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-CB69WiI0pHVsGe69vwiITw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-YnKcVpX965Iv4JR6DtJHHw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-iMgtTWGTqmwRhk1ifwPWZg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-XCZ0Z0n88IuKV_Il8Bvlig' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-_UFYTlXUbaPuGVKCTJVESw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-Kj4nKSPc4ljQrFOjFk2n-A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-3awMBdJQfp2omOHrOINIuA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-V5yXU_eGgaIaYF19AvZzew' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-H_4psyl8dbS0_ocCPAEZ8w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-Nk3oo62Lc2vW8A5dmOt8fA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-1uofUDPYwayIXaPVyS-JiQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-1eojM33NryghGYEGEvhOKA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-X6IxlDV608QPZ0iqjOaM3w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-W4DV8s8TJlg7bS0qq27ojA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-WXV2jL6WExhBq1x7TTjBEw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-Rcv0i6HmJhiY9b-HqYZlHA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-q52CcUUer5Y-MhX5wKySuQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-sYdyEHf7TlJXXs3t6YpsKQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-wuFFqGxWczvmleGK3q4mew' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-sVK3ExjVp5jY1SHWin0_HQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-R8jyPWDSmXDDfqI8GNEmYw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-eoTy0VVYB08D5mj231cMHQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-eOFAaZqRPQ-N8ejGgEPlVw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-oxxfKv6DVLHV6ZsVeV3pcw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-gVyoWXJkb5Rd2nyFiEedAQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-0JR27q21ogLhoV7KMpBNSg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-MAlMhhKpmNQzQD5h4RoS1g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-jZ-itYpULKOfbK_0Q05Z_g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-3-dhy8bn9J-bo9lC1unhLA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-BYbLqFyYwDFvBjizEzvVaA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-pF-dZdapxA910l6Vq70VIg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-iLgdrfUnyUJ0p6rVuWsosQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-JZH08G2uP7zkwSaclBFQlA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-2xKl4-c3GB-20ZE3kyRkSA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-tg6-DyCydepucYxRLyckPA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-nk9c4vleKn5r-OZ7Fup-Tg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-QZf05vWQ4kbUSPcuG9D8dg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-KJNGDhxAfaVYzI230AnI8Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-hkFFWYn_EzKejOMDlsOiHQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-pR8NABXAJwjKTOmijMYcmg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-aHmhfRlUoj_mhzaxYDjZ_w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-VYXy3KuVYltwupVL0xAbIw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-mGtXU4I-tKnm-LeM0Ue6MQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-jit9JS4Uu_YaygmoGjb-Uw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-dwRoD27RKvQuWOO2l02bzA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-WTE7JNE0E9qmIMQ-6TkzPQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-hZOYBHLryhjM0MJ29wuXzA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-UMKPRfFGKU7SBW33HdSjEg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.ubs.com *.ubs.net *.adobedtm.com *.demdex.net *.decibelinsight.net *.decibel.com *.adform.net *.everesttech.net *.googleapis.com *.brightcove.net *.2o7.net *.omtrdc.net *.tt.omtrdc.net *.zencdn.net *.akamaihd.net *.facebook.net *.googleadservices.com *.googletagmanager.com *.google.com *.doubleclick.net *.cloudflare.com *.zmags.com *.raisenow.com *.adobe.com fuse.ubs.com *.mkt.dynamics.com *.azureedge.net *.adnxs.com *.ipify.org *.google-analytics.com *.tiktok.com *.datatrans.com; style-src 'self' 'unsafe-inline' *.googleapis.com; object-src *.ubs.com *.ubs.net https://players.brightcove.net; base-uri 'none'; frame-ancestors *.ubs.com *.ubs.net *.homegate.ch *.financescout24.ch *.immoscout24.ch *.acheter-louer.ch *.buy-rent.ch *.kaufen-mieten.ch *.pwj.com; form-action *.ubs.com; frame-src *.ubs.com *.ubs.net https://ubs.demdex.net optimus.foundation https://outlook.office365.com *.omniture.com *.adobe.com *.datatrans.com; connect-src *.ubs.com *.ubs.net wss://collection.decibelinsight.net *.decibelinsight.net *.decibel.com *.demdex.net *.brightcove.com *.brightcove.services *.boltdns.net *.brightcovecdn.com *.googleapis.com *.akamaihd.net fuseapi.ubs.com fuseconsole.ubs.com fuse.ubs.com wss://fuse.ubs.com *.mkt.dynamics.com *.azureedge.net *.google-analytics.com tt.ubs.com *.raisenow.io *.raisenow.com; img-src *.ubs.com *.ubs.net data: fuseapi.ubs.com fuseconsole.ubs.com fuse.ubs.com *.brightcove.com *.boltdns.net *.brightcovecdn.com *.gstatic.com *.googleapis.com *.twitter.com t.co *.facebook.com *.linkedin.com *.google.com *.google.ch *.doubleclick.net *.googleadservices.com *.googletagmanager.com *.yahoo.co.jp *.adform.net *.akamaihd.net *.adnxs.com *.ipify.org *.google-analytics.com *.tiktok.com *.raisenow.com *.google.com.au *.google.com.br *.google.ca *.google.cn *.google.fr *.google.de *.google.com.hk *.google.co.in *.google.co.id *.google.co.il *.google.it *.google.co.jp *.google.com.mx *.google.com.sa *.google.com.sg *.google.com.tw *.google.ae *.google.co.uk; report-uri /csp/reports 1 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/googleorg 1 object-src 'none';base-uri 'self';script-src 'nonce-VRRAtUmsa1c-eTnOsk3tfg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-4kGSD-vSketPC1CkCW3QDA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 base-uri 'none'; default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' https://cdn.heapanalytics.com https://distillery.wistia.com/x https://matillion.ddev.site:3000/ wss://matillion.ddev.site:3000 https://fast.wistia.com https://www.googletagmanager.com https://cdn.heapanalytics.com/js/heap-1873293713.js https://cdn.iubenda.com/cs/iubenda_cs.js https://connect.facebook.net/en_US/fbevents.js https://content.cdntwrk.com/components/website-widget/v1/118604/widget.js https://fast.wistia.com/assets/external/E-v1.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/848565924/ https://in.ml314.com/ud.ashx https://js.driftt.com/include/1688577300000/vh948h8ntehg.js https://js.intercomcdn.com/vendor-modern.255c4d36.js https://lift-ai-js.marketlinc.com/www.matillion.com/deployment.js https://ml314.com/tag.aspx https://munchkin.marketo.net/munchkin.js https://okt.to/ping https://pages.matillion.com/js/forms2/js/forms2.min.js https://script.hotjar.com/modules.832d10fb416834285523.js https://snap.licdn.com/li.lms-analytics/insight.beta.min.js https://static.ads-twitter.com/uwt.js https://static.hotjar.com/c/hotjar-2386626.js https://static.oktopost.com/oktrk.js https://tag.demandbase.com/00a4b81bfa345e5b.min.js https://tracking.g2crowd.com/attribution_tracking/conversions/5351.js https://widget.intercom.io/widget/rjk6vrpn https://www.google-analytics.com/analytics.js https://www.googleadservices.com/pagead/conversion/848565924/ https://www.googletagmanager.com/gtag/js https://www.iubenda.com/cookie-solution/confs/js/48216078.js https://www.redditstatic.com/ads/pixel.js; style-src 'self' 'unsafe-inline' https://p.typekit.net https://pages.matillion.com https://use.typekit.net; img-src 'self' data: 'self' data: https://alb.reddit.com https://analytics.twitter.com https://embed-ssl.wistia.com https://fast.wistia.com https://googleads.g.doubleclick.net https://heapanalytics.com https://id.rlcdn.com https://insight.adsrvr.org https://pubads.g.doubleclick.net https://px.ads.linkedin.com https://t.co https://www.facebook.com https://www.google-analytics.com https://www.google.com; connect-src 'self' https://992-uiw-731.mktoresp.com https://analytics.google.com https://api-iam.intercom.io https://api.company-target.com https://content.hotjar.io https://distillery.wistia.com https://fast.wistia.com https://fg8vvsvnieiv3ej16jby.litix.io https://google.com https://hits-i.iubenda.com https://in.hotjar.com https://metrics.hotjar.io https://stats.g.doubleclick.net https://tag-logger.demandbase.com https://v2.api.uberflip.com https://visitor-scoring-c.marketlinc.com https://www.google-analytics.com https://www.google.com wss://nexus-websocket-a.intercom.io wss://ws.hotjar.com; font-src 'self' 'self' data: https://fast.wistia.com https://use.typekit.net; media-src 'self' blob:; frame-src 'self' 'self' https://12420912.fls.doubleclick.net https://js.driftt.com https://pages.matillion.com https://s.company-target.com https://www.facebook.com; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.bj cdn-staging.logrocket.io www.google.cl analytics.google.com www.google.com centinelapi.cardinalcommerce.com www.autocheck.com logrocket-cdn.eridan-company.com.ua www.googletagservices.com api.shelf.network flex.cybersource.com widget.replain.cc fonts.cdnfonts.com *.facebook.com *.copart.com *.doubleclick.net www.google.tm www.google.sk api.trongrid.io www.google.com.gt www.google.com.gh www.google.com.bz logrocket-data.eridan-company.com.ua cdnjs.cloudflare.com www.google.sn *.gstatic.com cdn.megabonus.com cdn.lr-ingest.io *.clarity.ms www.livehelpnow.net www.google.az www.google.com.do www.google.ge www.googletagmanager.com *.tiktok.com region1.analytics.google.com *.ampproject.org img.youtube.com www.google.es scaleflex.ultrafast.io www.google.kz www.google.com.ng www.google.gr app.replain.cc www.google.com.ua eridan-duplicator.com fundingchoicesmessages.google.com region1.google-analytics.com www.google.co.uk www.google.at www.google.dz www.google.com.ly www.google.kg wss://app.livehelpnow.net wss://ws.replain.cc static.zip.co www.google.dk *.googleadservices.com www.google.ru www.google.com.kh meyerweb.com cdn.jsdelivr.net adservice.google.com www.google.com.pr www.google.com.pa songbird.cardinalcommerce.com www.google.ch ilc.logisctic.com www.google.cz *.googlesyndication.com www.google.ie www.google.co.uz www.google.com.tj www.google.ae www.google.bg www.b2i.us bat.bing.com www.crashedtoys.com assets.replain.cc www.google.no www.google.hu developer.livehelpnow.net www.google.com.af www.google.by translate.yandex.net www.google-analytics.com www.google.lv www.google.com.eg www.google.ba www.google.de www.google.fi s3.amazonaws.com r.lr-intake.com www.google.iq code.jquery.com www.google.bs *.paypal.com www.bing.com mc.yandex.ru www.google.com.br kit-free.fontawesome.com www.google.com.mx c.bing.com www.google.hn www.google.com.om www.google.am www.google.nl cdn.livehelpnow.net www.google.com.ni www.google.co.in www.google.co.cr www.google.co.il www.slant.co www.google.com.sv www.google.com.ar www.google.tg www.google.se client-analytics.braintreegateway.com translate.google.com *.criteo.net autohelperbot.com www.google.al www.youtube.com www.google.com.py r.lr-ingest.io www.google.com.jm www.google.com.co geo.cardinalcommerce.com www.google.com.ph www.google.co.ve www.google.com.tr www.google.md *.cloudinary.com cdn.polyfill.io www.cashforcars.com www.google.lt www.google.com.pk www.google.com.bo www.google.ca www.google.ee *.facebook.net matching.granify.com www.google.com.lb www.google.jo www.google.ro *.googleapis.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com snap.licdn.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com use.typekit.net munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.googleapis.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com 1 base-uri 'self';script-src-elem 'self' https://snap.licdn.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://js.hs-analytics.net/analytics/ https://www.googletagmanager.com/gtag/ https://js.hs-banner.com/ https://js.hsadspixel.net/ https://x.clearbitjs.com/ https://reveal.clearbit.com/ https://tag.clearbitscripts.com/ https://cdn.koala.live/ https://app.leandata.com/ https://www.datadoghq-browser-agent.com/ 'nonce-8dda50d1ff55be1c';report-uri /api/report_csp_violation;object-src 'none';form-action 'self'; 1 default-src 'self' *.yangkeduo.com *.pinduoduo.com *.pinduoduo.net *.pddpic.com *.pddugc.com 'unsafe-inline' data: blob:;script-src 'self' *.yangkeduo.com *.pinduoduo.com *.pinduoduo.net *.pddpic.com *.pddugc.com 'unsafe-eval' 'unsafe-inline';report-uri /api/sec-csp/29/report 1 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/chromebook 1 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://wwd.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1 default-src 'self' data: blob: https://067-umd-991.mktoresp.com https://accounts.google.com https://analytics.google.com https://api.amplitude.com https://bi-beta.pst.tech https://bi.pst.tech https://bifrost-https-v4.gw.postman.com https://blog.postman.com https://cdn.cookielaw.org https://cdn.metadata.io https://dl.pstmn.io https://eo2kpuahxhuvgexlueall7gqzq0fihon.lambda-url.us-east-1.on.aws https://events.gw.postman.com https://events.rm-api.com https://geolocation.onetrust.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://identity.getpostman-beta.com https://identity.getpostman.com https://lp.postman.com https://munchkin.marketo.net https://pages.getpostman.com https://player.twitch.tv https://privacyportal.onetrust.com https://public.slidesharecdn.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://manifest.webmanifest https://ms1frkqnsp7r.statuspage.io https://run.pstmn.io https://script.hotjar.com https://skills-assets.pstmn.io https://st-ar.cdn.postman.com https://static.cloudflareinsights.com https://static.hotjar.com https://stats.g.doubleclick.net https://td.doubleclick.net https://vc.hotjar.io https://voyager.postman.com https://web.postman.com https://www.googletagmanager.com https://www.slideshare.net https://snap.licdn.com https://www.google.com https://www.youtube.com https://www.postman.com https://static.ads-twitter.com https://t.co https://analytics.twitter.com https://snap.licdn.com/ https://i.ytimg.com https://platformapi.metadata.io https://dx.mountain.com https://px.mountain.com https://gs.mountain.com https://44.238.122.172 https://100.20.58.101 https://35.85.84.151 https://44.228.85.26 https://34.215.155.61 https://35.160.46.251 https://52.71.121.170 https://18.210.229.244 https://44.212.189.233 https://3.212.39.155 https://52.22.50.55 https://54.156.2.105 https://bam.nr-data.net https://js-agent.newrelic.com 'unsafe-inline' 'unsafe-eval'; form-action 'self'; base-uri 'self'; 1 script-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdn.knightlab.com https://cdnjs.cloudflare.com https://dap.digitalgov.gov https://platform.twitter.com; script-src-attr 'self'; style-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.knightlab.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com; style-src-attr 'self'; frame-ancestors 'self' 1 default-src 'self' https://api.mixpanel.com; script-src 'self' 'unsafe-eval' 'nonce-vw/M1EJtfJm4SIes+W5PaCZGFTwAGtQUq/fcbk8QS9ZWpPve9CW6MVbxhTZeopQWzWf9HgCW2H9DE5IQs2sQjQ==' https://*.facebook.net https://www.facebook.com https://snap.licdn.com https://connect.liblynx.com https://sandbox.liblynx.com https://www.google-analytics.com https://optimize.google.com https://ssl.google-analytics.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com https://cdn.mxpnl.com https://cdn4.mxpnl.com https://api.mixpanel.com https://www.googletagmanager.com https://kit.fontawesome.com https://use.fontawesome.com https://pro.fontawesome.com https://scholar.google.com https://api.altmetric.com https://d1bxh8uas1mnw7.cloudfront.net https://js.trendmd.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; img-src 'self' https://ssl.google-analytics.com https://www.google-analytics.com https://optimize.google.com https://www.googletagmanager.com https://connect.liblynx.com https://sandbox.liblynx.com https://stats.g.doubleclick.net https://cdn.mxpnl.com https://images.mxpnl.com https://badges.altmetric.com https://d1uo4w7k31k5mn.cloudfront.net https://www.facebook.com https://px.ads.linkedin.com https://www.linkedin.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io data:; connect-src 'self' https://shop.emerald.com/ https://www.facebook.com https://www.google-analytics.com https://api.mixpanel.com/ https://scholar.google.com https://*.trendmd.com https://cc.trendmd.co https://ka-p.fontawesome.com https://kit.fontawesome.com https://stats.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; style-src 'self' 'nonce-vw/M1EJtfJm4SIes+W5PaCZGFTwAGtQUq/fcbk8QS9ZWpPve9CW6MVbxhTZeopQWzWf9HgCW2H9DE5IQs2sQjQ==' https://optimize.google.com https://fonts.googleapis.com https://use.fontawesome.com https://pro.fontawesome.com https://ka-p.fontawesome.com https://d1bxh8uas1mnw7.cloudfront.net https://trendmd.s3.amazonaws.com https://css.trendmd.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com https://use.fontawesome.com https://pro.fontawesome.com https://ka-p.fontawesome.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'self' https://www.googletagmanager.com https://optimize.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; object-src 'self' 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com www.google.co.th *.googleapis.com ampcid.google.com.sg prreqcroab.icu *.income.com.sg *.tiktok.com *.evergage.com us-central1-ntuc-income-bigquery.cloudfunctions.net analytics.google.com bat.bing.com *.clarity.ms cdn.evgnet.com www.google.com.ph assets-au-01.kc-usercontent.com www.youtube.com *.omguk.com www.google.com.hk www.google.co.id alb.reddit.com *.tealiumiq.com www.google.co.in www.redditstatic.com www.google.co.jp *.facebook.com www.google.co.kr *.doubleclick.net tags.tiqcdn.com rules.quantcount.com www.google.com.sg cdn.jsdelivr.net www.google.fi api.trafficguard.ai secure.quantserve.com *.linkedin.com www.google-analytics.com www.googletagmanager.com www.dianomi.com www.google.com.tw *.facebook.net *.crazyegg.com pixel.quantserve.com s.yimg.com tgtag.io c.bing.com centinelapi.cardinalcommerce.com www.google.com.au badge.seedly.sg www.google.com.vn adservice.google.com code.jquery.com *.igodigital.com use.fontawesome.com cdnjs.cloudflare.com sp.analytics.yahoo.com assets-us-01.kc-usercontent.com *.googleadservices.com *.gstatic.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.co.il bat.bing.com www.google.com.sg report.artnet.glassboxdigital.io www.google.co.id tag.marinsm.com secure.adnxs.com service.urchin.com region1.google-analytics.com *.adsafeprotected.com images.artnet.com cdnjs.cloudflare.com www.google.ch *.facebook.net cdn.segment.com *.licdn.com www.google.hr www.google.it www.google-analytics.com www.artnet.com cdn-cookieyes.com *.googlesyndication.com fast.fonts.net www.google.com.ph www.google.bg challenges.cloudflare.com *.clarity.ms www.google.co.uk realtime.clinch.co ib.adnxs.com region1.analytics.google.com vc.hotjar.io *.addthis.com ak.sail-horizon.com *.serving-sys.com *.doubleclick.net www.google.be *.facebook.com www.google.com.co www.google.ru pixel-geo.prfct.co *.googleapis.com www.google.pl api.sail-track.com www.google.hu secure.quantserve.com www.google.com.pk www.googletagmanager.com *.adroll.com app.cybba.solutions www.google.com www.google.co.th www.google.lt news.artnet.com pixel.quantserve.com www.google.pt www.google.com.au www.google.ie www.google.com.vn *.cloudfront.net www.google.com.tr www.google.dk www.google.com.hk files2.cybba.solutions www.google.ae www.google.no *.hotjar.com files1.cybba.solutions api.sail-personalize.com www.google.fr www.google.cl c.bing.com *.linkedin.com www.google.com.mx www.google.sk www.googletagservices.com directory.cookieyes.com prreqcroab.icu *.googleadservices.com *.gstatic.com analytics.google.com www.google.com.eg www.google.co.nz www.google.co.za www.google.de www.google.fi www.google.com.ar www.google.co.in www.google.es www.google.com.sv www.google.nl translate.google.com www.google.com.ua adservice.google.com www.google.com.tw rules.quantcount.com cdn.gbqofs.com log.cookieyes.com www.google.com.my www.google.rs www.rtb123.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 script-src 'nonce-lQuytKLUHGe2OLQMACLD7g==' 'strict-dynamic' https: 'unsafe-inline' 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=UELS4b0KSYWm42aVXCSWhghxK7Zc2_UGTnANBzcFH3Mm_YhmbHD7aBdf4c0tURljRu3x&policy_id=9&user_id=&request_id=7e9d9f5a-0ce8-4e52-be95-01b894852e7b; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.indiewire.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: uath9oahyf-dsn.algolia.net www.google.md cdn.blerp.com content.syndigo.com www.smythstoys.com shops-si.trustedshops.com www.google.com.tr www.youtube.com maxcdn.bootstrapcdn.com media.flixfacts.com www.google.ro www.google.ca webp-assets.flix360.io *.doubleclick.net www.google.com.hk www.google.es api.autoaddress.ie eu.klarnaevt.com www.google.pl *.gstatic.com www.usemaxserver.de www.google.com.ua www.google.com.sa region1.google-analytics.com *.googleapis.com api.trustedshops.com cookieaquila.com event.syndigo.cloud *.online-metrix.net cdnjs.cloudflare.com www.googletagmanager.com *.facebook.com v3.xbox-interactive.com availability.loadbee.com smyths.circulator.com *.youtube-nocookie.com www.google.com.br *.hotjar.com cdn.honey.io www.google.co.za www.google.co.nz www.google.com.mx media.flixcar.com www.google.com.eg sdk.woosmap.com dots.bricks.plus widgets.trustedshops.com api.trustbadge.etrusted.com recs.richrelevance.com www.google.ba www.google.de trustbadge.api.etrusted.com i.ytimg.com www.google.lu rt.flix360.com js.stripe.com www.google.se api.woosmap.com *.facebook.net www.google.co.in www.google.nl www.google.com.sg pouch-global-font-assets.s3.eu-central-1.amazonaws.com *.algolianet.com *.onetrust.com www.google.ch www.google.bg www.google.it www.recaptcha.net www.google.dk region1.analytics.google.com www.google.co.uk www.google.at www.google.si assets-jpcust.jwpsrv.com *.bazaarvoice.com www.google.je www.google.cz www.google.li webapp.woosmap.com translate.google.com static-assets.flix360.io www.google.ie www.google.be www.google.ru www.google.co.th www.slant.co www.google.pt www.google.gr image.smythstoys.com prod.flixgvid.flix360.io www.google-analytics.com webapp-conf.woosmap.com analytics.google.com code.jquery.com smyths-ce.circulator.com metrics.hotjar.io *.freshchat.com www.google.fr *.googleadservices.com run-igs.conversity.com vc.hotjar.io static.geetest.com api.geetest.com www.google.com github.com www.google.hu cdn-igs-prd.conversity.com euc-widget.freshworks.com use.typekit.net widget.mondialrelay.com rendering.loadbee.com st-filebanking.igstatic.com images.woosmap.com service.loadbee.com cdn.loadbee.com content.hotjar.io adservice.google.com storage.cloud.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 frame-ancestors 'self' https://www.rferl.org/embed https://www.rferl.org/embed/player https://www.rferl.org/embed/player/0 https://www.rferl.org/embed/player/1 https://www.rferl.org/ext https://www.rferl.org/widget; report-uri https://csp.pangeadigital.io/cspreport 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' bat.bing.com cdn.cookielaw.org code.jquery.com connect.facebook.net data: googleads.g.doubleclick.net js.ipredictive.com platform.instagram.com platform.twitter.com qvdt3feo.com s.yimg.com snap.licdn.com tags.srv.stackadapt.com try.abtasty.com www.googletagmanager.com www.instagram.com cdn.jsdelivr.net; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' agadata.online apis.google.com bat.bing.com cdn.cookielaw.org code.jquery.com colegiodiocesanosantaclara.imtlazarus.com:6443 connect.facebook.net data1.blamap.com get663.com googleads.g.doubleclick.net js.ipredictive.com lf16-tiktok-web.tiktokcdn-us.com nrdcapps.org pixel.byspotify.com platform.instagram.com platform.twitter.com public.tableau.com qvdt3feo.com s.yimg.com sc-static.net snap.licdn.com tags.srv.stackadapt.com translate-pa.googleapis.com translate.google.com translate.googleapis.com try.abtasty.com www.google-analytics.com www.googletagmanager.com www.instagram.com www.nrdcapps.org www.pagespeed-mod.com www.scrible.com www.tiktok.com www.vimeo.com www.youtube.com cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' cdn.honey.io tags.srv.stackadapt.com www.gstatic.com cdn.jsdelivr.net fonts.googleapis.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' blob: cdn.honey.io lf16-tiktok-web.tiktokcdn-us.com nrdcapps.org sf16-website-login.neutral.ttwstatic.com tags.srv.stackadapt.com www.googletagmanager.com www.gstatic.com www.nrdcapps.org www.scrible.com cdn.jsdelivr.net fonts.googleapis.com; worker-src 'self' blob:; frame-ancestors 'self'; report-uri https://nrdc.report-uri.com/r/d/csp/wizard 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com www.recaptcha.net code.highcharts.com www.youtube.com js.hubspot.com www.dropbox.com widget.altrulabs.com www.google.com maps.googleapis.com wt-assets.hubteam.com cdn2.hubspot.net www.redditstatic.com cdn.veritonic.com gosniply.com d.impactradius-event.com test.test.com js.hubspot.com analytics.tiktok.com 'strict-dynamic' 'nonce-4pNyvwC+SnUvoivyuG8QIQ=='; report-uri https://send.hsbrowserreports.com/csp/report; 1 base-uri 'self';script-src 'unsafe-inline' 'unsafe-eval' 'report-sample' 'self' *.alibaba-inc.com *.dingtalk.com *.alicdn.com;frame-src 'self' *.alibaba-inc.com *.dingtalk.com *.alicdn.com;worker-src blob: 'self';object-src 'none';report-uri https://csp.dingtalk.com/csp; 1 script-src 'self' *.edpuzzle.com *.edpuzzle.dev 'unsafe-inline' 'unsafe-eval' latex.codecogs.com service.mtcaptcha.com service2.mtcaptcha.com *.google.com *.googleapis.com *.google-analytics.com *.youtube.com *.ytimg.com *.soundcloud.com *.zendesk.com cdnjs.cloudflare.com *.mxpnl.com *.newrelic.com *.nr-data.net d1htrclywvryi1.cloudfront.net js.stripe.com *.twitter.com *.awswaf.com *.appcues.com; style-src 'self' *.edpuzzle.com 'unsafe-inline' maxcdn.bootstrapcdn.com latex.codecogs.com d1htrclywvryi1.cloudfront.net fonts.googleapis.com *.appcues.com; report-uri /api/v3/violations/csp 1 object-src 'none';base-uri 'self';script-src 'nonce-B0mffAgC48b9-oqlnxNCCA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src 'nonce-Jsf3TVCkE//1yd1471j6sA==' 'strict-dynamic' https: 'unsafe-inline' 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=UELS4b0KSYWm42aVXCSWhghxK7Zc2_UGTnANBzcFH3Mm_YhmbHD7aBdf4c0tURljRu3x&policy_id=9&user_id=&request_id=a6989e07-3fa2-41e5-9a28-4f0e5623c325; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1 block-all-mixed-content; frame-ancestors 'none'; report-uri /global-cgi-bin/csp-report 1 default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://track.buyma.com/csp/report.json 1 script-src 'nonce-jeu6Ja+gBBAComJfU6lOnQ==' 'strict-dynamic' https: 'unsafe-inline' 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=UELS4b0KSYWm42aVXCSWhghxK7Zc2_UGTnANBzcFH3Mm_YhmbHD7aBdf4c0tURljRu3x&policy_id=9&user_id=&request_id=15d0b84f-cf61-4b15-8c8b-e232e24e1ab5; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1 object-src 'none';base-uri 'self';script-src 'nonce-wfEDQo6gLMztoVlGI2-cZA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'none'; style-src 'self'; connect-src 'self'; img-src 'self'; script-src 'self' https://www.google.com/jsapi https://www.googletagmanager.com https://s3.amazonaws.com/downloads.mailchimp.com/js/ https://www.gstatic.com/charts/loader.js https://www.google-analytics.com/analytics.js; font-src 'self'; base-uri 'self'; form-action 'self'; 1 child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.akamaihd.net https://*.translate.naver.net https://www.recaptcha.net https://www.google.com https://*.googlesyndication.com https://www.zenaps.com https://www.youtube.com https://tr.snapchat.com https://tr6.snapchat.com https://www.pinterest.com https://www.pinterest.co.uk https://csxd.contentsquare.net blob: https://app.qubit.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://the.sciencebehindecommerce.com https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://tr.snapchat.com https://ct.pinterest.com https://*.matalan.co.uk https://*.contentsquare.net https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data: https://analytics.tiktok.com https://horizon-api.www.matalan.co.uk https://*.qubit.com https://*.qubitproducts.com https://tr6.snapchat.com https://www.matalan.co.uk/e2/ds/relay https://horizon-api.www.matalan.co.uk/graphql https://*.ingest.sentry.io https://s1.thcdn.com; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://connect.facebook.net https://tr.snapchat.com https://checkout.matalan.co.uk https://www.matalan.co.uk; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.googlesyndication.com https://*.googleapis.com https://www.recaptcha.net https://connect.facebook.net https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://fp.zenaps.com https://www.gstatic.com https://bat.bing.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.dwin1.com https://sc-static.net https://s.pinimg.com https://*.contentsquare.net https://app.contentsquare.com https://*.prod.mplat-ppcprotect.com https://*.lunio.ai https://analytics.tiktok.com https://*.ibytedtos.com https://static.goqubit.com https://*.qubit.com https://tr.snapchat.com https://static.ads-twitter.com https://analytics.twitter.com https://s1.thcdn.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://s1.thcdn.com; upgrade-insecure-requests; report-to report-endpoint; 1 object-src 'none';base-uri 'self';script-src 'nonce-BCG4s1NJkwAtEVbhGQyE0Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self'; script-src https: 'unsafe-inline' www.autotrader.co.za https: 'unsafe-eval' www.googletagservices.com www.googletagmanager.com https://www.googleoptimize.com/ https://js.monitor.azure.com/ *.google-analytics.com https://www.youtube.com/ *.g.doubleclick.net *.google.co.za *.google.com *.googlesyndication.com https://maps.googleapis.com/ https://www.gstatic.com/ www.googleadservices.com https://static.instavid360.com/ https://connect.facebook.net/ *.adsafeprotected.com; style-src https: 'unsafe-inline' www.autotrader.co.za https://accounts.google.com https://fonts.googleapis.com https://static.instavid360.com; connect-src https: www.autotrader.co.za https: data: *.google-analytics.com https://dc.services.visualstudio.com/ *.google.co.za *.google.com *.g.doubleclick.net *.googlesyndication.com https://csi.gstatic.com/ *.ad.doubleclick.net *.googleapis.com https://static.instavid360.com/; img-src https: www.autotrader.co.za img.autotrader.co.za https: data: file: *.google-analytics.com https://www.googletagmanager.com/ *.google.co.za *.google.com *.googlesyndication.com https://static.instavid360.com/ *.g.doubleclick.net *.googleapis.com *.gstatic.com *.autotrader.co.za https://planet42.com/ *.adsafeprotected.com; frame-src https: www.autotrader.co.za https: *.youtube.com *.iono.fm *.google.com *.googlesyndication.com *.autotrader.co.za *.g.doubleclick.net https://www.googleadservices.com/; font-src https: www.autotrader.co.za data: https://fonts.gstatic.com https://cdnjs.cloudflare.com; object-src https: www.autotrader.co.za www.youtube.com www.googletagmanager.com; report-uri https://www.autotrader.co.za/admin/csp-report 1 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/admob_google_com 1 default-src privacyportal-uk.onetrust.com prod.global-fragments-server.green.which.co.uk pagead2.googlesyndication.com cdn-ukwest.onetrust.com geolocation.onetrust.com tpc.googlesyndication.com *.safeframe.googlesyndication.com 'unsafe-inline' 'self' http://localhost:* http://*.which.co.uk https://*.which.co.uk;script-src a.quora.com ajax.googleapis.com bat.bing.com c.amazon-adsystem.com cdn-magiclinks.trackonomics.net cdn-ukwest.onetrust.com cdn.amplitude.com cdn.jsdelivr.net connect.facebook.net ct.pinterest.com cdn.growthbook.io googleads.g.doubleclick.net manifest.prod.boltdns.net maps.googleapis.com pagead2.googlesyndication.com platform.twitter.com player.captivate.fm players.brightcove.net prod.global-fragments-server.green.which.co.uk public.flourish.studio pym.nprapps.org region1.google-analytics.com s.pinimg.com siteintercept.qualtrics.com static-ssl.responsetap.com static.ads-twitter.com static.digidip.net t.contentsquare.net tpc.googlesyndication.com track.omguk.com which.resultspage.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com yksbw1yr.micpn.com zeta-live.getsquirrel.co znbiyguoobqgm5gwu-which.siteintercept.qualtrics.com 'unsafe-inline' 'self' http://localhost:* http://*.which.co.uk https://*.which.co.uk;style-src aaf1a18515da0e792f78-c27fdabe952dfc357fe25ebf5c8897ee.ssl.cf5.rackcdn.com cdn.jsdelivr.net flo.uri.sh fonts.googleapis.com pagead2.googlesyndication.com player.captivate.fm public.flourish.studio service.force.com zeta-live.getsquirrel.co which.resultspage.com 'unsafe-inline' 'self' http://localhost:* http://*.which.co.uk https://*.which.co.uk;font-src fonts-which-co-uk.s3.amazonaws.com player.captivate.fm public.flourish.studio 'unsafe-inline' 'self' http://localhost:* http://*.which.co.uk https://*.which.co.uk;img-src abs-0.twimg.com ad.doubleclick.net ade.googlesyndication.com adservice.google.com alb.reddit.com analytics.twitter.com artwork.captivate.fm c.contentsquare.net cdn-ukwest.onetrust.com cf-images.eu-west-1.prod.boltdns.net ct.pinterest.com googleads.g.doubleclick.net house-fastly-signed-eu-west-1-prod.brightcovecdn.com maps.gstatic.com media.which.gpp.io metrics.brightcove.com pagead2.googlesyndication.com pbs.twimg.com q.quora.com s3-eu-west-1.amazonaws.com securepubads.g.doubleclick.net siteintercept.qualtrics.com storage.googleapis.com syndication.twitter.com t.co tpc.googlesyndication.com trx-hub.com www.facebook.com www.google-analytics.com www.google.co.uk www.google.com yksbw1yr.micpn.com 'unsafe-inline' 'self' http://localhost:* http://*.which.co.uk https://*.which.co.uk;report-uri https://xaln7hk625.execute-api.eu-west-1.amazonaws.com/dev;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests 1 object-src 'none';base-uri 'self';script-src 'nonce-dKdBQeYTnZaRP2W3wEV3Rg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src 'nonce-B/xgFzFaOxH59PiVHJMrxg==' 'strict-dynamic' 'unsafe-eval' 'report-sample' https: 'unsafe-inline'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=ATxyXgAUlgIzeBaNN9cDcwbjdBoDS4jgsZMlGPKfLsC0CRGrdd9DMbtItj92EEF29vM=&policy_id=10&user_id=&request_id=7c4bd99e-1ed6-4af2-944d-815f792ff2dd; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1 default-src 'none'; script-src 'self' 'unsafe-inline' https://stats.nextcloud.com/matomo.php; connect-src 'self'; img-src 'self' data:; style-src 'unsafe-inline' 'self'; font-src 'self'; 1 default-src https: wss: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self'; report-uri /_/csp-reports 1 frame-ancestors 'self';object-src 'none';base-uri 'self';script-src 'report-sample' https: 'unsafe-inline' 'strict-dynamic' 'sha256-wDkOnY488UsdiT+Fni3PAYzYjaXqcMGJsemH5GvnTDE=' 'sha256-rJATSt4y9u4DD1vTWmVexUSWQwIgmPqqfXxs/aUSr1I=' 'sha256-EhG/h/RqHxTHE7up89blJbhWNGWdDgROL67iVto2piQ=' 'sha256-kxfWe5OS4NAeYgfcNsuaY1cqEa9FV67g1vjbOGu7Y+Q=' 'sha256-nxsTPGYtXicaLyqwC5xNSD8PdOE1Mc+Cq6sgK05rQUw=' 'sha256-oaiCapPjmT7wMN1TvrBYUpebwSRt0NgQX1Xu3Mtdr4I=' 'sha256-h18SiwKGFe6uWD2EHFG/wkn9hafrG73g5cTlEnz7GRI=' 'sha256-e6bJMyDCSUArnIYF4T2j5w1UqSyEBXC8i+MXm8HMiDo=' 'sha256-PRfegXguBO2Oatw1u1fQHoqrbo0tOJ4qWkLTEU8sejk=' 'sha256-TXPonBn5Vz0zR6Rhpul9fhbBfKuuaT5760ubt7ioIZo=' 'sha256-3W3ld418IUyygnxHEzvzSv6cjeiK10LaJR7TZ66sudA=' 'sha256-w6kYlSs5rSjBtyKZ5CA2z9mUMtKvb7cQ75YiBTmc8PY=' 'sha256-dur4S5t95gfov1mpJRjHLz4x/bcEIRPaO4iuVMDvxPc=' 'sha256-ldhPRoKk5sTmu3Z2PL/tEXh2Ki+WrbpELGYuStvbgeE=' 'sha256-7j+ktp8zupCsiD+qbiE79uQjfW6eH3tzJNE0aWdg544=' 'sha256-ETcRmW/ruecMJbHeGUmfCtZt2kXlUFgfhDAtaVNB2z8=' 'sha256-PyB/0DGBJpGCxldqb98HZ/wx7WZ/nq3qtcz54oiXCII=' 'sha256-hbulnH99q9aU1bphjo9D7QZUmURa9lWnBI1s6E7w4j0=';worker-src blob:;report-uri https://browser-intake-datadoghq.eu/api/v2/logs?dd-api-key=pubc504e1394818288959b4d64fb38efebe&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service%3Awolt.com%2Cversion%3A1.10.184-PR11220-PR11923 1 default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com 'unsafe-eval' 'nonce-da4a3e0e04ee674c2bc2a1641395760f' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1 object-src 'none';base-uri 'self';script-src 'nonce-O5NhEMQ-8obyb5UpK86Lnw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 frame-ancestors 'self'; report-uri https://www.dailytelegraph.com.au/csp-reports 1 frame-ancestors 'self'; report-uri https://www.heraldsun.com.au/csp-reports 1 default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.addthis.com *.akamai.net *.convertexperiments.com *.flickr.com *.hotjar.com *.google.com *.sierraclub.org *.twitter.com cdn.ampproject.org cdn.hypemarks.com cdn.jsdelivr.net cdn.optimizely.com connect.facebook.net google-analytics.com google.com googletagmanager.com instagram.com js.maxmind.com maps.googleapis.com partner.googleadservices.com pixel.sitescout.com public.tableau.com reddit.com scribd.com snap.licdn.com unpkg.com v1.addthisedge.com widgets.pinterest.com z.moatads.com; object-src 'self'; style-src 'self' 'unsafe-inline' https: *.sierraclub.org cdn.honey.io cdn.jsdelivr.net cdn.knightlab.com cdnjs.cloudflare.com cloud.typography.com *.hotjar.com fonts.googleapis.com google.com pro.fontawesome.com; img-src * 'unsafe-inline' blob: data: https:; media-src 'self' data:; frame-src 'self' https: *.addthis.com *.doubleclick.net *.fls.doubleclick.net *.ggusd.us *.google.com *.hotjar.com *.optimizely.com *.s3.amazonaws.com *.sierraclub.org *.stpsb.org *.twitter.com block.opendns.com blocked.goguardian.com calendar.google.com cdn.bannersnack.com ckreport.lisd.net clubvolunteer.org facebook.com funnyordie.com gateway.zscalertwo.net global.acs.prismaaccess.com googletagmanager.com instagram.com m.facebook.com maphub.net meetup.com mozbar.moz.com player.vimeo.com public.tableau.com quorum.us rcm-na.amazon-adsystem.com s7.addthis.com spur.maps.arcgis.com static.contextall.com trustpoint-lax.northcentraltrust.com vpn.myips.org web.facebook.com youtube-nocookie.com youtube.com driveelectricweek.org; frame-ancestors 'self' https: blob: sierraclub.org driveelectricweek.org; child-src 'self' https: blob: sierraclub.org driveelectricweek.org; font-src 'self' data: https: *.sierraclub.org at.alicdn.com cdn.honey.io cdn.jsdelivr.net *.hotjar.com fonts.gstatic.com pro.fontawesome.com slant.co; connect-src 'self' https: *.doubleclick.net *.google-analytics.com *.google.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.optimizely.com *.sierraclub.org cdn.linkedin.oribi.io csp.withgoogle.com facebook.com geoip-js.com google-analytics.com googletagmanager.com logx.optimizely.com maps.googleapis.com sharethis.com secure.geonames.org stats.g.doubleclick.net *.osano.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 base-uri 'self'; media-src 'none'; object-src 'none'; manifest-src 'self'; script-src 'sha256-0xPaOpwFfM3aqpzWhRLH6Lw8GAR46wT4tujniyVGGYw=' 'sha256-lbWM7/U4ppgy+gQKeJh0LX1MGZ7Akz91KhU2p3OhXic=' 'sha256-wODu+VfY8ND+vPVOUkzkfC/1jpkO6aSN5rGEBoSdnys=' 'self' https://*.content.powerapps.com https://*.static.powerapps.com https://*.cdn.office.net; report-uri https://csp.microsoft.com/report/PowerAutomate-MakerPortal; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: stackpath.bootstrapcdn.com www.safaricom.co.ke *.googleapis.com www.googletagmanager.com *.doubleclick.net live.mystocks.co.ke www.google.no www.google-analytics.com *.facebook.net *.gstatic.com translate.google.com www.google.com ir.nse.co.ke cdnjs.cloudflare.com worldtimeapi.org cdn.jsdelivr.net www.google.ie www.google.co.ke analytics.google.com *.facebook.com region1.analytics.google.com unpkg.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdnjs.cloudflare.com cdn.datatables.net www.google.com cdn.jsdelivr.net *.gstatic.com *.moe.gov.my *.googleapis.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 object-src 'none';base-uri 'self';script-src 'nonce-80mBIlw_rB9TcdRnzyzqqA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 string 1 script-src 'unsafe-inline' https: 'nonce-q7Ckp8r28QeQ0StiyRAttA==' 'strict-dynamic' 'report-sample'; object-src 'none'; base-uri 'none'; report-to user-promo; report-uri https://yoomoney.ru/user-promo/platform/report-csp; 1 font-src https://cdnjs.cloudflare.com/ https://static.sizebay.technology/ https://cdn.havan.com.br/ https://fonts.gstatic.com/ *.fontawesome.com *.alothemes.com *.magepow.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://www.facebook.com/ 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.weltpixel.com https://targeting.voxus.tv/ https://us.creativecdn.com/ https://consentcdn.cookiebot.com/ https://vars.hotjar.com/ https://www.googletagmanager.com/ https://bid.g.doubleclick.net/ https://www.googletagmanager.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io cdn.mundipagg.com api.pagar.me https://cx.atdmt.com/* https://yv-misc.s3.amazonaws.com/customers/havan/azul.jpg https://secure.adnxs.com https://selo.clearsale.com.br/ http://www.paypal.com/ http://www.paypalobjects.com/ http://www.facebook.com/ http://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.google.com.br/ https://www.havan.com.br/ https://bat.bing.com/ https://newimgebit-a.akamaihd.net/ https://cliente.havan.com.br/ https://device.clearsale.com.br/ https://cdn.havan.com.br/ https://ct.pinterest.com/ https://c.clarity.ms/ https://c.bing.com/ https://vlibras.gov.br/ https://cdn.jsdelivr.net/ http://www.google-analytics.com/ https://www.googleadservices.com/ *.alothemes.com *.magepow.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com http://www.vimeo.com/ www.vimeo.com *.vimeocdn.com http://www.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ apis.google.com https://cdn.targeting.voxus.com.br/ https://targeting.voxus.com.br/ https://api.pushio.com/ https://www.googleoptimize.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://consent.cookiebot.com/ http://www.google-analytics.com/ http://www.googleadservices.com/ https://maps.googleapis.com/ https://www.i-goal.com.br/ https://static.i-goal.com.br/ http://static.hotjar.com/ https://script.hotjar.com/ http://bat.bing.com/ https://googleads.g.doubleclick.net/ https://analytics.tiktok.com/ http://www.paypal.com/ http://www.sandbox.paypal.com/ http://www.paypalobjects.com http://www.facebook.com/ https://js-agent.newrelic.com/ https://static.sizebay.technology/ https://bam-cell.nr-data.net/ https://cliente.havan.com.br/ https://maps.google.com/ http://ajax.googleapis.com/ https://www.gstatic.com/ https://device.clearsale.com.br/ *.google.com https://static.zenvia.com/ https://bam.nr-data.net/ https://s.pinimg.com/ https://www.clarity.ms/ https://h.clarity.ms/ https://a.clarity.ms/ https://i.clarity.ms/ https://connect.facebook.net https://plugin.handtalk.me/ https://vlibras.gov.br/ https://cdn.jsdelivr.net/ *.avada.io *.alothemes.com *.magepow.com https://cdnjs.cloudflare.com https://polyfill.io *.hsforms.net *.hsforms.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com http://cdn.jsdelivr.net/ http://cdnjs.cloudflare.com/ https://static.sizebay.technology/ https://cdn.havan.com.br/ https://fonts.googleapis.com/ *.fontawesome.com *.alothemes.com *.magepow.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com api.mundipagg.com api.pagar.me https://targeting.voxus.com.br/v/ https://targeting.voxus.tv/ https://api.voxus.tv/ https://api.ipify.org/ https://logs-01.loggly.com/ https://analytics.tiktok.com/ https://stats.g.doubleclick.net/ *.google-analytics.com http://www.facebook.com/ https://bam-cell.nr-data.net/ https://cliente.havan.com.br/ https://vfr-v3-production.sizebay.technology/ https://viacep.com.br/ https://vc.hotjar.io/ https://analytics.google.com/ https://ct.pinterest.com/ https://h.clarity.ms/ https://bam.nr-data.net/ https://a.clarity.ms/ http://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com https://cdnjs.cloudflare.com https://polyfill.io t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src * data: ; script-src * 'unsafe-inline' 'unsafe-eval' ; style-src * 'unsafe-inline' data: ; frame-ancestors 'none'; report-uri /csp-violation-report-endpoint/ 1 object-src 'none';base-uri 'self';script-src 'nonce-5hADDfGuy07i_5Kna6dssA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.doubleclick.net www.google.co.uk cdn.bizibly.com *.adroll.com www.google.com.co region1.analytics.google.com b.6sc.co *.googleapis.com www.googletagmanager.com www.google.com.mx www.google.co.za www.google.de www.google.se *.gstatic.com www.google.co.id www.google.com.eg www.google.co.il www.google.com.gh cdn.cookielaw.org www.google.fr www.google.com www.google.nl edge.fullstory.com cdn.bizible.com www.youtube.com www.google.com.et imperva.containers.piwik.pro *.imperva.com adservice.google.com j.6sc.co www.google.com.sg www.google.es www.google.it www.google.co.ke www.google-analytics.com www.brighttalk.com munchkin.marketo.net c.6sc.co www.google.com.bd *.optimizely.com www.google.com.hk www.google.co.in www.google.co.jp www.google.co.kr www.google.com.ua www.google.ie www.google.com.vn gc.kis.v2.scr.kaspersky-labs.com www.google.lk www.google.ca bam.nr-data.net imperva.piwik.pro www.google.com.tr www.google.com.my www.google.ae jscloud.net secure.gravatar.com www.google.com.tw www.google.com.sa www.google.com.np www.google.pl www.google.com.ng www.google.com.pk ipv6.6sc.co rs.fullstory.com *.mktoresp.com analytics.google.com js-agent.newrelic.com *.onetrust.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 script-src 'nonce-AaaEvtjocyyxTivExR0Yzw==' 'strict-dynamic' 'unsafe-inline' https: 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=nmx3WpvHy39Y73ygpEyvkYFVF5ux_cHpLRaACtFTpPZqJqCuDG9QCSS3q2Qx-Ju-8U7skEIr3MPb0GH2GdkAPSLLSw==&policy_id=45&user_id=&request_id=fb48657d-513d-4a3e-97ad-eb81766f6d60; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/; frame-ancestors 'none' 1 default-src 'none'; connect-src 'self' https://appservices.wwnorton.com; frame-ancestors 'self'; font-src 'self' https://fonts.googleapis.com; style-src 'self' https://cloud.typography.com https://dsbst55b1909i.cloudfront.net; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://code.jquery.com https://static.wwnorton.com https://storage.googleapis.com; img-src 'self' https://www.google-analytics.com https://appservices.wwnorton.com https://cdn.wwnorton.com https://diqp43fm0w6zs.cloudfront.net https://stats.g.doubleclick.net; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: paydock.as1.gpayments.net www.google.co.uk rapid-cdn.yottaa.com *.facebook.net www.google-analytics.com region1.google-analytics.com qoe-1.yottaa.net *.paypal.com api.paydock.com dc.oracleinfinity.io unpkg.com www.securesuite.co.uk consumer.truefitcorp.com druidbotservice.prod.druidprod.a-kmtkmg.net www.myregistry.com ui-widgets.preezie.io www.google.com.sg staticw2.yotpo.com *.azureedge.net *.facebook.com *.opendns.com *.windows.net *.doubleclick.net analytics.pangle-ads.com cdn.honey.io *.tealiumiq.com druidapc.prod.druidprod.a-kmtkmg.net www.google.com.au kmartau.mo.cloudinary.net respondent.survicate.com *.kmart.com.au www.google.com.vn *.pinterest.com ssl.google-analytics.com embed.salefinder.com.au *.cloudfront.net maxblockpage.service.anz *.optimizely.com www.google.ie www.youtube.com developers.google.com *.snapchat.com *.googleadservices.com i.ebayimg.com cdn-yotpo-images-production.yotpo.com applepay.cdn-apple.com www.google.co.th zip-co-media.s3.ap-southeast-2.amazonaws.com *.googleapis.com www.google.co.za cdn.truefitcorp.com analytics.google.com www.google.co.nz geoissuer.cardinalcommerce.com *.flashtalking.com www.paypalobjects.com www.slant.co druidapi.prod.druidprod.a-kmtkmg.net seoab.io cdn.scite.ai use.typekit.net cnstrc.com surveys-static.survicate.com survey.survicate.com c.oracleinfinity.io yotpo-stool.s3.amazonaws.com cdn.blerp.com cdn-quick-ar.threedy.ai www.google.com.tw www.google.com www.google.com.my *.gstatic.com bat.bing.com www.google.co.in www.googletagmanager.com js-agent.newrelic.com ac.cnstrc.com sc-static.net www.google.com.bd p.yotpo.com media.littlebirdie.com.au translate.google.com cloud.shopback.com api-widgets.preezie.io kma-cdn.truefitcorp.com *.tiktok.com *.fastly.net s.catch.com.au redmarket.online lh3.ggpht.com secure7.arcot.com *.googlesyndication.com gateway.zscalerone.net widget.paydock.com kmart.com.au widget-cdn.preezie.com session-replay.browser-intake-datadoghq.com www.google.ca www.rsa3dsauth.co.uk databridge.tdbtrk.com gateway.zscloud.net *.pinimg.com embed.salefinder.co.nz quick-ar.threedy.ai api.yotpo.com prod-api-v1-widgets.azurewebsites.net rum.browser-intake-datadoghq.com prod-fn-analytics.azurewebsites.net images.ctfassets.net bam.nr-data.net *.xg4ken.com shopping.qantas.com api-cdn.yotpo.com adservice.google.com js.hcaptcha.com accounts.google.com webservice.salefinder.com.au www.google.com.pg www.google.cn ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 script-src 'unsafe-inline' https:; object-src 'none'; base-uri 'none'; 1 object-src 'none';base-uri 'self';script-src 'nonce-EPJz0s538xwVF2GWieHbIA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src https: 'self'; script-src 'self' 'self' 'unsafe-inline' *.galxe.com *.galxestatic.com sentry.io *.sentry-cdn.com *.google-analytics.com; connect-src data: galxe.com sentry.io *.galxe.com *.galaxy.eco *.ingest.sentry.io *.google-analytics.com *.particle.network *.intercom.io; img-src 'self' https: data: *.glaxe.com *.galxestatic.com *.cloudfront.net *.google-analytics.com; style-src 'self' 'unsafe-inline' *.glaxe.com *.galxestatic.com *.particle.network *.googleapis.com cdn.jsdelivr.net at.alicdn.com; frame-ancestors 'none'; font-src 'self' data: *.gstatic.com *.googleapis.com cdn.jsdelivr.net *.galxestatic.com at.alicdn.com 1 frame-src https://www.google.com; font-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://img6.wsimg.com; style-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://www.gstatic.com; report-uri https://sentry.brandsight.com/api/25/security/?sentry_key=d2a6cc459b0c48dd91884e7063bbddb4 script-src 'self' https://cdnjs.cloudflare.com https://www.googletagmanager.com https://js.hs-scripts.com https://tags.tiqcdn.com https://snap.licdn.com https://www.google.com https://www.gstatic.com https://www.googleadservices.com https://www.google-analytics.com https://js.hs-analytics.net https://js.hs-banner.com 'sha256-0GmZYAqaqzetS+w1EyLdzTxUer98JQtlleth+bhMzm4=' 'sha256-h4kRXx7uh9BDCM48lIeC8OTw0+lUQIlD+u3Rsxo8ixg='; 1 base-uri 'self'; connect-src 'self' analytics.google.com https://*.doubleclick.net checkout.stripe.com *.clockify.me *.cake.com *.pumble.com bat.bing.com maps.googleapis.com https://*.clarity.ms https://clockify.zendesk.com https://ekr.zdassets.com https://widget-mediator.zopim.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com www.google.com pagead2.googlesyndication.com wss://widget-mediator.zopim.com wss://*.clockify.me; default-src 'self'; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com; frame-src 'self' clockify.me *.clockify.me *.cake.com *.pumble.com js.stripe.com checkout.stripe.com www.google.com https://www.youtube-nocookie.com https://www.youtube.com https://*.doubleclick.net; img-src 'self' blob: https: data:; manifest-src 'self'; media-src 'self' https://static.zdassets.com; object-src 'none'; report-uri https://agz4hm07.uriports.com/reports/report; report-to default; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' https://*.doubleclick.net https://js.stripe.com *.clockify.me *.pumble.com checkout.stripe.com bat.bing.com https://maps.googleapis.com https://www.clarity.ms https://www.googleadservices.com www.google-analytics.com https://code.jquery.com https://static.zdassets.com www.google.com https://ajax.googleapis.com https://*.googletagmanager.com https://www.gstatic.com www.youtube.com; style-src 'report-sample' 'self' 'unsafe-inline' https://fonts.googleapis.com; worker-src blob:; 1 default-src 'self'; connect-src https:; font-src 'self' data: cms.zdv.uni-mainz.de cms-cdn.zdv.uni-mainz.de; img-src blob: data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' cms.zdv.uni-mainz.de cms-cdn.zdv.uni-mainz.de; style-src 'self' 'unsafe-inline' cms.zdv.uni-mainz.de cms-cdn.zdv.uni-mainz.de; worker-src 'self' blob:; 1 default-src https:; script-src 'self' 1 default-src 'self' data: blob: *.ulikecam.com *.snssdk.com;script-src data: blob: 'unsafe-inline' 'unsafe-eval' *.pstatp.com *.douyinstatic.com *.huoshanstatic.com *.bytetos.com *.bytecdn.cn *.snssdk.com *.qq.com *.ulikecam.com *.jsdelivr.net *.bytedance.net *.bytednsdoc.com *.bytescm.com *.bytegoofy.com *.yhgfb-cn-static.com *.ibytedapm.com;script-src-elem data: blob: 'unsafe-inline' 'unsafe-eval' *.pstatp.com *.douyinstatic.com *.huoshanstatic.com *.bytetos.com *.bytecdn.cn *.snssdk.com *.bootcss.com *.qq.com *.ulikecam.com *.jsdelivr.net *.bytedance.net *.bytednsdoc.com *.bytescm.com *.bytegoofy.com *.yhgfb-cn-static.com *.ibytedapm.com;frame-ancestors *.ulikecam.com;frame-src bytedance:;media-src *.bytecdn.cn *.365yg.com *.ixigua.com *.pstatp.com *.douyinstatic.com *.huoshanstatic.com *.bytetos.com *.bytescm.com;style-src 'unsafe-inline' *.pstatp.com *.douyinstatic.com *.huoshanstatic.com *.bytetos.com *.bytecdn.cn;connect-src *.snssdk.com *.bytedance.net *.ulikecam.com *.pstatp.com *.douyinstatic.com *.huoshanstatic.com *.bytetos.com *.bytedance.com safe.usergrowth.com.cn *.zijieapi.com;img-src *.pstatp.com *.douyinstatic.com *.huoshanstatic.com *.bytetos.com *.qq.com *.bytecdn.cn data: *.byteimg.com *.bytedance.net *.ulikecam.com *.gstatic.com android-webview-video-poster *.bytednsdoc.com *.bytescm.com *byteacctimg.com *.bytecdn.com;font-src data: *.byted.org *.alicdn.com *.gstatic.com;report-uri https://i.snssdk.com/log/sentry/v2/api/slardar/main/?ev_type=csp&bid=ulike_activity 1 object-src 'none';base-uri 'self';script-src 'nonce-TyAnMh7sNlV2LzO_6Hltew' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.facebook.com www.googletagmanager.com *.imss.gob.mx *.doubleclick.net www.google.com.mx gc.kis.v2.scr.kaspersky-labs.com www.google.com.gt bam.nr-data.net js-agent.newrelic.com www.youtube.com translate.google.com framework-gb.cdn.gob.mx www.google.com.co www.google.es www.google.ca ff.kis.v2.scr.kaspersky-labs.com analytics.google.com www.google.co.ve www.google.com.do www.google.co.cr *.gstatic.com www.google.com.bo region1.analytics.google.com *.facebook.net www.google.com www.google.com.ar ssl.google-analytics.com cdnjs.cloudflare.com code.jquery.com ff.kes.v2.scr.kaspersky-labs.com www.google.com.pe *.googleapis.com www.google.com.ec www.google.cl me.kis.v2.scr.kaspersky-labs.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.co.il www.google.md bat.bing.com *.moneygram.com analytics.pangle-ads.com www.google.co.ve *.tiktok.com www.google.com.jm www.google.al sdk.onfido.com www.google.gy www.google.com.ec *.snapchat.com consent.trustarc.com maxcdn.bootstrapcdn.com c0.adalyser.com websdk.appsflyer.com www.google.com.ph *.emjcd.com k-us1.az.contentsquare.net www.google.com.co consent-pref.trustarc.com *.doubleclick.net up.pixel.ad *.clarity.ms www.google.es *.googleapis.com s.yimg.com www.google.pl tr.silverpush.co tags.rd.linksynergy.com www.google.tt *.gstatic.com www.google.com.ua www.google.com.sa region1.google-analytics.com moneygram.vc.hr www.google.co.ma logs-01.loggly.com www.google.com.ng www.google.com.pk www.google.com.lb www.google.ro www.google.ca www.google.com.bo www.googletagmanager.com www.google.jo www.google.com.gh *.facebook.com www.google.mu *.adsrvr.org *.salesforceliveagent.com www.google.com.tr cdn.appsflyer.com cdn.honey.io www.google.co.za wa.onelink.me www.tp88trk.com asset.gomoxie.solutions www.google.com.mx www.google.cd www.google.com.br www.google.co.nz www.google.hn www.google.com.eg srm.af.contentsquare.net www.google.com.ni digitalfeedback.us.confirmit.com www.google.com sp.analytics.yahoo.com app.upsellit.com www.google.de static.rakuten.com impressions.onelink.me utt.impactcdn.com *.sitescout.com l.contentsquare.net q-us1.az.contentsquare.net s3.amazonaws.com www.google.com.ar *.facebook.net api.onfido.com www.google.co.jp gc.kis.v2.scr.kaspersky-labs.com www.google.co.in www.google.nl c.az.contentsquare.net www.google.co.cr www.google.com.qa www.ojrq.net www.google.se moneygram-intl.ingeniuxondemand.com www.google.com.my www.google.rs www.google.iq ads.nextdoor.com hosted.where2getit.com centinelapi.cardinalcommerce.com www.google.ch www.google.it www.google.co.id region1.analytics.google.com www.google-analytics.com www.google.at cdnjs.cloudflare.com www.upsellit.com six.cdn-net.com events.launchdarkly.com www.google.be songbird.cardinalcommerce.com www.google.com.mm www.google.com.bd www.google.com.sv banner.appsflyer.com www.google.co.uk analytics.google.com *.dotomi.com www.google.pt events-moneygram.gomoxie.solutions flask.nextdoor.com d.turn.com www.google.gr www.google.co.th includes.ccdc02.com www.google.cz www.google.com.au www.google.ie www.google.com.vn www.google.no www.google.ae www.google.bg www.google.ci www.google.com.pr www.google.co.ke www.google.com.kh *.wlp-acs.com www.google.tn www.google.com.pe t.contentsquare.net www.google.com.gt intljs.rmtag.com www.google.bj www.google.cl www.google.fr *.googleadservices.com pix.pub kg668dbov0.execute-api.us-east-1.amazonaws.com *.licdn.com writer.cardinalcommerce.com app.launchdarkly.com nkys7k94ig.execute-api.us-east-2.amazonaws.com www.google.com.np sc-static.net geo.cardinalcommerce.com config1.veinteractive.com www.google.hu creatives-cdn.appsflyer.com *.linkedin.com www.google.sn smct.co *.pxf.io wa.appsflyer.com location.gomoxie.solutions www.google.ge www.google.com.do receiver.neuroid.cloud adservice.google.com www.google.cm ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors *.unionesarda.it; report-uri /csp-report 1 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data:; 1 default-src 'self' https:; object-src 'none'; img-src 'self' https: blob: data:; font-src 'self' https: data:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https: wss:; report-uri https://buildkite.report-uri.com/r/d/csp/reportOnly 1 default-src *; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src *; style-src 'unsafe-inline' *; report-uri https://prod-us-west-2.csp-report.marketing.aws.dev/submit 1 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://hollywoodlife.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1 connect-src 'self' https: 'unsafe-eval' https://*.zoom.us wss://zpns.zoom.us wss://widget-mediator.zopim.com; default-src 'self' https:; font-src 'self' https: data: data: source.zoom.us; img-src 'self' https: data: blob: *.zoom.us https://v2assets.zopim.io https://static.zdassets.com; media-src 'self' https: *.zoom.us; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob: http://zoom.us *.zoom.us; style-src 'self' https: 'unsafe-inline'; worker-src 'self' https: blob:; report-uri /csp-report 1 default-src 'self' 'unsafe-inline' data: https://*.wwu.edu https://*.blueconic.net https://*.siteimproveanalytics.io https://siteimproveanalytics.com https://*.siteimproveanalytics.com https://*.google-analytics.com https://*.googleadservices.com https://*.googlesyndication.com https://*.youtube.com https://*.technolutions.net https://*.tableau.com https://*.googleusercontent.com https://*.vimeo.com https://*.vimeocdn.com https://*.windows.net https://*.github.io https://*.googletagmanager.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.bing.com https://*.clarity.ms https://*.oribi.io https://*.linkedin.com https://*.licdn.com https://*.gstatic.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; report-uri https://www.wwu.edu/report-uri/reportOnly 1 default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self';report-uri /csp.php 1 default-src 'self'; script-src 'self' 'sha256-6vmNTbfgubexXPiaZdcqfKCk+vKBe9cfsKsAciXQtMg=' 'sha256-r1aYSsDn5Btub+zo7XZr6P3ZhmNyYTvHf/yjmzIpxT8=' 'sha256-aqdvQaQU9tkorRhtgHldablGaB5SI/SwbLemAOKE7Yo=' 'sha256-Vxv+qm8gMYYzbp7hSMakF5Q81e7GDj/Z5HZYT4ekhho=' 'sha256-uBpmtDakUPHISUCFtaVC869LxTI53EPQREvqhqlxGVU=' 'sha256-h8bC9y2R69GO3nntfTAfOohrJdzeOS7slDdbOSULEJo=' 'sha256-isqZ0Q9pUWxBIyLN3u9Y3hy3MuWSJMoiNKT/nB5AbP8=' 'sha256-E+9KuTkZkFIuiN69g5Y/rS1KDaDR2Wsfoq7Eetly00k=' 'sha256-4A71+eBTUzk+eqeYnEVcDQgmfqADEcilqeQIAiwyPj8=' 'sha256-Ft85708B4GnIXzdTu8nxvQbyFHRn0yYy/8Sa3eDtv38=' 'sha256-IQuu99eybyUVQl8tdKPujuMVZMAtiHk2XPu15i9EH4A=' https://*.google-analytics.com/analytics.js https://cdncache-a.akamaihd.net/sub/b156ae9/98002/l.js https://www.youtube.com https://www.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/picturefill/3.0.2/picturefill.min.js https://*.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://www.youtube.com/iframe_api https://www2.osfound.org/shorten https://connect.facebook.net https://public.flourish.studio/resources/embed.js; style-src 'unsafe-inline' 'self'; object-src 'self' https://video.ted.com; base-uri 'self' https://www.youtube.com; connect-src 'self' https://www.googletagmanager.com https://*.google-analytics.com https://*.ingest.sentry.io https://cdn.plyr.io https://translate.googleapis.com; font-src 'self' https: data:; frame-src 'self' https://www.youtube.com https://w.soundcloud.com https://www.facebook.com https://player.vimeo.com https://flo.uri.sh; img-src 'self' https://i.ytimg.com https://opensocietyfoundations.imgix.net https://*.google-analytics.com https: data:; manifest-src 'self'; media-src 'self'; report-uri https://opensociety.report-uri.com/r/d/csp/reportOnly; worker-src 'none'; 1 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.artnews.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1 default-src 'self'; script-src 'nonce-TJCl2v4h1i1fTdnULWBogw==' 'strict-dynamic' https: 'unsafe-inline'; style-src 'self' 'unsafe-inline' blob: https://app.getbeamer.com https://assets.openlearning.com https://*.ssl.cf4.rackcdn.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.openlearning.com https://oluploadslive.blob.core.windows.net https://front-us-rest.ably.io https://api.amplitude.com https://api.hubapi.com https://api.hubspot.com https://api.ipify.org https://backend.getbeamer.com https://chat.frontapp.com https://www.facebook.com https://find.userpilot.io https://forms.hubspot.com https://iframe.ly https://in.hotjar.com https://learningtime.servicebus.windows.net https://pythonutilityfunctions.azurewebsites.net https://sentry.io https://stats.g.doubleclick.net https://us-west-1-chat-server.frontapp.com https://vc.hotjar.io https://www.google-analytics.com https://pagead2.googlesyndication.com https://static.userguiding.com https://metrics.userguiding.com wss://analytex.userpilot.io wss://front-us-realtime.ably.io wss://*.openlearning.com; font-src 'self' data: https://*.ssl.cf4.rackcdn.com https://assets.openlearning.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; frame-src 'self' https:; img-src 'self' data: blob: https:; manifest-src 'self' https://*.ssl.cf4.rackcdn.com; media-src 'self' https://dev-uploads.openlearning.com https://uploads.openlearning.com https://qencode.blob.core.windows.net; worker-src 'none'; child-src blob:; 1 default-src 'none'; connect-src 'self' *.yimg.com https://www.google-analytics.com *.yahoo.com *.doubleclick.net; font-src 'self' *.bootstrapcdn.com; frame-src 'self' *.soundcloud.com *.twitter.com; img-src 'self' data: *.yimg.com https://www.google-analytics.com *.yahoo.com https://www.google.com/ads/ga-audiences *.pendo.io *.twitter.com *.twimg.com; script-src 'self' 'nonce-hf7MWoPVl3zqrVekXsZKjA==' *.yimg.com https://www.google-analytics.com https://ssl.google-analytics.com *.github.com/flurrydev/ *.pendo.io *.twitter.com *.twimg.com; style-src 'self' 'unsafe-inline' *.yimg.com *.twitter.com *.twimg.com https://github.githubassets.com/assets/ *.bootstrapcdn.com; report-uri /csp-report 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.chatbot.com www.google.com.br cdn.menardc.com cdn-gateflipp.flippback.com *.googleapis.com cdn-video.menardc.com services.sdiapi.com *.gstatic.com *.cloudfront.net a.wishabi.com region1.google-analytics.com i.ytimg.com cdn.plyr.io get663.com *.menards.com www.google.com api.fillr.com aq.flippenterprise.net *.facebook.net www.google.co.in www.google.de translate.google.com p.flipp.com multi-item-broker.flippback.com salsify-ecdn.com gong-gc.qubit.com tally-1.qubitproducts.com cdn.flippenterprise.net sp.menardc.com orca.qubitproducts.com f.wishabi.net reports.sdiapi.com a40.usablenet.com lh3.ggpht.com www.google.ca api.qubit.com hw.menardc.com stash.qubitproducts.com recs.qubit.com fonts.cdnfonts.com www.google.co.uk *.doubleclick.net api.flipp.com www.google.lt www.cdn-net.com www.youtube.com www.google.com.ph dam.flippenterprise.net i.honey-images.com s3.us-east-2.stackpathstorage.com cdn.honey.io prod.accdab.net event.syndigo.cloud integrations.qubit.com www.googletagmanager.com ls.chatid.com analytics.google.com content.syndigo.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 base-uri 'self'; default-src 'self'; script-src 'nonce-NjdjNDVmYTgtMzM1Mi00OTJhLThkYTYtMmE4M2Q4NTZkN2I2' 'report-sample' 'self' https://www.googletagmanager.com https://c.safetyculture.com https://cdn.segment.com https://snap.licdn.com/ https://cdn.madkudu.com/ https://cdn.amplitude.com https://connect.facebook.net https://googleads.g.doubleclick.net https://cdn.kustomerapp.com https://www.googleadservices.com https://www.google.com https://tpc.googlesyndication.com https://bat.bing.com https://pages.safetyculture.com https://*.hotjar.com https://fast.wistia.com; style-src 'unsafe-inline' 'report-sample' 'self' https://pages.safetyculture.com https://*.hotjar.com; object-src 'none'; connect-src 'self' https://a.safetyculture.com https://api.segment.io https://c.safetyculture.com https://cdn.segment.com https://*.segmentapis.com https://api.amplitude.com https://scnextsite.wpenginepowered.com/wp-admin/admin-ajax.php https://px.ads.linkedin.com https://cdn.linkedin.oribi.io https://support-safetyculture.api.kustomerapp.com https://*.pndsn.com https://safetyculture-sandbox.api.kustomerapp.com https://stats.g.doubleclick.net https://www.facebook.com https://www.instagram.com https://wp-website.safetyculture.com/wp-admin/admin-ajax.php https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://adservice.google.com https://*.wistia.com https://bat.bing.com https://monitor.clickcease.com; manifest-src 'self'; media-src 'self' blob:; font-src 'self' https://fonts.gstatic.com https://cdn.kustomerapp.com data: https://*.hotjar.com https://fast.wistia.com; frame-src 'self' https://cdn.kustomerapp.com https://tpc.googlesyndication.com https://www.facebook.com https://*.doubleclick.net https://pages.safetyculture.com https://www.youtube.com; img-src 'self' * data:; worker-src 'none'; report-uri https://safetyculture.com/_csp/scweb/prod?v=240313; 1 script-src 'self' 'unsafe-eval' figshare.local figstatic.com *.figstatic.com figshare.network *.figshare.network figsh.com *.figsh.com figsh.us *.figsh.us figshare.us *.figshare.us figshare.com *.figshare.com *.qualtrics.com *.cloudfront.net *.altmetric.com https://www.googletagmanager.com https://www.google-analytics.com 'nonce-9m4LDSjdyaF0fKwk34HX3w=='; 1 frame-ancestors 'self' metrika.yandex.ru mc.yandex.ru http://webvisor.com; frame-src *.youtube.com vk.com https: blob: mc.yandex.ru jivosite.com; report-uri /csp-report; 1 default-src 'self'; connect-src 'self' analytics.init.de; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openlayers.org openlayers.org *.openstreetmap.org *.twitter.com *.instagram.com *.3qsdn.com *.twimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.openlayers.org openlayers.org *.init.de *.openstreetmap.org *.twitter.com *.instagram.com *.3qsdn.com *.twimg.com *.bundesfinanzministerium.de; object-src 'self'; media-src 'self' *.youtube.com *.bundesfinanzministerium.de; child-src *.google.com *.gstatic.com *.youtube.com *.init.de *.twitter.com *.instagram.com *.3qsdn.com *.twimg.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org *.init.de *.twitter.com *.instagram.com *.3qsdn.com *.twimg.com *.bundesfinanzministerium.de; frame-ancestors 'self'; report-uri /site/servlet/csp-report; 1 report-uri /cdn-cgi/script_monitor/report 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.etracker.com/ https://*.etracker.de/ https://*.signalize.com/; img-src 'self' data: s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com i.ytimg.com; frame-src 'self' www.youtube.com; child-src 'self' www.youtube.com; 1 default-src 'self'; script-src 'report-sample' 'self' https://bat.bing.com/p/action/25080479.js https://cmp.osano.com/6orGTTANycUp8SXp/b6faaa7e-e779-4437-bfd7-b1690b5f61c1/osano.js https://cmp.osano.com/6orGTTANycUp8SXp/487f6b25-d82c-4778-af85-14932b8ea351/osano.js https://connect.facebook.net/signals/config/119620336139212 https://fast.wistia.com/assets/external/facebookPixel.js https://info.discoveryeducation.com https://googleads.g.doubleclick.net/pagead/viewthroughconversion/715270855/ https://munchkin.marketo.net/162/munchkin.js https://okt.to/ping https://tagmanager.google.com https://www.googletagmanager.com/gtm.js; style-src 'report-sample' 'self' https://info.discoveryeducation.com https://tagmanager.google.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://063-SDC-839.mktoresp.com https://app.clearbit.com https://distillery.wistia.com https://e.clarity.ms https://embed-fastly.wistia.com https://embedwistia-a.akamaihd.net https://fast.wistia.com https://fg8vvsvnieiv3ej16jby.litix.io https://pipedream.wistia.com https://stats.g.doubleclick.net https://www.facebook.com https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com data: https://use.typekit.net; frame-src 'self' https://info.discoveryeducation.com https://js.driftt.com https://www.facebook.com; img-src 'self' https://analytics.twitter.com https://dbl-live-website.imgix.net https://embed-ssl.wistia.com https://fast.wistia.com https://info.discoveryeducation.com https://px.ads.linkedin.com https://t.co https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.com.sv https://ssl.gstatic.com https://www.gstatic.com data:; manifest-src 'self'; media-src 'self'; report-uri https://e6390b213471fc12db8189a84997cf1e.report-uri.com/r/d/csp/wizard; worker-src blob:; report-to default; 1 default-src 'self' https://d3q9kdqrtloda.cloudfront.net/ https://i.ytimg.com/ https://www.youtube-nocookie.com/ https://noembed.com/ https://cdn.plyr.io/ https://cdn-ukwest.onetrust.com/ https://geolocation.onetrust.com/ https://www.google.com/ https://googleads.g.doubleclick.net/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://px.ads.linkedin.com/ https://api.hubapi.com/ https://cta-service-cms2.hubspot.com/ https://c1001.report.gbss.io/ https://analytics.tiktok.com/ https://forms.hubspot.com/ https://region1.analytics.google.com/ https://*.analytics.google.com/ https://region1.google-analytics.com/ https://*.google-analytics.com/ https://pagead2.googlesyndication.com https://privacyportal-uk.onetrust.com/ https://*.onetrust.com/; style-src 'self' 'unsafe-inline' https://static.formstack.com/forms/css/ https://static.formstack.com/common/css/; script-src 'self' https://www.youtube.com/ https://cambridgeenglish.formstack.com/forms/ 'sha256-5woGd/mZkUg7jRI9rPBZPHKC+LdyheFkTyKDMVNRNAs=' https://static.hotjar.com/c/ https://static.formstack.com/forms/js/ 'sha256-BEia3zQX2ZCFqcEfWBg9chT7nMc26YOr506FmhGqIfE=' 'sha256-z+rMOYNYmUbRI0OKIZH9HZneWmS3dJkEIDLisI+5LwI=' 'sha256-4QifgdTNZlur9Y/OOGOV3SggRLnQQR4peyehG9Y5buo=' https://www.google.com/ https://www.gstatic.com/ https://cdn-ukwest.onetrust.com/ https://www.googletagmanager.com/ 'sha256-rbMVlXlWb1FxlmTxqO6hQI+5VPCMoqHMqeyWMrzk9E4=' 'sha256-IgMQOOOedQeMPBl7lSreMVPmJvU62bc6l8HcsGXnbWc=' 'sha256-/6m2tVE+3ZAyrBnUps+rDpHpCwMi0VgW9mdVym2y2cE=' 'sha256-nanbr0ZSJrOvEvr6c5gV8UarYfjNXF+TAtmA9GjvyJ0=' 'sha256-ATpn7Ex50rRSNqmoA432bWfqvlsGB6CD/7fE2WtoU5A=' 'sha256-iXVjrS+TzaVqRdjZV8gecO6OkuAcobYu2OjiJVT8LYU=' 'sha256-+WTu64J4HVaiLZC0nSjR9XxbZZg1xX7cdNM/WA/pDcQ=' 'sha256-tOY0R/wVWZCxGQPtXP0ptphYuCKkCpgNHQy/ZkwhCCY=' 'sha256-xc61KVzUrz5aO4ACQyRqjH2fPpfIb/xoMmSSEiU+PWU=' 'sha256-wyNlDF2abbsDx6TZogcKckBQwZ4N8qFR3SAepboU7Sk=' 'sha256-tOY0R/wVWZCxGQPtXP0ptphYuCKkCpgNHQy/ZkwhCCY=' blob: 'unsafe-eval' https://www.google-analytics.com/ https://snap.licdn.com/ https://googleads.g.doubleclick.net/ https://static.ads-twitter.com https://www.googleadservices.com/ https://connect.facebook.net/ https://a.quora.com/ https://js.hs-scripts.com/ https://analytics.tiktok.com/ https://cdn.gbqofs.com/ https://cl.qualaroo.com/ https://assets.ubembed.com/ https://js.hs-analytics.net/ https://js.hsadspixel.net/ https://js.hsleadflows.net/ https://js.hs-banner.com/ https://js.hubspot.com/ https://cdn.gbqofs.com/ https://analytics.tiktok.com/ https://cdn.gbqofs.com/ https://snap.licdn.com/ https://14d7fb0767d540569b202283222297c0.js.ubembed.com/ 'sha256-1e5RR2OpHhuX2h0Bat19DsNTmqbo4M3T1pqfeTXCHaA='; object-src 'none'; font-src 'self' https://static.formstack.com/forms/fonts/; img-src 'self' data: https://d3q9kdqrtloda.cloudfront.net/ https://s3.eu-west-2.amazonaws.com/ielts-web-static/ www.googletagmanager.com https://i.ytimg.com/ https://cdn-ukwest.onetrust.com/ https://ad.doubleclick.net/ https://px.ads.linkedin.com/ https://googleads.g.doubleclick.net/ https://www.google.com/ https://t.co https://analytics.twitter.com/ https://www.facebook.com/ https://q.quora.com/ https://adservice.google.com/ https://perf-na1.hsforms.com/ https://*.google.ad/ https://*.google.ae/ https://*.google.com.af/ https://*.google.com.ag/ https://*.google.al/ https://*.google.am/ https://*.google.co.ao/ https://*.google.com.ar/ https://*.google.as/ https://*.google.at/ https://*.google.com.au/ https://*.google.az/ https://*.google.ba/ https://*.google.com.bd/ https://*.google.be/ https://*.google.bf/ https://*.google.bg/ https://*.google.com.bh/ https://*.google.bi/ https://*.google.bj/ https://*.google.com.bn/ https://*.google.com.bo/ https://*.google.com.br/ https://*.google.bs/ https://*.google.bt/ https://*.google.co.bw/ https://*.google.by/ https://*.google.com.bz/ https://*.google.ca/ https://*.google.cd/ https://*.google.cf/ https://*.google.cg/ https://*.google.ch/ https://*.google.ci/ https://*.google.co.ck/ https://*.google.cl/ https://*.google.cm/ https://*.google.cn/ https://*.google.com.co/ https://*.google.co.cr/ https://*.google.com.cu/ https://*.google.cv/ https://*.google.com.cy/ https://*.google.cz/ https://*.google.de/ https://*.google.dj/ https://*.google.dk/ https://*.google.dm/ https://*.google.com.do/ https://*.google.dz/ https://*.google.com.ec/ https://*.google.ee/ https://*.google.com.eg/ https://*.google.es/ https://*.google.com.et/ https://*.google.fi/ https://*.google.com.fj/ https://*.google.fm/ https://*.google.fr/ https://*.google.ga/ https://*.google.ge/ https://*.google.gg/ https://*.google.com.gh/ https://*.google.com.gi/ https://*.google.gl/ https://*.google.gm/ https://*.google.gr/ https://*.google.com.gt/ https://*.google.gy/ https://*.google.com.hk/ https://*.google.hn/ https://*.google.hr/ https://*.google.ht/ https://*.google.hu/ https://*.google.co.id/ https://*.google.ie/ https://*.google.co.il/ https://*.google.im/ https://*.google.co.in/ https://*.google.iq/ https://*.google.is/ https://*.google.it/ https://*.google.je/ https://*.google.com.jm/ https://*.google.jo/ https://*.google.co.jp/ https://*.google.co.ke/ https://*.google.com.kh/ https://*.google.ki/ https://*.google.kg/ https://*.google.co.kr/ https://*.google.com.kw/ https://*.google.kz/ https://*.google.la/ https://*.google.com.lb/ https://*.google.li/ https://*.google.lk/ https://*.google.co.ls/ https://*.google.lt/ https://*.google.lu/ https://*.google.lv/ https://*.google.com.ly/ https://*.google.co.ma/ https://*.google.md/ https://*.google.me/ https://*.google.mg/ https://*.google.mk/ https://*.google.ml/ https://*.google.com.mm/ https://*.google.mn/ https://*.google.com.mt/ https://*.google.mu/ https://*.google.mv/ https://*.google.mw/ https://*.google.com.mx/ https://*.google.com.my/ https://*.google.co.mz/ https://*.google.com.na/ https://*.google.com.ng/ https://*.google.com.ni/ https://*.google.ne/ https://*.google.nl/ https://*.google.no/ https://*.google.com.np/ https://*.google.nr/ https://*.google.nu/ https://*.google.co.nz/ https://*.google.com.om/ https://*.google.com.pa/ https://*.google.com.pe/ https://*.google.com.pg/ https://*.google.com.ph/ https://*.google.com.pk/ https://*.google.pl/ https://*.google.pn/ https://*.google.com.pr/ https://*.google.ps/ https://*.google.pt/ https://*.google.com.py/ https://*.google.com.qa/ https://*.google.ro/ https://*.google.ru/ https://*.google.rw/ https://*.google.com.sa/ https://*.google.com.sb/ https://*.google.sc/ https://*.google.se/ https://*.google.com.sg/ https://*.google.sh/ https://*.google.si/ https://*.google.sk/ https://*.google.com.sl/ https://*.google.sn/ https://*.google.so/ https://*.google.sm/ https://*.google.sr/ https://*.google.st/ https://*.google.com.sv/ https://*.google.td/ https://*.google.tg/ https://*.google.co.th/ https://*.google.com.tj/ https://*.google.tl/ https://*.google.tm/ https://*.google.tn/ https://*.google.to/ https://*.google.com.tr/ https://*.google.tt/ https://*.google.com.tw/ https://*.google.co.tz/ https://*.google.com.ua/ https://*.google.co.ug/ https://*.google.co.uk/ https://*.google.com.uy/ https://*.google.co.uz/ https://*.google.com.vc/ https://*.google.co.ve/ https://*.google.co.vi/ https://*.google.com.vn/ https://*.google.vu/ https://*.google.ws/ https://*.google.rs/ https://*.google.co.za/ https://*.google.co.zm/ https://*.google.co.zw/ https://*.google.cat/ https://www.google-analytics.com/ https://*.linkedin.com/ https://*.amazonaws.com/ielts-web-static/ https://adservice.google.co.uk/; frame-src 'self' https://www.google.com/ https://www.youtube-nocookie.com/ https://www.youtube.com/ https://dntcl.qualaroo.com/ https://td.doubleclick.net/; 1 default-src 'self' image.spreadshirtmedia.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.com ; img-src 'self' data: https: image.spreadshirtmedia.net image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com *.google-analytics.com *.analytics.google.com sanalytics.spreadshirt.com *.spreadshirt.com ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ *.google-analytics.com *.analytics.google.com *.spreadshirt.com ; font-src 'self' https: data: *.spreadshirt.com ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.com ; object-src 'none' ; media-src image.spreadshirtmedia.com ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.com ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1 object-src 'none';base-uri 'self';script-src 'nonce-yxNXda5qK4yIe6yu1Hioow' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 base-uri 'self';default-src 'self' https://*.algolia.net https://*.algolianet.com https://*.algolia.io;connect-src 'self' https://matomo.ingenuitylite.com https://salesiq.zoho.eu wss://*.zohopublic.eu https://*.zohopublic.eu https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.com https://facebook.com https://track.gaconnector.com https://*.analytics.google.com https://vimeo.com https://bat.bing.com wss://*.hotjar.com https://content.hotjar.io https://cdn.linkedin.oribi.io https://adservice.google.com https://*.google.com https://*.google.co.uk https://*.google.ie https://*.google.ro https://*.hotjar.io https://*.hotjar.com https://*.gaconnector.com https://scout.salesloft.com https://*.googlesyndication.com https://c.az.contentsquare.net;frame-ancestors 'none';font-src 'self' data: 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.ingenuitylite.com https://fcdn.ingenuitylite.com https://css.zohocdn.com;frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://vars.hotjar.com https://js.stripe.com https://player.vimeo.com https://gateway.zscalertwo.net https://www.facebook.com https://checkout.stripe.com https://hooks.stripe.com https://catalogue.thehutgroup.com https://td.doubleclick.net https://forms.zohopublic.eu https://www.linkedin.com https://online.fliphtml5.com https://s3.eu-west-1.amazonaws.com;img-src 'self' https://cdn.ingenuitylite.com https://fcdn.ingenuitylite.com https://*.linkedin.com https://www.googletagmanager.com https://*.thcdn.com data: https://salesiq.zohopublic.eu https://*.googletagmanager.com https://*.google-analytics.com https://*.google.com https://*.google.co.uk https://*.google.ie https://*.google.ro https://*.bing.com https://*.facebook.com https://*.vimeocdn.com https://www.google-analytics.com https://c.az.contentsquare.net;child-src 'self';script-src 'self' 'unsafe-eval' 'nonce-81fb1553414c85bbbb2aec8f7e24db7f' 'strict-dynamic' https://matomo.ingenuitylite.com https://snap.licdn.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com https://js.zohocdn.com https://salesiq.zoho.eu https://www.google-analytics.com https://crm.zoho.eu https://googleads.g.doubleclick.net https://bat.bing.com https://ma.zoho.eu https://track.gaconnector.com https://maillist-manage.eu https://connect.facebook.net https://js.stripe.com https://*.zoho.eu https://checkout.stripe.com https://*.doubleclick.net https://*.hotjar.com https://scout-cdn.salesloft.com https://*.linkedin.com;style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://cdn.ingenuitylite.com https://fcdn.ingenuitylite.com https://css.zohocdn.com https://css.zohostatic.eu;style-src-attr 'self' 'unsafe-inline';object-src 'none';script-src-attr 'self' 'unsafe-inline';script-src-elem 'self' 'unsafe-inline' https://matomo.ingenuitylite.com https://snap.licdn.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://salesiq.zoho.eu https://js.zohostatic.eu https://js.zohocdn.com https://www.google-analytics.com https://crm.zoho.eu https://googleads.g.doubleclick.net https://bat.bing.com https://ma.zoho.eu https://track.gaconnector.com https://maillist-manage.eu https://connect.facebook.net https://js.stripe.com https://*.zoho.eu https://*.doubleclick.net https://*.hotjar.com https://scout-cdn.salesloft.com https://*.contentsquare.net https://static.zohocdn.com;worker-src 'none';media-src 'self' https://cdn.ingenuitylite.com https://fcdn.ingenuitylite.com https://blogscdn.thehut.net https://catalogue.thehutgroup.com;report-uri https://csp.ingenuitylite.com/ajax/csp-report;report-to csp-endpoint;style-src-elem 'self' 'unsafe-inline' data: https: 1 img-src https: data:; connect-src https:; report-uri https://csp-reports.yesware.com/new 1 frame-ancestors 'none'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.algolia.net *.algolianet.com *.clarity.ms *.drmax-gl.dev *.drmax-ro.space *.drmax.net *.drmax.ro *.facebook.com *.facebook.net *.fbcdn.net *.google-analytics.com *.google.com *.googleapis.com *.instagram.com *.sentry.io *.twitter.com ams.creativecdn.com api.luigisbox.com attr-2p.com bam.eu01.nr-data.net bat.bing.com cdn.jsdelivr.net cdn.speedcurve.com cdnjs.cloudflare.com cdp.drmax.meiro.io cdp.drmaxro.meiro.io consent.cookiebot.com consentcdn.cookiebot.com dtm-dre.platform.hicloud.com event.2performant.com fledge-eu.creativecdn.com fonts.gstatic.com googleads.g.doubleclick.net image-resizer-svc.drmax-gl.live image-resizer-svc.drmax-gl.space insights.algolia.io js-agent.newrelic.com measurement-api.criteo.com pagead2.googlesyndication.com placement-service.drmax-gl.live placement-service.drmax-gl.space placement-service.drmax.zone rtp.persoo.ai s.yimg.com s.yimg.com scripts.persoo.cz search-service.drmax-gl.space search-service.drmax.zone stats.g.doubleclick.net t.profitshare.ro tags.creativecdn.com td.doubleclick.net tpc.googlesyndication.com unpkg.com www.googleadservices.com/pagea www.googleoptimize.com www.googletagmanager.com www.gstatic.com www.recaptcha.net www.youtube-nocookie.com www.youtube.com ; report-to csp-endpoint; report-uri /_cspreports; img-src * data:; 1 default-src 'self' https://*.soraapp.com https://*.overdrive.com; connect-src 'self' https://*.soraapp.com https://*.overdrive.com https://api.duckduckgo.com https://*.od-cdn.com https://*.cachefly.net; font-src 'self' data:; frame-src 'self' https://*.soraapp.com https://*.google.com; img-src 'self' data: https://*.od-cdn.com https://*.overdrive.com https://duckduckgo.com https://biglibraryread.com; script-src 'nonce-1ce762093e59e9f30c2ff2ca20b74eb5' 'strict-dynamic' 'self' https://*.google.com https//*.gstatic.com; object-src 'none'; base-uri 'none'; style-src 'self' 'unsafe-inline' https://*.google.com; require-trusted-types-for 'script'; frame-ancestors 'self' https://classroom.google.com; trusted-types sanitizer unsafe dompurify scriptHelper 1 object-src 'none'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-eval'; base-uri 'none'; frame-ancestors 'self' 1 default-src 'none'; base-uri 'none' ; frame-src 'self' *.unidays.world *.facebook.com *.twitter.com *.doubleclick.net *.youtube.com *.youtube-nocookie.com *.google.com *.snapchat.com hcaptcha.com *.hcaptcha.com *.hotjar.com *.hotjar.io *.usercentrics.eu *.recaptcha.net;connect-src 'self' *.myunidays.com *.myunidays.com *.adzerk.net https://api.segment.io https://cdn.segment.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://www.google.com https://servedby.flashtalking.com https://ad.doubleclick.net *.tiktok.com *.snapchat.com *.appsflyer.com hcaptcha.com *.hcaptcha.com https://*.eu01.nr-data.net *.usercentrics.eu;font-src 'self' data: https: ; img-src 'self' data: https: *.usercentrics.eu; object-src 'self' *.usercentrics.eu;media-src 'self' *.unidays.world *.googleapis.com *.usercentrics.eu;script-src 'self' https: 'unsafe-inline' 'nonce-3/7LkX/p0ESL+Hg9bi7Bbg==' 'sha256-3ivUKhjrZejaxREEg03/2mH8Q7OwmD2BI1cO4zMMu4g=' 'sha256-swnYD2S3+mg5eUG+ZrxxAe2x8z+BPFsrZJ1loRNz+Nc=' 'sha256-g9OxQphxporGYTZoKLVRyBlw/YE09L1FBbf89tFWWz4=' 'sha256-FIhX+YlCX/mDgfVKSE47aYd0Shmm38UT5k6gKibikZ0=' 'sha256-YaDWSIuM6H64qsjkVQd7wJgx2v1Mq47Fo+j1N6emdo4=' 'sha256-SiSpQtoSm3gYHCiSdO7bIdwk6nuhuKyKx6I638RpVMs=' hcaptcha.com *.hcaptcha.com *.usercentrics.eu;style-src 'self' 'unsafe-inline' https: hcaptcha.com *.hcaptcha.com; 1 object-src 'none';base-uri 'self';script-src 'nonce-HnN_dzd5yCXXnaQI8X5UPQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=8t3BkVgJ98hCDz1Qr2_AhMsy0eipQu_kPljeuAbeEGY-1711589288-1.0.1.1-SFXDBmXpZySVHuJUwObxDOJd2J7uO9g2lKnm.Mxcm1UilYzBZBUGO3JZXdwlStR.4g3fwNh9.DTKghV0vt0rIu6gXHkOgQ5C17auj3WWHzmZgI3NrhodgaNxGRYv5GEFsH_zqGa0XJApW_ImevkYsA; report-to cf-csp-endpoint 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www-embed-player.js *.cookiebot.com *.cookiefirst.com *.google-analytics.com www.instagram.com *.facebook.net *.tiktok.com *.ads-twitter.com *.twitter.com lf16-tiktok-web.ttwstatic.com cdn.unibuddy.co *.googletagmanager.com bat.bing.com w.soundcloud.com s.yimg.com sc-static.net snap.licdn.com www.googleadservices.com *.doubleclick.net siteimproveanalytics.com www.youtube.com *.hotjar.com *.linkedin.com service.force.com *.salesforceliveagent.com universityofportsmouth.my.salesforce.com *.formstack.com *.googleapis.com cdn.jsdelivr.net www.google.ie sfapi.formstack.io az416426.vo.msecnd.net discoveruni.gov.uk *.discoveruni.gov.uk *.matterport.com webteamuop.github.io *.port.ac.uk *.secure.force.com portsmouthuni.h5p.com *.go-mpulse.net js-agent.newrelic.com *.algolia.net *.jquery.com bot.ivy.ai bam.nr-data.net *.force.com *.clarity.ms dev.visualwebsiteoptimizer.com artsthread.com tr.snapchat.com tags.srv.stackadapt.com https://rv-vepple-embed.web.app https://builder.lift.acquia.com universityofportsmouth.my.salesforce-sites.com vimeo.com https://player.vimeo.com universityofportsmouth--chatbotdv2.sandbox.my.salesforce.com universityofportsmouth--chatbotdv2.sandbox.my.salesforce-sites.com universityofportsmouth--chatbotdv2.sandbox.lightning.force.com universityofportsmouth.tfaforms.net; object-src 'none'; style-src 'self' 'unsafe-inline' modernizr.min.js *.googleapis.com platform.twitter.com lf16-tiktok-web.ttwstatic.com *.force.com static.formstack.com formsprod.azureedge.net sfapi.formstack.io port.formstack.com *.cookiefirst.com webteamuop.github.io *.port.ac.uk *.googletagmanager.com artsthread.com tags.srv.stackadapt.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com s3.amazonaws.com universityofportsmouth.my.salesforce-sites.com embed.tawk.to *.tawk.to cdn.jsdelivr.net builder.lift.acquia.com *.formstack.io universityofportsmouth--chatbotdv2.sandbox.my.salesforce-sites.com; img-src 'self' data: *.google-analytics.com i.vimeocdn.com i.ytimg.com *.googletagmanager.com jadserve.postrelease.com bat.bing.com sp.analytics.yahoo.com *.siteimproveanalytics.io *.facebook.com *.facebook.net *.twitter.com t.co *.doubleclick.net googleads.g.doubleclick.net *.linkedin.com uks-prd-xp2-cd.azurewebsites.net ormsprod.azureedge.net port.formstack.com maps.gstatic.com *.googleapis.com lh3.ggpht.com www.google.ie *.cookiefirst.com formsprod.azureedge.net discoveruni.gov.uk *.force.com *.universityofportsmouth.my.salesforce.com *.salesforce.com *.port.ac.uk bot.ivy.ai *.clarity.ms *.bing.com dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com cdn.pushcrew.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google eat2mpk5ajg.exactdn.com *.eat2mpk5ajg.exactdn.com blob: https://egopbtuk8gz.exactdn.com *.egopbtuk8gz.exactdn.com *.frontdoorcdn.formstack.io https://frontdoorcdn.formstack.io images.artsthread.com *.google.co.uk; media-src 'self'; frame-src 'self' player.vimeo.com www.youtube.com *.linkedin.com portsmouthuni.h5p.com w.soundcloud.com viewer.joomag.com *.cookiebot.com www.instagram.com *.facebook.com *.tiktok.com *.twitter.com embed.acast.com unibuddy.co popcard.unibuddy.co tr.snapchat.com *.doubleclick.net view.genial.ly service.force.com *.hotjar.com *.matterport.com webteamuop.github.io universityofportsmouth.force.com *.port.ac.uk *.secure.force.com open.spotify.com *.google.com port.cloud.panopto.eu bot.ivy.ai app.nearpod.com *.visualwebsiteoptimizer.com universityofportsmouth.my.salesforce-sites.com *.tawk.to; frame-ancestors 'self' portsmouthuni.h5p.com; child-src 'self' blob:; font-src 'self' data: fonts.gstatic.com use.typekit.net *.modernizr.min.js static.formstack.com fonts.googleapis.com bot.ivy.ai cdn.scite.ai embed.tawk.to *.tawk.to; connect-src 'self' *.google-analytics.com www.googletagmanager.com marketing.port.ac.uk sentry10.bynder.cloud www.ucas.com *.tiktok.com tr.snapchat.com *.doubleclick.net s.yimg.com *.linkedin.com *.secure.force.com sfapi.formstack.io *.googleapis.com *.algolia.net *.cookiefirst.com ohpuem12fk-3.algolianet.com *.facebook.com vc.hotjar.io dc.services.visualstudio.com prod-discoveruni.azure-api.net cdn.linkedin.oribi.io webteamuop.github.io *.algolianet.com *.go-mpulse.net bam.nr-data.net *.akstat.io *.akamaihd.net *.hotjar.com plugin.ucads.ucweb.com *.clarity.ms tags.srv.stackadapt.com *.visualwebsiteoptimizer.com app.vwo.com *.port.ac.uk vimeo.com universityofportsmouth.my.salesforce-sites.com artsthread.com eu.perz-api.cloudservices.acquia.io *.google.com va.tawk.to embed.tawk.to *.tawk.to wss://*.tawk.to insights.algolia.io virtual.port.ac.uk *.virtual.port.ac.uk *.analytics.pangle-ads.com https://api.portsmouth.rvhosted.com eat2mpk5ajg.exactdn.com *.eat2mpk5ajg.exactdn.com https://google.com blob: https://analytics.pangle-ads.com https://egopbtuk8gz.exactdn.com *.egopbtuk8gz.exactdn.com universityofportsmouth--chatbotdv2.sandbox.my.salesforce-sites.com 1 object-src 'none'; script-src 'nonce-ESb0wcqPjbhMi1ukl8tYun7QUpT8/GmVir4b8sib3/c=' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; base-uri 'self' https://*.qbrick.com/; report-uri /api/csp/report/; report-to csp-endpoint 1 default-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com; script-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com 'unsafe-inline' 'unsafe-eval'; style-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com 'unsafe-inline'; report-uri /1/batch/2/OE/mid=AF2M0KC94RCEA:sid=139-3756966-3982824:rid=C04WQSH8SAGPR8873VQC:sn=www.acx.com 1 default-src 'self' https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-endpoint.timeinc.net/ 1 object-src 'none';base-uri 'self';script-src 'nonce-XKJiB_6Gstqp7sDFQm6Orw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none'; script-src 'self' cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io https://static.addtoany.com https://toolassets.haptikapi.com https://unpkg.com mdbootstrap.com 'unsafe-inline'; script-src-attr 'self'; style-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com maxcdn.bootstrapcdn.com mdbootstrap.com use.fontawesome.com 'unsafe-inline'; style-src-attr 'self'; frame-ancestors 'self' 1 script-src 'self' 'unsafe-eval' 'sha256-Tzu6+wuu1SjTdVaXJEV6PivtY9mRqZb0xhhm2BLRAOA=' 'sha256-7IyttL+tUqfo+WQfAWL3v6YMknUKo9ajmbpNtuTjMN0=' 'sha256-3hfUlZv/u0yM7A3uB3JvxOvBYAe8qn24uA4O2An1VRY=' 'sha256-MV1RuepqvbyT5NhbRPeSj1juoiQBimzZ/wO2CMs3kus=' 'sha256-ABZr65Zok8xacqLFUeZR+42Msgxys7C+6WB+vtacJb8=' 'sha256-bHVKPlpu6EceFvLitpQwu5mjjCOghOO0EQqqS41Qn6Q=' 'sha256-wxehmTJycT+YLBVHLN3bWj/zTcxemiqmfRQzTQW8ir4=' 'sha256-xCJKn7hMM9SELWl17uBsfarS81wpzMEJEmq9eKBxtzs=' 'sha256-+2rXXU3laxTDtQNsImGyQ1X64rn4ISQLNShnWzx821g=' 'sha256-/J1Ywi0oxHQHCpzRvtKWWe4P+hIt7HcIaSwR9c4c5Rs=' 'sha256-39X4GDwTjoEuiHC/2kJYF7mNFjiDloAgzPDJAZFmXUA=' 'sha256-4H8OjgRPgGcbXIWnunILQFptlaDulDAprEkdWAmd5rs=' 'sha256-6ncdpKw08Cc1EFsSeeLsVjAIaYvgm1rBcI4cNp12+Qw=' 'sha256-7PIxQkJpqFtF3ibD6pIWa3xB9NioZz/ynQRYzL0/GQk=' 'sha256-7gtkfRfWNDeobU0B/hfsPp2BIWvoaQl9Qnyy5LiRnxs=' 'sha256-FCJSELYJJqB55vIG3t/ph5fM8YdnNvdK1wyBgKoLBv8=' 'sha256-FTGWq2sxofS5L8Yq87ilEpDqn9l5NkLK0cc3sd7OvnM=' 'sha256-IHOzCHp//Jl1lFsowvMxAPGD+T7zlnWM2mFk53CcUCQ=' 'sha256-Lbd7CfEvDCWYMyHY0+sXbfaSIJoSyADQN1msRc5GDNI=' 'sha256-UIJOLWy/Osv+QGQ4imdRlRujM6eUI1MSyU7o0yUPUZY=' 'sha256-ZdDTEfl8xrGn7iZ/2mMDizDIe6JRmep2vz9STHJi4Zs=' 'sha256-av+IGVQJsQwpqceEC0sQFA8e9C8QabH8uLcfyhwM7SQ=' 'sha256-eVK40NIq3UGWc8qEju5kUvLu1HgsUzj88BW49m/q4j0=' 'sha256-ggRYfkK/3LVUNlNZMQmNN9BFxap4CrJfPbtZ6v2xbjo=' 'sha256-grcTsfRWbkeUhSuDjdKCkH5D8wGl/7m/mQ40fxHu0mw=' 'sha256-jFtAwO73SFINACr8TD6icHqaE8VW008cFmXWwD0f9fM=' 'sha256-r217nY7GmxmFONoUAdkKv3HkplOIco6U4dEWu4mrSIs=' 'sha256-u24cgm8XlTjNvJyJKe51ekUDI8IYMtxoJZ/6Obf/+y0=' 'sha256-xGfPUma/ZEUO/hLpxJqIvAXja0IQ6z6bdVSim0NgRs0=' 'report-sample' https://*.doubleclick.net https://*.cdn4.forter.com https://*.google.com https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagservices.com https://*.nr-data.net https://*.yahoo.com https://api.bounceexchange.com https://assets.bounceexchange.com https://at1.listrakbi.com https://bat.bing.com https://bam.nr-data.net https://cdn.attn.tv https://cdn.browsiprod.com https://connect.facebook.net https://code.jquery.com https://cdn.jsdelivr.net https://content.linkedin.com https://cdn.listrakbi.com https://connect.nosto.com https://cdn.roirevolution.com https://f.clarity.ms https://googleads.g.doubleclick.net https://graph.facebook.com https://geoipwebservice.com https://google-analytics.com https://googletagmanager.com https://guarantee-cdn.com https://js.facebook.com https://js-agent.newrelic.com https://platform.linkedin.com https://query.yahooapis.com https://r.bing.com https://r.webeyez.com https://static.cloudflareinsights.com https://ssl.google-analytics.com https://snap.licdn.com https://static-exp1.licdn.com https://services.listrak.com https://s1.listrakbi.com https://s.pinimg.com https://sec.webeyez.com https://s.yimg.com https://tag.bounceexchange.com https://tagmanager.google.com https://www.clarity.ms https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://sdk.helloextend.com/extend-sdk-client/v1/extend-sdk-client.min.js https://cdn1.affirm.com/js/v2/affirm.js https://*.clarity.ms/s/0.6.34/clarity.js;frame-ancestors 'self' *.yahoo.com s.yimg.com;frame-src https://www.affirm.com/ https://creatives.attn.tv/ https://r.webeyez.com/ https://assets.bounceexchange.com/;block-all-mixed-content;style-src 'self' 'report-sample' 'unsafe-inline' *.licdn.com *.google.com *.bing.com code.jquery.com cdn.jsdelivr.net cdn.listrakbi.com www.googletagmanager.com;object-src *.googlesyndication.com;child-src 'self' blob: *.googlesyndication.com *.google.com *.facebook.com *.doubleclick.net connect.facebook.net www.googletagmanager.com;base-uri 'self' *.yahoo.com;form-action 'self' *.google.com *.facebook.com connect.facebook.net;worker-src 'self' blob: www.google.com; report-to default 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.amplitude.com *.ads-twitter.com use.typekit.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.segment.com *.doubleclick.net sc-static.net *.google.com *.gstatic.com *.googlesyndication.com connect.facebook.net js.stripe.com cdn.seon.io www.redditstatic.com analytics.tiktok.com bat.bing.com; font-src 'self' data: fonts.gstatic.com use.typekit.net frontend-assets.sorare.tech frontend-assets.sorare.com frontend-assets.sorare.dev; media-src 'self' *.ctfassets.net frontend-assets.sorare.com frontend-assets.sorare.tech frontend-assets.sorare.dev; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net use.typekit.net use.fontawesome.com blob:; connect-src *; img-src * data:; frame-src *; manifest-src 'self' https://sorare.cloudflareaccess.com; object-src 'none'; worker-src blob:; 1 object-src 'none';base-uri 'self';script-src 'nonce-RXvx-4C3i72DIPI3A6WieA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-RbF_bKwc11pXLtf-PQiddg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'none'; form-action 'none'; frame-ancestors 'none'; connect-src 'self'; font-src 'self' fonts.gstatic.com; frame-src www.google.com; img-src 'self' web-analytics.intelliscapesolutions.com; manifest-src 'self'; script-src-elem 'self' 'unsafe-inline' donorbox.org web-analytics.intelliscapesolutions.com www.google.com www.gstatic.com; script-src 'unsafe-eval' 'self' 'unsafe-inline' donorbox.org web-analytics.intelliscapesolutions.com www.google.com www.gstatic.com; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com; report-uri https://intelliscape.report-uri.com/r/d/csp/wizard 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.7-eleven.com bam.nr-data.net collector-pxdr7isq2u.px-cloud.net *.googleapis.com js-agent.newrelic.com nebula-cdn.kampyle.com ka-p.fontawesome.com kit.fontawesome.com www.google.co.in cdn.clarip.com *.doubleclick.net www.google.com.au client.px-cloud.net api.7-eleven.com *.gstatic.com www.googletagmanager.com *.facebook.net analytics.google.com kit-uploads.fontawesome.com apis.7-eleven.com images.contentstack.io region1.analytics.google.com collector-pxdr7isq2u.px-cdn.net collector-pxdr7isq2u.pxchk.net udc-neb.kampyle.com www.youtube.com cdn.contentstack.io ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 base-uri 'self';default-src 'self' https: blob:;font-src https: data:;img-src https: data: android-webview-video-poster:;media-src blob: https:;object-src 'none';report-uri /cspreport/common;script-src 'report-sample' 'nonce-id_Xu2RQXFgA2lbn-0Jt-g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';style-src https: 'unsafe-inline' 1 object-src 'none';base-uri 'self';script-src 'nonce-3ndn9qsJrfdDmNGoQH5Qjw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; report-uri /csp-violation-report-endpoint.php; report-to csp-endpoint 1 default-src * 'unsafe-inline' 'unsafe-eval';font-src data: *; script-src * 'unsafe-inline' 'unsafe-eval'; child-src * 'unsafe-inline' blob:; worker-src * 'unsafe-inline' blob:; img-src * data: blob: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src * blob:; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com plugin.handtalk.me *.googleapis.com fonts.cdnfonts.com unpkg.com *.pinimg.com *.tiktok.com *.evergage.com analytics.google.com *.portoseguro.com.br *.visualwebsiteoptimizer.com geolocation-db.com region1.analytics.google.com gc.kis.v2.scr.kaspersky-labs.com wss://127.0.0.1:5901 www.google.pt wss://127.0.0.1:63333 wss://127.0.0.1:2112 cdn.evgnet.com wss://127.0.0.1:5938 static-or02.inbenta.com *.gstatic.com *.facebook.com use.typekit.net wss://127.0.0.1:5950 *.hotjar.com wss://127.0.0.1:6040 www.googleoptimize.com vdo.campanhaporto.com.br www.google.com.br www.youtube.com *.online-metrix.net *.onetrust.com wss://127.0.0.1:5902 *.dynatrace.com s3-sa-east-1.amazonaws.com portoseguro-helpsite-prod.b01.inbenta.services wss://127.0.0.1:3389 www.google-analytics.com wss://127.0.0.1:5279 cdn.inbenta.io barramc.campanhaporto.com.br *.facebook.net rd.afftrack.pro wss://127.0.0.1:5939 wss://127.0.0.1:7070 *.doubleclick.net *.pinterest.com *.omtrdc.net www.googletagmanager.com img.metaffiliation.com wss://127.0.0.1:5903 vc.hotjar.io code.jquery.com wss://127.0.0.1:5931 adservice.google.com api64.ipify.org checkip.amazonaws.com wss://127.0.0.1:6039 popups.rdstation.com.br rum-static.pingdom.net smartbmc.com.br *.googleadservices.com pageview-notify.rdstation.com.br wss://127.0.0.1:5944 wss://127.0.0.1:5900 globalsiteanalytics.com backend-sdk.prod.private.unico.run ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 default-src 'self' https:; base-uri https://www.elysee.fr; block-all-mixed-content; child-src *; font-src 'self' data: https://fonts.gstatic.com https://www.elysee.fr https://admin.elysee.fr https://www.elysee.fr; form-action 'self'; frame-ancestors 'none'; img-src https://stats.g.doubleclick.net data: https://www.elysee.fr https://admin.elysee.fr https://www.elysee.fr https://captcha.liveidentity.com; plugin-types video/*; script-src 'unsafe-inline' https://www.elysee.fr https://isho.elysee.fr https://admin.elysee.fr https://www.elysee.fr; style-src https://fonts.googleapis.com 'unsafe-inline' https://www.elysee.fr https://admin.elysee.fr https://www.elysee.fr 1 object-src 'none';base-uri 'self';script-src 'nonce-Pf6WVIW1HsZM9jLsDCm02g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src *; script-src * 'unsafe-inline'; style-src * 'unsafe-inline'; frame-ancestors 'self' 1 base-uri 'self';connect-src 'self' https://www.google-analytics.com https://*.googleapis.com https://api.rudderlabs.com https://hosted.rudderlabs.com https://rudderstack.taskade.cloud https://api.stripe.com https://checkout.stripe.com https://sentry.io wss: https://cn2bi8ujy8.execute-api.us-east-1.amazonaws.com https://taskade-files.s3.us-east-1.amazonaws.com https://files.taskade.com https://vimeo.com https://fast.wistia.com https://*.loom.com https://companion.taskade.com;default-src 'self';form-action 'self';media-src 'self' https://js.driftqa.com https://files.taskade.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://ajax.cloudflare.com https://js.driftt.com https://widget.drift.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://checkout.stripe.com https://js.stripe.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.com https://r.wdfl.co;object-src 'none';img-src 'self' data: https://www.googletagmanager.com https://www.google-analytics.com https://*.stripe.com https://files.taskade.com https://unpkg.com https://i.ytimg.com https://*.sndcdn.com https://i.vimeocdn.com https://*.wistia.com https://cdn.loom.com https://*.figma.com https://images.typeform.com https://*.whimsical.com https://companion.taskade.com;style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com;font-src 'self' data:;frame-src https://js.driftt.com https://widget.drift.com https://checkout.stripe.com https://hooks.stripe.com https://js.stripe.com https://call.taskade.com https://*.youtube.com https://*.soundcloud.com https://player.vimeo.com https://*.loom.com https://*.figma.com https://*.invisionapp.com https://*.typeform.com https://*.whimsical.com;report-uri /webhooks/csp-report;report-to /webhooks/csp-report;frame-ancestors 'none' 1 report-uri /report-violation; form-action 'self' https://*.formlabs.com https://*.marketo.com https://www.facebook.com/tr/; base-uri 'self'; object-src https://formlabs.com https://*.formlabs.com http://localhost:3001; frame-ancestors https://partneruniversity-formlabs.talentlms.com https://university-formlabs.talentlms.com https://internal-formlabs.talentlms.com https://formlabs.com https://*.formlabs.com https://dental.formlabs.com https://careers.formlabs.com http://localhost:3000; upgrade-insecure-requests 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.googletagmanager.com www.deltadental.com www.google-analytics.com *.gstatic.com www.google.com rum.browser-intake-datadoghq.com *.zoho.com locationapi.cdn.pagesense.io lh3.ggpht.com cdn.pagesense.io portal.deltadental.com session-replay.browser-intake-datadoghq.com *.googleapis.com support.deltadental.com static.zohocdn.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 object-src 'none';base-uri 'self';script-src 'nonce-OlJwxE2vvB7Zs1jYVbc2XA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-a3aoAA8Pc6x9pELHSIoutQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co https://www.youtube.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wargaming.net *.tvsquared.com *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com *.redditstatic.com https://sc-static.net https://ob.cheqzone.com https://analytics.google.com https://www.google.com https://www.google.com.cy https://*.adform.net https://partner.worldoftanks.com https://*.wgcdn.co https://*.gcdn.co https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://www.googleadservices.com https://www.googleoptimize.com https://u360.d-bi.fr https://bat.bing.com https://connect.facebook.net https://googleads.g.doubleclick.net https://*.adroll.com https://*.addthis.com https://*.addthisedge.com https://tag.marinsm.com https://pixel-geo.prfct.co https://static.criteo.net https://stackadapt.com https://*.creative-serving.com https://*.criteo.com https://*.cloudfront.net https://js.gleam.io https://a1.adform.net https://ajax.googleapis.com https://www.youtube.com https://animate.adobe.com https://*.stackadapt.com https://pagead2.googlesyndication.com https://secure.quantserve.com https://rules.quantcount.com https://*.clarity.ms ; style-src 'self' 'unsafe-inline' *.wargaming.net https://fonts.googleapis.com https://tags.srv.stackadapt.com https://*.wgcdn.co https://*.gcdn.co ; img-src 'self' data: android-webview-video-poster: * ; connect-src 'self' *.wargaming.net *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com https://sc-static.net https://ob.cheqzone.com https://analytics.google.com https://www.google.com https://www.googleoptimize.com wss://worldoftanks.ru wss://worldoftanks.eu wss://worldoftanks.asia wss://worldoftanks.com https://*.stackadapt.com https://*.facebook.com https://*.addthis.com https://*.google-analytics.com https://*.analytics.google.com https://ymetrica1.com https://*.cloudfront.net https://google.com https://google.ru https://google.com.ua https://google.by https://google.pl https://*.doubleclick.net https://*.googleapis.com https://pagead2.googlesyndication.com https://*.clarity.ms https://collect.worldoftanks.com ; font-src 'self' *.wargaming.net https://fonts.gstatic.com https://*.wgcdn.co https://*.gcdn.co ; media-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co ; frame-src 'self' *.wargaming.net https://tr.snapchat.com https://creativecdn.com https://*.adform.net https://*.facebook.com https://ad3.adfarm1.adition.com https://connect.facebook.net https://www.youtube.com https://bid.g.doubleclick.net https://*.criteo.com https://*.addthis.com https://gleam.io https://*.gcdn.co https://*.wgcdn.co https://aax-eu.amazon-adsystem.com ; object-src 'self' *.wargaming.net https://*.gcdn.co https://www.youtube.com ; report-uri https://cspreport.wargaming.net/cspreport 1 script-src *.digid.nl piwik.dtnr.nl statistiek.mijn.overheid.nl *.obi4wan.com; img-src data: *.digid.nl *.rovid.nl statistiek.mijn.overheid.nl piwik.dtnr.nl *.obi4wan.com; style-src *.digid.nl; default-src 'self' *.digid.nl *.rovid.nl; media-src 'self' rovid.nl *.rovid.nl; connect-src 'self' *.obi4wan.ai; frame-src 'self'; font-src 'self'; report-uri '' 1 object-src 'none';base-uri 'self';script-src 'nonce-QDJeCjii6Dnm3QADpYoQHw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'none'; connect-src 'self' data: https://*.typekit.net/ https://*.honeybadger.io https://*.convertkit.com/ https://*.convertexperiments.com/ https://*.profitwell.com https://*.usefathom.com/ https://*.wistia.com/ https://fg8vvsvnieiv3ej16jby.litix.io https://pipedream.wistia.com/mput https://embedwistia-a.akamaihd.net/; font-src 'self' data: https://use.typekit.net; frame-src https://player.vimeo.com https://platform.twitter.com https://syndication.twitter.com https://fast.wistia.com; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.typekit.net/ https://*.profitwell.com https://*.usefathom.com/ https://*.honeybadger.io/ https://*.convertkit.com/ https://*.convertexperiments.com/ https://gist.github.com https://*.wistia.com https://cdn.syndication.twimg.com https://platform.twitter.com https://fast.wistia.com/ https://identity.netlify.com/v1/netlify-identity-widget.js; style-src 'self' 'unsafe-inline' https://*.typekit.net https://github.githubassets.com/ https://platform.twitter.com https://ton.twimg.com; media-src 'self' data: https://embedwistia-a.akamaihd.net https://*.wistia.com; report-uri https://api.honeybadger.io/v1/browser/csp?api_key=c2f13350&report_only=true&env=production 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: t.womtp.com *.doubleclick.net ws.walmeric.com *.demdex.net *.facebook.com www.google.com.br analytics.aklamio.com *.googleusercontent.com content.hotjar.io sp.analytics.yahoo.com *.googleapis.com www.googletagmanager.com www.google.com.mx www.google.com.pe livechat-static-vf-es.brandembassy.com bat.bing.com *.gstatic.com *.googlesyndication.com *.tealiumiq.com api.empathy.co *.vodafone.es t.co *.ampproject.org cdn.cookielaw.org www.google.com s.yimg.com *.pinimg.com adservice.google.com 3qas14kvni.execute-api.eu-central-1.amazonaws.com www.google.es ikaue-xpa-gateway-79cv1gog.wm.gateway.dev *.outbrain.com *.tiktok.com *.twitter.com *.facebook.net www.google.co.in www.google.de vc.hotjar.io www.google.com.ar cdn.onlive.site udc-neb.kampyle.com www.google.fr md-scp.kampyle.com www.google.cl tags.tiqcdn.com livechat-loader-vf-es.brandembassy.com analytics.pangle-ads.com *.hotjar.com *.adform.net www.google.ca www.google.ro www.google.ie www.google.com.ec *.omtrdc.net channels-vf-es.brandembassy.com www.google.co.uk nebula-cdn.kampyle.com www.google.co.ve *.vodafone.com www.google.pt *.fastly.net *.eloqua.com *.taboola.com www.google.pl *.ads-twitter.com maps.google.com x.empathy.co track.adform.net google.com img.en25.com wss://chat-gateway-vf-es.brandembassy.com www.google.it *.googleadservices.com www.google.ch www.google.com.tr *.onetrust.com www.google.co.ma server.seadform.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.blogher.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1 default-src data: blob: https: gap: gap-iab: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://dailyvoice.report-uri.com/r/d/csp/reportOnly 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: analytics.google.com *.facebook.net www.youtube.com dispawsusva.inmoment.com static.zip.co *.ameren.com *.gstatic.com s.swiftypecdn.com api.fillr.com search-api.swiftype.com intercept-client.inmoment.com *.facebook.com *.linkedin.com *.googleadservices.com www.google-analytics.com *.licdn.com cc.swiftype.com *.vimeo.com *.doubleclick.net siteintercept.allegiancetech.com www.googletagmanager.com www.google.com adservice.google.com feedback.amerenlistens.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.artforum.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: 'self' data:; font-src https: 'self' data:; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.quechoisir.org *.qccdn.fr *.tagcommander.com *.commander1.com *.trustcommander.net *.aticdn.net *.xiti.com *.bing.com *.google.com *.youtube.com *.youtu.be www.youtube-nocookie.com wss://dl1.quechoisir.org wss://dl2.quechoisir.org wss://dl.quechoisir.org upgrade-insecure-requests; report-uri https://www.quechoisir.org/csp-violation-report-endpoint/; report-to csp-endpoint> 1 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.vibe.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1 object-src 'none';base-uri 'self';script-src 'nonce-5JToiyqCFeeyVZ6hAaL5ug' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 frame-src 'self' *.one.audi *.doubleclick.net cs.esm1.net di.rlcdn.com insight.adsrvr.org pixall.esm1.net servedby.flashtalking.com service.force.com universal.iperceptions.com *.vwcredit.com *.vwcredit.io *.audifs.com www.google.com; 1 object-src 'none';base-uri 'self';script-src 'nonce-8yiV0RrYqOjTIK7W2l94iw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self'; script-src * 'unsafe-inline' 'self' https://ajax.googleapis.com/ https://cdn.aliadosporlasalud.com/MX/Salud-Digna/Home/js/owl.carousel.min.js https://cdn.conekta.io/js/latest/conekta.js https://cdn.jsdelivr.net/npm/js-cookie@3.0.1/dist/js.cookie.min.js https://cdn.mouseflow.com/projects/d34f0da7-da31-42cb-a2ea-cdd7b5b7ad16.js https://cdn.socket.io/4.5.0/socket.io.min.js https://cdnjs.cloudflare.com/ajax/libs/Swiper/8.4.4/swiper-bundle.min.js https://connect.facebook.net/signals/config/260859287639784 https://d3fxnri0mz3rya.cloudfront.net/antifraud/key_fNdPxbPkqAt1xF1sYMgQF5w.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/927312241/ https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/js/bootstrap.min.js https://script.hotjar.com/modules.f7c079ad889f2e18ab73.js https://sdk.coppelpay.com/coppelpaysdk/CoppelPay.js https://static.hotjar.com/c/hotjar-3464179.js https://stats.g.doubleclick.net/dc.js https://www.clarity.ms/tag/e22cdzfezw https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.googleadservices.com/pagead/conversion/927312241/ https://www.googletagmanager.com/gtag/js https://www.gstatic.com/recaptcha/releases/QUpyTKFkX5CIV6EF8TFSWEif/recaptcha__es.js https://www.salud-digna.com/resources/header/js/jquery-ui.min.js; style-src 'report-sample' 'unsafe-inline' 'self' https://ajax.googleapis.com https://cdn.aliadosporlasalud.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.jquery.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src * 'self' https://analytics.google.com https://api.emarketingsd.org https://bitacora-web.salud-digna.site https://cdn.aliadosporlasalud.com https://devolucion-api.salud-digna.site https://r.clarity.ms https://stats.g.doubleclick.net https://www.google-analytics.com https://www.google.com.mx wss://burbuja.sdmkt.org; font-src 'self' data: https://cdn.aliadosporlasalud.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; frame-src * 'self' https://ssl.kaptcha.com https://td.doubleclick.net https://www.google.com https://www.googletagmanager.com; img-src * 'unsafe-inline' 'self' https://beta.salud-digna.site https://cdn.aliadosporlasalud.com https://cdn.comunidadsd.org https://googleads.g.doubleclick.net https://salud-digna.com https://salud-digna.online https://sfo2.digitaloceanspaces.com https://sfo3.digitaloceanspaces.com https://ssl.kaptcha.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.com.mx https://www.googletagmanager.com https://www.salud-digna.com; manifest-src 'self'; media-src 'self' https://sd-storage.sfo2.digitaloceanspaces.com; report-uri https://65b7f1e1086f86bedad7bb2c.endpoint.csper.io/?v=0; worker-src 'none'; 1 script-src 'unsafe-eval' 'unsafe-inline' https: 'nonce-a93c163f0b8b6247758b23cf' 'strict-dynamic' 'report-sample' https://*.criteo.com https://static.criteo.net https://*.facebook.com https://connect.facebook.net https://*.hotjar.com js.braintreegateway.com assets.braintreegateway.com www.paypalobjects.com *.paypal.com songbird.cardinalcommerce.com *.googletagmanager.com ; worker-src 'self'; object-src 'none'; base-uri 'none'; frame-ancestors 'none'; report-uri https://csp.tourradar.com 1 frame-ancestors 'self'; block-all-mixed-content; default-src 'self'; script-src 'self' 'sha256-5s1UCPQTqKWc18lk0CbkMG0IYokX1utP9ZMQQYiuwXk=' 'sha256-G5NvPksjkp09uU+DikUdTcBXp0UV/362J6blwWczw5I=' 'sha256-HLwLpFPvuHKI0X/UFMhOHQNt1eedIdJGTPML3b+GfWo=' 'sha256-MM3CG7szGAeVIKY58JGR+X+7xTDccDemqcIY0lQLrX8=' 'sha256-OifdWXgFw+IPMAs6Nnr1te5UDPoRIbkDLB1lXZmmRP8=' 'sha256-oh6ZTSefRfIBPlcye8dBjlQBkC0A32V1QIb2htJq7ao=' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.containers.piwik.pro https://*.wistia.com https://*.wistia.net https://maps.google.com https://maps.googleapis.com https://src.litix.io https://use.typekit.net; script-src-elem 'self' 'report-sample' https: *.containers.piwik.pro *.wistia.com *.wistia.net maps.google.com maps.googleapis.com src.litix.io use.typekit.net 'unsafe-inline'; style-src 'self' 'report-sample' 'unsafe-inline' blob: *.typekit.net fonts.googleapis.com fast.wistia.com; object-src embedwistia-a.akamaihd.net; frame-src 'self' https: blob: *.wistia.net *.wistia.com maps.google.com maps.googleapis.com uwhealth.formstack.com; child-src 'self' blob:; img-src 'self' data: blob: *.wistia.net *.wistia.com *.typekit.net *.gstatic.com *.ggpht.com *.googleapis.com embedwistia-a.akamaihd.net images.ctfassets.net maps.google.com maps.googleapis.com res.cloudinary.com swedishamericanmychart.org i.ytimg.com; font-src 'self' data: *.wistia.net *.wistia.com fonts.googleapis.com fonts.gstatic.com res.cloudinary.com use.typekit.net; connect-src 'self' microservices.uwhealth.dev microservices.uwhealth.org *.wistia.com *.typekit.net *.litix.io *.cloud.coveo.com embedwistia-a.akamaihd.net fonts.googleapis.com fonts.gstatic.com fast.wistia.net images.ctfassets.net maps.google.com maps.googleapis.com noembed.com res.cloudinary.com uwhealth.piwik.pro pnapi.invoca.net; manifest-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self' data: blob: *.wistia.net *.wistia.com embedwistia-a.akamaihd.net res.cloudinary.com; prefetch-src 'self'; worker-src 'self' blob:; report-to testing 1 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/youtube-marketing/about_youtube 1 font-src *.fontawesome.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.google.com *.youtube.com maps.googleapis.com *.seeedstudio.com static-cdn.seeedstudio.com media-cdn.seeedstudio.com relstatic-cdn.seeedstudio.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.twitter.com *.google.com *.youtube.com maps.googleapis.com googleads.g.doubleclick.net *.seeedstudio.com stats.g.doubleclick.net *.facebook.com disqus.com *.disqus.com *.taboola.com seeedstudio.us11.list-manage.com static-cdn.seeedstudio.com relstatic-cdn.seeedstudio.com *.sandbox.braintree-api.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.meetanshi.com googleads.g.doubleclick.net *.seeedstudio.com stats.g.doubleclick.net *.facebook.com disqus.com *.disqus.com *.taboola.com https://bid.g.doubleclick.net seeedstudio.us11.list-manage.com *.sandbox.braintree-api.com *.paypal.com; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.google.com/ *.meetanshi.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.twitter.com *.google.com maps.googleapis.com *.facebook.com disqus.com *.disqus.com https://bid.g.doubleclick.net googleads.g.doubleclick.net stats.g.doubleclick.net *.taboola.com seeedstudio.us11.list-manage.com *.seeedstudio.com static-cdn.seeedstudio.com relstatic-cdn.seeedstudio.com *.sandbox.braintree-api.com *.weltpixel.com; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://www.magezon.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.meetanshi.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.seeedstudio.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.google.com maps.googleapis.com *.google.com.tw bat.bing.com *.facebook.com *.linkedin.com disqus.com *.disqus.com *.amazonaws.com *.taboola.com *.scorecardresearch.com *.viglink.com p.adsymptotic.com static-cdn.seeedstudio.com media-cdn.seeedstudio.com relstatic-cdn.seeedstudio.com static.cloudflareinsights.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com *.avada.io *.google.com/ *.meetanshi.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.com maps.googleapis.com bazaar-upgrade.seeed.local bat.bing.com connect.facebook.net snap.licdn.com stats.g.doubleclick.net disqus.com *.disqus.com *.disquscdn.com seeedsite.disqus.com *.taboola.com *.scorecardresearch.com *.seeedstudio.com static-cdn.seeedstudio.com media-cdn.seeedstudio.com relstatic-cdn.seeedstudio.com retcode.alicdn.com *.sandbox.braintree-api.com static.cloudflareinsights.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.fontawesome.com unsafe-inline *.seeedstudio.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.google.com *.youtube.com maps.googleapis.com static-cdn.seeedstudio.com media-cdn.seeedstudio.com relstatic-cdn.seeedstudio.com nwzimg.wezhan.net *.sandbox.braintree-api.com *.paypal.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.avada.io *.meetanshi.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.seeedstudio.com *.twitter.com *.twimg.com *.google.com *.youtube.com maps.googleapis.com googleads.g.doubleclick.net stats.g.doubleclick.net *.facebook.com disqus.com *.disqus.com https://bid.g.doubleclick.net *.taboola.com static-cdn.seeedstudio.com media-cdn.seeedstudio.com relstatic-cdn.seeedstudio.com retcode.alicdn.com arms-retcode.aliyuncs.com/ *.sandbox.braintree-api.com static.cloudflareinsights.com mc.yandex.ru https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 report-to default; 1 font-src *.fontawesome.com *.narvar.com *.narvar.qa *.yotpo.com *.googleapis.com *.gstatic.com *.511tactical.com data: *.dynamicyield.com *.typekit.net assets.bounceexchange.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com *.yotpo.com *.511tactical.com *.facebook.com api.bounceexchange.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.sharethis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com accounts.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.yotpo.com *.trustpilot.com *.511tactical.com *.doubleclick.net *.facebook.com *.google.com *.vimeo.com *.affirm.com assets.bounceexchange.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.adyen.com *.sharethis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.unifaunonline.se https://*.tile.openstreetmap.org/ *.narvar.com *.narvar.qa www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.yotpo.com *.511tactical.com *.facebook.com *.google.com *.gstatic.com via.placeholder.com *.affirm.com *.cookielaw.org *.dynamicyield.com *.riskified.com assets.bounceexchange.com events.bouncex.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.sharethis.com polyfill.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.plugins.emarsys.net *.scarabresearch.com accounts.google.com https://api.unifaun.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.yotpo.com *.trustpilot.com *.511tactical.com bam.nr-data.net cdnjs.cloudflare.com *.cookielaw.org *.doubleclick.net *.google.com *.googleapis.com *.gstatic.com js-agent.newrelic.com player.vimeo.com *.typekit.net *.affirm.com *.datasteam.io *.dynamicyield.com g792337340.co *.riskified.com tag.bounceexchange.com assets.bounceexchange.com api.bounceexchange.com *.hotjar.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com *.fontawesome.com accounts.google.com unsafe-inline *.yotpo.com *.googleapis.com *.trustpilot.com *.511tactical.com *.dynamicyield.com *.typekit.net tag.bounceexchange.com assets.bounceexchange.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.narvar.com *.narvar.qa 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.sharethis.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.scarabresearch.com *.eservice.emarsys.net accounts.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.yotpo.com *.511tactical.com bam.nr-data.net *.doubleclick.net *.google.com *.googleapis.com *.affirm.com *.cookielaw.org *.dynamicyield.com *.facebook.com *.onetrust.com *.riskified.com events.bouncex.net coupons.bounceexchange.com *.cdnwidget.com *.cdnbasket.net dfp.bouncex.net perf-api.wknd.ai 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com assets.bounceexchange.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-sSdfUT_cHs0BOMTTHo5axw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; report-uri https://www.milestonesys.com/csp/report 1 script-src 'self' https://challenges.cloudflare.com https://hcaptcha.com https://static.cloudflareinsights.com https://*.hcaptcha.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/recaptcha/; base-uri 'self'; object-src 'self'; report-uri https://csp.misskey.io/csp-error 1 object-src 'none';base-uri 'self';script-src 'nonce-kB45BEr4SF7lqlSixO5xuQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src 'self' addtocalendar.com cdn.amcharts.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://script.crazyegg.com https://stage-unifiedsearch.geapps.io https://unifiedsearch.geapps.io https://unpkg.com; script-src-attr 'self'; style-src 'self' addtocalendar.com cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://stage-unifiedsearch.geapps.io https://unifiedsearch.geapps.io maxcdn.bootstrapcdn.com; style-src-attr 'self'; frame-ancestors 'self' 1 connect-src analytics.tiktok.com *.google-analytics.com 'self' 'unsafe-inline' wss:;default-src 'self' 'unsafe-inline' wss:;form-action 'self' 'unsafe-inline' wss:;frame-src *.soundcloud.com 'self' 'unsafe-inline' 'unsafe-eval' *.cookiebot.com *.wearekura.com *.google-analytics.com;img-src *.siteimproveanalytics.io analytics.tiktok.com *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' *.cookiebot.com *.wearekura.com *.google-analytics.com;object-src 'none';script-src *.googletagmanager.com siteimproveanalytics.com analytics.tiktok.com 'self' 'unsafe-inline' 'unsafe-eval' *.cookiebot.com *.wearekura.com *.google-analytics.com;style-src 'self' 'unsafe-inline' 'unsafe-eval' *.cookiebot.com *.wearekura.com *.google-analytics.com 'self' 'unsafe-inline' wss: 1 default-src 'self'; connect-src 'self' *.appmaster.io https://analytics.google.com https://*.analytics.google.com https://www.google-analytics.com https://api-iam.intercom.io https://forms.hsforms.com https://maps.googleapis.com wss://*.intercom.io https://stats.g.doubleclick.net www.google.com; font-src 'self' data: https: ; img-src 'self' data: blob: https: ; media-src 'self' data: blob: https: ; object-src 'none'; frame-src 'self' *.appmaster.io *.recaptcha.net *.youtube.com widget.canny.io; base-uri 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample' *.appmaster.io *.hsforms.net *.intercom.io *.intercomcdn.com https://maps.googleapis.com/maps/api/js https://www.googletagmanager.com/gtag/js https://www.gstatic.com/recaptcha/ *.recaptcha.net *.canny.io; manifest-src 'self'; style-src 'self' 'unsafe-inline' 'report-sample' *.appmaster.io https://fonts.googleapis.com; worker-src data: blob:; report-uri https://s.appmaster.io/api/3/security/?sentry_key=f3a1f5e566804120856802b6ba1adda8; report-to apms; 1 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://www.goldderby.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1 frame-ancestors 'self' https://stage.lovdata.no https://smia.lovdata.no/ 1 script-src 'unsafe-inline' 'unsafe-eval' 'self' *.sleekplan.com *.mspbackups.com https://unpkg.com/ionicons@4.5.10-0/dist/ionicons/ d1f8f9xcsvx3ha.cloudfront.net posthog.mon.mspbackups.com https://momentjs.com/downloads/moment-timezone-with-data.min.js https://momentjs.com/downloads/moment.js https://code.jquery.com/jquery-3.5.1.min.js https://accounts.google.com/gsi/client https://alcdn.msauth.net/browser/2.28.1/js/msal-browser.min.js; report-uri /csp-violation-report-endpoint/ 1 font-src *.fontawesome.com *.typekit.net https://fonts.googleapis.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cordialdev.com *.cordial.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.google.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.cordialdev.com *.cordial.com *.cordial.io c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://pay.google.com amc.demdex.net https://photos.pixlee.co 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.adyen.com https://img.youtube.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.lightboxcdn.com *.cdn.searchspring.net https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.cordialdev.com *.cordial.com track.cordial.io s7.addthis.com *.authorize.net assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://cdn.searchspring.net https://checkoutshopper-test.adyen.com *.lightboxcdn.com *.attn.tv *.cdn.searchspring.net *.googletagmanager.com https://widgets.turnto.com we.turnto.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.typekit.net *.pay.google.com fonts.googleapis.com/ https://widgets.turnto.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.cordialdev.com *.cordial.com ekr.zdassets.com/ *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com ws: https://*.a.searchspring.io https://cdn-ws.turnto.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 img-src 'self' data: https: https://*.johnnybet.com/ https://*.johnnybet.com/; default-src 'none'; font-src 'self' data: https://fonts.gstatic.com/ https://*.johnnybet.com/ https://*.johnnybet.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://*.johnnybet.com/ https://*.johnnybet.com/; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com/ https://mc.yandex.ru/metrika/tag.js https://static.hotjar.com https://www.gstatic.com/recaptcha/ https://ajax.googleapis.com/ajax/libs/webfont/ https://www.googletagmanager.com/ https://*.google-analytics.com/ https://bam.nr-data.net/ https://js-agent.newrelic.com/ https://connect.facebook.net/ https://www.googleoptimize.com/ https://script.hotjar.com/ https://*.johnnybet.com/ https://faye.johnnybet.com/faye https://*.johnnybet.com/; media-src 'self' https://*.johnnybet.com/ https://*.johnnybet.com/; frame-src 'self' http: https:; manifest-src 'self' https://*.johnnybet.com/ https://*.johnnybet.com/; connect-src 'self' https://stats.g.doubleclick.net/ https://*.google-analytics.com/ https://bam.nr-data.net/ https://mc.yandex.md/ https://mc.yandex.ru/ https://yandexmetrica.com:* https://*.johnnybet.com/ https://faye.johnnybet.com/faye https://*.johnnybet.com/ 1 report-uri https://mon.tiktokv.com/log/sentry/v2/api/slardar/main/?bid=tiktok_pns&ev_type=csp&revision=308469a3-2dcb-4f15-b24c-6b6c3cf4b827;report-to csp-endpoint;script-src 'unsafe-eval' s20.tiktokcdn.com sf16-website-login.neutral.ttwstatic.com sf16-website.neutral.ttwstatic.com;worker-src https: 1 frame-ancestors 'self' https://*.mastercontrol.com mastercontrol.service-now.com; object-src 'none'; form-action 'self' https://*.mastercontrol.com *.rise.com *.service-now.com mastercontrol.influitive.com gateway.zscloud.net mastercontrol.uservoice.com https://*.facebook.com https://connect.facebook.net; base-uri 'self' https://*.mastercontrol.com https://*.clarity.ms; report-uri https://reportcsp.azurewebsites.net/api/CSPViolation 1 default-src 'self'; script-src 'self' 'nonce-ab40dfb05b8d59dba871746f525a5a2c99b01c5c82a14be969f7ae45f5591996' https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://*.googletagmanager.com https://*.clearbitjs.com https://*.licdn.com http://*.facebook.net https://*.adroll.com https://*.crazyegg.com https://www.clarity.ms http://*.bing.com https://*.bing.com http://*.hs-scripts.com https://*.hs-scripts.com https://*.hs-banner.com https://*.hs-analytics.net https://*.hsadspixel.net https://*.sa-as.com https://*.cloudfront.net https://www.redditstatic.com; script-src-elem 'self' 'nonce-ab40dfb05b8d59dba871746f525a5a2c99b01c5c82a14be969f7ae45f5591996' http://static.ads-twitter.com https://sc.lfeeder.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://tagmanager.google.com https://www.googletagmanager.com https://*.clearbitjs.com https://*.licdn.com http://*.facebook.net https://*.adroll.com https://*.crazyegg.com https://www.clarity.ms http://*.bing.com https://*.bing.com http://*.hs-scripts.com https://*.hs-scripts.com https://*.hs-banner.com https://*.hs-analytics.net https://*.hsadspixel.net https://*.sa-as.com https://*.cloudfront.net https://www.redditstatic.com; img-src 'self' 'nonce-ab40dfb05b8d59dba871746f525a5a2c99b01c5c82a14be969f7ae45f5591996' https://www.google-analytics.com https://*.g.doubleclick.net https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://*.google.com https://*.clearbitjs.com https://*.hsforms.net https://*.adsymptotic.com https://*.linkedin.com https://*.lfeeder.com https://*.cloudfront.net https://track.hubspot.com https://q.quora.com https://*.sa-as.com https://*.reddit.com https://*.bing.com; connect-src 'self' 'nonce-ab40dfb05b8d59dba871746f525a5a2c99b01c5c82a14be969f7ae45f5591996' https://cs.lf-discover.com wss://visitors.live wss://in.visitors.live https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.google-analytics.com https://*.doubleclick.net https://*.leadinfo.net https://d.adroll.com https://*.clarity.ms https://*.crazyegg.com https://*.luckyorange.net https://*.hubapi.com https://*.hubspot.com https://*.hsforms.com https://minio.ghost.io; style-src 'self' 'nonce-ab40dfb05b8d59dba871746f525a5a2c99b01c5c82a14be969f7ae45f5591996' https://*.cloudfront.net http://bat.bing.com https://bat.bing.com https://tagmanager.google.com https://fonts.googleapis.com; font-src 'self' 'nonce-ab40dfb05b8d59dba871746f525a5a2c99b01c5c82a14be969f7ae45f5591996' https://fonts.gstatic.com; object-src 'none'; media-src 'self' 'nonce-ab40dfb05b8d59dba871746f525a5a2c99b01c5c82a14be969f7ae45f5591996' https://*.cloudfront.net; frame-src 'self' 'nonce-ab40dfb05b8d59dba871746f525a5a2c99b01c5c82a14be969f7ae45f5591996' https://bid.g.doubleclick.net https://www.google.com/ https://*.hubspot.com http://minio.lookbookhq.com https://minio.lookbookhq.com http://minio.pathfactory.com https://minio.pathfactory.com http://resources.min.io https://resources.min.ioframe-ancestors 'self' https://*.hubspot.com http://minio.lookbookhq.com https://minio.lookbookhq.com http://minio.pathfactory.com https://minio.pathfactory.com http://resources.min.io https://resources.min.io 1 object-src 'none';base-uri 'self';script-src 'nonce-LVRMeft9pDmQSqldtfbSAg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self'; script-src 'report-sample' 'self' https://cdn.hu-manity.co/hu-banner.min.js https://kit.fontawesome.com/d44fbdfc72.js https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/gtm.js https://www.gstatic.com/recaptcha/releases/lLirU0na9roYU3wDDisGJEVT/recaptcha__en.js https://www.youtube.com/iframe_api; style-src 'report-sample' 'self' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://designer-api.hu-manity.co https://ka-p.fontawesome.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://transactional-api.hu-manity.co https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://www.google.com https://www.youtube.com; img-src 'self' data: https://i.ytimg.com https://www.google.co.uk https://www.google.com; manifest-src 'self'; media-src 'self'; report-uri https://yp41w10j.uriports.com/reports/report; report-to default; worker-src 'none'; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.fico.com c.cintnetworks.com cmp.osano.com ficodotcom.prod.acquia-sites.com *.gstatic.com www.googletagmanager.com media-s3-us-east-1.ceros.com wec-assets.terminus.services bam.nr-data.net www.google-analytics.com cdn.jsdelivr.net js-agent.newrelic.com js.driftt.com content.fico.com pi.pardot.com consent.api.osano.com cdn.commento.io ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 default-src data: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://kontur.ru/csp 1 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: 'unsafe-inline' 'unsafe-eval' data: ; report-uri https://booklog.report-uri.io/r/default/csp/reportOnly 1 default-src 'self' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net/ https://js.stripe.com/v3/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://api.sardine.ai https://static.zdassets.com/ https://ekr.zdassets https://ekr.zendesk.com https://*.zopim.com wss://demonifty.zendesk.com wss://*.zopim.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://edge.fullstory.com/s/ https://static.ads-twitter.com/uwt.js https://sc-static.net/ https://googleads.g.doubleclick.net/ https://tr.snapchat.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://api.dev.sardine.ai https://edge.fullstory.com https://js.stripe.com/v3/ https://www.googletagmanager.com/gtag/js https://connect.facebook.net https://static.ads-twitter.com/uwt.js https://sc-static.net/scevent.min.js https://www.google.com/recaptcha/ https://static.zdassets.com/ https://www.gstatic.com/recaptcha/ https://tr.snapchat.com/ https://www.google-analytics.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://api.sardine.ai https://unpkg.com/@google/model-viewer/dist/model-viewer.min.js https://www.youtube.com https://www.googleoptimize.com; img-src https: blob: data:; connect-src https://api.niftygateway.com https://odysseymarket.niftygateway.com https://api.sandbox.niftygateway.com https://stats.g.doubleclick.net https://www.facebook.com/tr/ https://www.google-analytics.com https://api-js.mixpanel.com ​https://www.clarity.ms wss://widget-mediator.zopim.com https://nifty-qa100.service.aws-qa.sd.gem.link https://demonifty.zendesk.com https://ekr.zdassets.com https://encrypted-tbn0.gstatic.com/images https://lh3.googleusercontent.com https://tr.snapchat.com https://eth-goerli.alchemyapi.io https://search-api-staging.s-niftygateway-001-use1.svc.gem.link https://search-api.niftygateway.com https://search-api-dev.d-niftygateway-001-use1.svc.gem.link https://ipfs.io https://rs.fullstory.com https://session-replay.browser-intake-datadoghq.com https://eth-mainnet.alchemyapi.io https://api.cloudinary.com/v1_1/nifty_gateway/auto/upload https://api.pinata.cloud/pinning/pinFileToIPFS https://openseauserdata.com https://rum.browser-intake-datadoghq.com https://api.x.immutable.com https://i.seadn.io https://cdn.optimizely.com https://img.seadn.io https://storage.opensea.io https://api.opensea.io; font-src https://fonts.gstatic.com https://use.typekit.net/ 'self'; object-src 'self'; media-src https://media.niftygateway.com https://static.zdassets.com https://openseauserdata.com https://storage.opensea.io https://res.cloudinary.com; frame-src https://js.stripe.com/v3/ https://www.google.com https://api.sardine.ai https://api.dev.sardine.ai https://tr.snapchat.com/ https://www.youtube.com; frame-ancestors 'self' 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: wa.appsflyer.com www.ze.delivery *.tiktok.com *.googleapis.com ze.delivery web-sdk-cdn.singular.net auth.split.io api.ze.delivery cdn.cookielaw.org *.facebook.com *.gstatic.com streaming.split.io use.typekit.net docs.google.com *.doubleclick.net api.club.zedelivery.in www.google.com *.onetrust.com tt-10943-6.seg.t.tailtarget.com adservice.google.com *.googleadservices.com *.amazoncognito.com img.saveur-biere.com sdk-api-v1.singular.net www.google.com.br *.mathtag.com *.hotjar.com tags.t.tailtarget.com d.tailtarget.com vc.hotjar.io *.imgix.net t.tailtarget.com wa.onelink.me analytics.google.com websdk.appsflyer.com *.facebook.net b.t.tailtarget.com sdk.split.io tags.w55c.net www.googletagmanager.com events.split.io ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 frame-src https://www.facebook.com https://go.nexon.com.au *.google.com; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.davivienda.com www.google.com.au www.googletagmanager.com www.google.ca *.googleapis.com www.google.ae *.bluekai.com 1.a79ab95c1589a13f8a4cab612bc71f9f7.com www.google.com.mt www.google.co.ve www.google.com.mx www.google.com.gt 1.c81358859121583b7adf2ace89cb39f44.com prod.daviviendaapp.com ponos.zeronaught.com apps.mypurecloud.com *.eloqua.com www.google-analytics.com www.google.pl www.google.nl 1.b406929acabac9b095f124c81bdfcf57f.com www.google.com.ec www.google.ch www.google.com.br www.google.pt www.google.cl www.google.com.pe www.google.it www.google.fr www.google.com.co www.google.com.do cobrowse.mypurecloud.com img03.en25.com cdn.megabonus.com tags.bkrtx.com *.gstatic.com www.google.be *.doubleclick.net *.facebook.net www.google.es region1.google-analytics.com www.google.com region1.analytics.google.com analytics.google.com cdn.jsdelivr.net cdn.scite.ai adservice.google.com overbridgenet.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 font-src *.fontawesome.com *.oreo.com *.onetrust.com *.typekit.net *.cloudflare.com *.googleapis.com *.twitter.com *.gstatic.com *.s3.amazonaws.com *.doogma.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com *.snapchat.com *.bolt.com *.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.sandbox.paypal.com *.paypal.com *.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com *.twitter.com *.doubleclick.net *.snapchat.com *.sandbox.paypal.com *.kaptcha.com *.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com *.gstatic.com *.facebook.com *.oreo.com *.cloudfront.net *.lytics.io 'self' blob: *.typekit.net *.cloudflare.com *.twitter.com *.google.com *.twimg.com *.amazonaws.com *.klarna.com *.googleadservices.com *.ytimg.com *.google.co.in *.doogma.com *.doubleclick.net *.channels.magento.com *.asc-stage-magento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com *.klaviyo.com *.polyfill.io acsbap.com acsbapp.com *.inspectlet.com *.onetrust.com click2cart.co *.typekit.net *.cloudflare.com *.googleapis.com *.twitter.com *.google.com *.twimg.com *.gstatic.com *.trustedshops.com *.fontawesome.com *.doogma.com *.lytics.io *.tiktok.com *.amazonaws.com *.googleadservices.com *.cardinalcommerce.com *.asc-stage-magento.com *.channels.magento.com *.magento-ds.com *.sandbox.paypal.com *.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.fontawesome.com unsafe-inline assets.braintreegateway.com tagmanager.google.com *.klaviyo.com *.onetrust.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.trustedshops.com *.doogma.com *.lytics.io *.amazonaws.com *.usercentrics.eu *.typekit.net *.promo.eprize.com *.myfonts.net *.merkleinc.com *.asc-stage-magento.com *.channels.magento.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.facebook.net *.inspectlet.com *.acsbapp.com *.onetrust.com *.cloudflare.com *.googleapis.com *.twitter.com *.klaviyo.com/ *.doogma.com *.doubleclick.net *.snapchat.com *.asc-stage-magento.com *.channels.magento.com *.adobe.io *.sentry.io *.sandbox.paypal.com *.braintreegateway.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 base-uri 'self'; child-src https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; connect-src 'self' https://*.cliniko.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.honeybadger.io https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com; default-src 'self'; font-src 'self' data: https://*.cloudfront.net https://js.intercomcdn.com; form-action 'self' https://intercom.help https://api-iam.intercom.io; frame-ancestors 'none'; img-src 'self' data: https:; manifest-src 'self'; media-src: https://js.intercomcdn.com script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://cdn.polyfill.io; style-src 'self' 'report-sample' 'unsafe-inline'; report-uri https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly; 1 default-src 'self' *.leaseplan.com *.leaseplandigital.com *.leaseplan.io; script-src 'unsafe-inline' https: 'nonce-BPsXd4YEQPeslK1I5Ysrwg==' 'strict-dynamic'; connect-src 'self' *.ayvens.com *.leaseplan.com edge.adobedc.net ad.doubleclick.net adservice.google.com api.realytics.io api.rudderlabs.com bat.bing.com bis.blastingnews.com browser-http-intake.logs.datadoghq.eu *.browser-intake-datadoghq.eu cdn.cookielaw.org cdn.imagin.studio cdn.linkedin.oribi.io content.hotjar.io csmetrics.hotjar.com geolocation.onetrust.com *.clarity.ms in.hotjar.com leaseplan-dataplane.rudderstack.com m.realytics.io optanon.blob.core.windows.net privacyportal-de.onetrust.com region1.google-analytics.com s.yimg.com sentry-proxy.hotjar.com service.giosg.com settings.luckyorange.net sst.leaseplan.com stats.g.doubleclick.net surveystats.hotjar.io vc.hotjar.io www.facebook.com www.google-analytics.com www.google.com www.leaseplan.it; img-src 'self' data: ad.doubleclick.net bat.bing.com *.clarity.ms cdn.cookielaw.org cdn.imagin.studio i.ytimg.com idt9rpjm7d.execute-api.eu-west-1.amazonaws.com img.youtube.com p1.zemanta.com px.ads.linkedin.com script.hotjar.com tracking.adstrategysites.com tracking.audio.thisisdax.com translate.google.com www.drive.leaseplan.pt www.facebook.com www.google-analytics.com www.google.com www.google.cz www.google.de www.googletagmanager.com www.gstatic.com www.leaseplan.it; media-src 'self' *.leaseplandigital.com www.leaseplanbrand.com; worker-src blob:; style-src 'self' 'unsafe-inline' *.leaseplancdn.com cdn.cookielaw.org maxcdn.bootstrapcdn.com translate.googleapis.com www.leaseplan.it; frame-src 'self' *.leaseplan.com player.vimeo.com www.youtube.com www.youtube-nocookie.com https://map.openchargemap.io widget.klantenthousiasme.nl; font-src 'self' *.leaseplancdn.com; object-src 'none'; base-uri 'none'; 1 default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com fonts.gstatic.com *.fontawesome.com *.aspnetcdn.com *.jsdelivr.net *.googletagmanager.com; img-src * data: *.wistia.com; frame-ancestors 'self'; object-src 'none'; form-action 'self' *.hsforms.com *.agencybloc.com *.spinutech.com https://www.facebook.com/tr/; base-uri 'self'; media-src s3.amazonaws.com blob: *.wistia.com *.wistia.net; report-uri /csp/; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://www.gstatic.com https://maps.googleapis.com https://static.ads-twitter.com https://analytics.twitter.com https://us1.siteimprove.com https://siteimproveanalytics.com/ https://cdn.jsdelivr.net https://snap.licdn.com https://use.typekit.net https://www.instagram.com https://tag.demandbase.com https://cc.cdn.civiccomputing.com https://cdnjs.cloudflare.com https://code.jquery.com https://unpkg.com https://www.tintup.com; script-src-elem 'self' 'unsafe-inline' https://www.google.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://www.gstatic.com https://maps.googleapis.com https://static.ads-twitter.com https://analytics.twitter.com https://us1.siteimprove.com https://siteimproveanalytics.com/ https://cdn.jsdelivr.net https://snap.licdn.com https://use.typekit.net https://www.instagram.com https://tag.demandbase.com https://cc.cdn.civiccomputing.com https://cdnjs.cloudflare.com https://code.jquery.com https://unpkg.com https://www.tintup.com; report-to default; 1 default-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co https://www.youtube.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tvsquared.com *.wargaming.net *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com *.redditstatic.com https://sc-static.net https://ob.cheqzone.com https://analytics.google.com https://www.google.com https://www.google.com.cy https://*.teads.tv https://*.taboola.com https://*.adform.net https://partner.worldoftanks.com https://*.wgcdn.co https://*.gcdn.co https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://www.googleadservices.com https://www.googleoptimize.com https://u360.d-bi.fr https://bat.bing.com https://connect.facebook.net https://googleads.g.doubleclick.net https://*.adroll.com https://*.addthis.com https://*.addthisedge.com https://tag.marinsm.com https://pixel-geo.prfct.co https://static.criteo.net https://*.creative-serving.com https://*.criteo.com https://*.cloudfront.net https://js.gleam.io https://a1.adform.net https://ajax.googleapis.com https://www.youtube.com https://animate.adobe.com https://*.stackadapt.com https://pagead2.googlesyndication.com https://secure.quantserve.com https://rules.quantcount.com https://*.clarity.ms ; style-src 'self' 'unsafe-inline' *.wargaming.net https://fonts.googleapis.com https://*.wgcdn.co https://*.gcdn.co ; img-src 'self' data: android-webview-video-poster: * ; connect-src 'self' *.wargaming.net *.tvsquared.com *.taboola.com *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com *.yimg.com https://sc-static.net https://ob.cheqzone.com https://analytics.google.com https://www.google.com wss://worldoftanks.ru wss://worldoftanks.eu wss://worldoftanks.asia wss://worldoftanks.com https://*.facebook.com https://www.googleoptimize.com https://*.addthis.com https://*.google-analytics.com https://*.analytics.google.com https://ymetrica1.com https://*.cloudfront.net https://google.com https://google.ru https://google.com.ua https://google.by https://google.pl https://www.google.com.cy https://*.googleapis.com https://stackadapt.com https://*.doubleclick.net https://pagead2.googlesyndication.com https://*.clarity.ms https://collect.worldoftanks.eu ; font-src 'self' *.wargaming.net https://fonts.gstatic.com https://*.wgcdn.co https://*.gcdn.co ; media-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co ; frame-src 'self' *.wargaming.net https://tr.snapchat.com https://creativecdn.com https://*.adform.net https://*.facebook.com https://ad3.adfarm1.adition.com https://connect.facebook.net https://www.youtube.com https://bid.g.doubleclick.net https://*.criteo.com https://*.addthis.com https://gleam.io https://*.gcdn.co https://*.wgcdn.co https://aax-eu.amazon-adsystem.com ; object-src 'self' *.wargaming.net https://*.gcdn.co https://www.youtube.com ; report-uri https://cspreport.wargaming.net/cspreport 1 default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.de ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com *.google-analytics.com *.analytics.google.com sanalytics.spreadshirt.de *.spreadshirt.de ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.google-analytics.com *.analytics.google.com *.spreadshirt.de ; font-src 'self' https: data: *.spreadshirt.de ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.de ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.de ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1 connect-src 'self' data: *.amazonaws.com *.analytics.google.com *.google-analytics.com *.doubleclick.net *.facebook.com *.googleapis.com *.gstatic.com *.masonline.id *.nr-data.net *.stockbit.com *.tiktok.com *.youtube.com wss://*.crisp.chat wss://*.stockbit.com analytics.google.com api.trongrid.io cdnma.cdnservice.space client.crisp.chat www.google.co.id; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stockbit.com analytics.tiktok.com apis.google.com app.midtrans.com bam.nr-data.net client.crisp.chat connect.facebook.net d2r1yp2w7bby2u.cloudfront.net js-agent.newrelic.com midtrans.com nr-data.net sg1.wzrkt.com www.google-analytics.com www.google.com/recaptcha/api.js www.googletagmanager.com www.gstatic.com/firebasejs/ www.gstatic.com/recaptcha/ www.youtube.com/iframe_api www.youtube.com/s/player/ ssl.google-analytics.com; worker-src blob:; style-src 'self' 'unsafe-inline' *.cloudfront.net assets-nextjs.stockbit.com client.crisp.chat translate.googleapis.com; object-src 'none'; media-src 'self' assets-nextjs.stockbit.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub1d9a1c8916e2bfd1c2dbec72dd1a5283&dd-evp-origin=content-security-policy&ddsource=csp-report; 1 font-src *.fontawesome.com data: *.hotjar.com github.com cdn.honey.io *.photoslurp.com use.typekit.net *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.redsys.es facebook.com *.adyen.com *.redsys.com *.pinterest.com sas.redsys.es *.facebook.com sas.redsys.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.hotjar.com *.google.com *.addthis.com *.kampyle.com facebook.com docs.google.com *.facebook.com *.pinterest.es *.pinterest.com service.force.com *.criteo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com blob: *.w3.org *.bing.com c.bing.com *.hotjar.com bat.bing.com *.clarity.ms *.google.fr facebook.com *.kampyle.com *.gstatic.com *.ladybird.nl *.google.com *.fbcdn.net *.cookiepro.com *.pinterest.com *.pronovias.com *.facebook.com *.google.es *.photoslurp.com *.googleapis.com *.sanpatrick.com *.nicolemilano.com *.cdninstagram.com instagram.com *.verawangbride.com *.whiteonebridal.com *.googletagmanager.com scontent.fmad7-1.fna.fbcdn.net click.s50.exacttarget.com * data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ s7.addthis.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com unpkg.com *.force.com bat.bing.com *.adyen.com *.pinimg.com *.google.com *.hotjar.com *.tiktok.com dropbox.com gstatic.com *.nr-data.net *.clarity.ms *.moatads.com *.addthis.com *.kampyle.com *.newrelic.com *.gstatic.com *.dropbox.com *.cookiepro.com *.facebook.net *.facebook.com facebook.net *.photoslurp.com *.googleapis.com *.salesforce.com *.addthisedge.com *.secure.force.com http://polyfill.io service.force.com bam.eu01.nr-data.net *.nicolemilano.com *.empathybroker.com x.empathy.co x.staging.empathy.co *.lightning.force.com analytics.tiktok.com *.googletagmanager.com googletagmanager.com *.salesforceliveagent.com static.lightning.force.com *.la3-c1cs-fra.salesforceliveagent.com d.la3-c1cs-fra.salesforceliveagent.com pronoviasgroup.my.salesforce.com *.pinterest.com player.vimeo.com *.surveymonkey.com *.criteo.com ct.pinterest.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.honey.io *.kampyle.com *.force.com *.photoslurp.com service.force.com *.nicolemilano.com gstatic.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.vimeo.com *.akamaized.net *.photoslurp.com player.vimeo.com vod-progressive.akamaized.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net *.tt.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com wss: bat.bing.com *.force.com *.tiktok.com *.nr-data.net *.hotjar.io *.clarity.ms *.vimeo.com d.clarity.ms h.clarity.ms *.kampyle.com *.hotjar.com vc.hotjar.io ws7.hotjar.com *.instagram.com *.cookiepro.com *.pinterest.com *.amazonaws.com client.rum.us-east-1.amazonaws.com sts.eu-west-1.amazonaws.com ws16.hotjar.com ws20.hotjar.com ws22.hotjar.com ws23.hotjar.com ws33.hotjar.com ws34.hotjar.com *.facebook.com *.googleapis.com *.photoslurp.com *.secure.force.com bam.eu01.nr-data.net *.empathybroker.com x.empathy.co x.staging.empathy.co stats.g.doubleclick.net *.google-analytics.com api.empathybroker.com api.empathy.co api.staging.empathy.co api-staging.empathybroker.com pronoviasgroupcti.secure.force.com analytics.pangle-ads.com properties *.criteo.com *.onetrust.com *.pangle-ads.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-oLAnRHd-m4yObplJcPqRJQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' *.gstatic.com *.googleapis.com *.google.com *.google.co.jp *.google-analytics.com *.googlesyndication.com *.g.doubleclick.net *.facebook.com platform.twitter.com www.paydesign.jp www.e-scott.jp reserva.be *.reserva.be; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jquery.com *.google.com *.google.co.jp *.googleapis.com *.googleadservices.com googleads.g.doubleclick.net *.google-analytics.com *.googlesyndication.com *.googletagservices.com *.googletagmanager.com tagmanager.google.com s.yimg.jp *.yahoo.co.jp connect.facebook.net *.twitter.com *.ads-twitter.com *.a8.net *.atown.jp *.felmat.net a.o2u.jp beacon.digima.com cmkt.jp beacon.digima.com d.line-scdn.net in.treasuredata.com js.fout.jp js.ptengine.jp kitchen.juicer.cc static.criteo.net sslwidget.criteo.com sync.im-apps.net *.socdm.com af.tosho-trading.co.jp cdn.audiencedata.net cdn.smartnews-ads.com cdn.treasuredata.com js.crossees.com s.dc-tag.jp tags.bkrtx.com www.paydesign.jp www.e-scott.jp; style-src 'self' 'unsafe-inline' *.googleapis.com fonts.gstatic.com www.paydesign.jp www.e-scott.jp; img-src 'self' *.google.com *.google.co.jp googleads.g.doubleclick.net *.google-analytics.com *.googlesyndication.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.facebook.com *.yahoo.co.jp a.ddli.jp a.o2u.jp b.audiencedata.net cnt.fout.jp cm.g.doubleclick.net i.smartnews-ads.com in.treasuredata.com t.co tags.bluekai.com tg.socdm.com data: ; font-src 'self' *.googleapis.com www.paydesign.jp www.e-scott.jp fonts.gstatic.com data: ; report-uri https://cts.reserva.be/csp-report ; 1 font-src *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com cloud.webtype.com use.fontawesome.com *.hotjar.com oppwa.com *.oppwa.com *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com oppwa.com *.oppwa.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.adyen.com *.awin1.com *.zenaps.com *.fls.doubleclick.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com *.cookiebot.com www.youtube.com vars.hotjar.com oppwa.com *.oppwa.com *.adventr.io *.mainadv.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com *.awin1.com *.zenaps.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com pls.webtype.com www.w3.org data: www.google.com www.google.de www.google.com.ua googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com *.ytimg.com bat.bing.com head.locally.com *.hotjar.com img.youtube.com *.oppwa.com oppwa.com *.ometria.com *.crobox.io *.crobox.com https://a.klaviyo.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com www.google-analytics.com www.youtube.com *.adyen.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com jquery.sellxed.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com js-agent.newrelic.com bam.nr-data.net www.google.com *.googleapis.com *.scarabresearch.com head.locally.com bat.bing.com hit.uptrendsdata.com/ static.hotjar.com script.hotjar.com www.googleadservices.com *.cookiebot.com connect.getflowbox.com www.gstatic.com *.abtasty.com *.oppwa.com oppwa.com *.ometria.com *.upsellit.com *.crobox.io https://static.klaviyo.com https://fast.a.klaviyo.com *.yotpo.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com cloud.webtype.com use.fontawesome.com oppwa.com *.oppwa.com *.typenetwork.com *.fontawesome.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com https://the.sciencebehindecommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com bam.nr-data.net webchannel-content.eservice.emarsys.net recommender-eu.scarabresearch.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.hotjar.com *.hotjar.io wss://*.hotjar.com oppwa.com *.oppwa.com hit.uptrendsdata.com/ *.abtasty.com *.paypal.com https://static.klaviyo.com https://fast.a.klaviyo.com *.yotpo.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src *.head.com *.head-test.com *.zoggs.com *.zoggs-test.com *.mares.com *.mares-test.com *.tyrolia.com *.tyrolia-test.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-ZerbswHaChP8povC53HuYw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-ZNJQFrzyFn9fZLz0JjXLZQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.akamaihd.net onetag-sys.com mp.4dex.io *.rubiconproject.com www.coursehero.com seal.digicert.com *.criteo.com *.googlesyndication.com *.dotomi.com cdn.confiant-integrations.net api.rollbar.com cdn.jsdelivr.net rules.quantcount.com assets.coursehero.com tlx.3lift.com api.attentionxyz.com *.amazon-adsystem.com conf.lngtd.com btlr.sharethrough.com *.adsafeprotected.com bam.nr-data.net exchange.postrelease.com www.symbolab.com accounts.google.com ads.stickyadstv.com ice.360yield.com *.doubleverify.com hbopenbid.pubmatic.com longitudeads-com.videoplayerhub.com *.onetrust.com *.bidswitch.net protected-by.clarium.io cdn.id5-sync.com ib.adnxs.com *.openx.net *.gstatic.com prebid.media.net acdn.adnxs.com *.doubleclick.net rp.liadm.com *.ampproject.org ats.rlcdn.com www.recaptcha.net g2.gumgum.com www.google-analytics.com cadmus.script.ac c.gumgum.com pixel.quantserve.com cdn.cookielaw.org contextual.media.net *.moatpixel.com js-agent.newrelic.com script.4dex.io secure.quantserve.com api.amplitude.com www.google.com px.moatads.com s.lngtdv.com *.adsrvr.org lb.eu-1-id5-sync.com api.btloader.com cdnjs.cloudflare.com www.googletagmanager.com geo.privacymanager.io secure.cdn.fastclick.net *.criteo.net lngtd.com ad-delivery.net ads.pubmatic.com js.recurly.com c.4dex.io cdn.amplitude.com lexicon.33across.com it.lngtd.com idx.liadm.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.linkedin.com www.parentpay.com js.hsleadflows.net *.hubspot.com js.hs-banner.com cdn.cookielaw.org www.google.co.uk *.gstatic.com okt.to region1.analytics.google.com www.google.com js.hsadspixel.net www.googletagmanager.com api.hubapi.com *.licdn.com js.hs-scripts.com app.parentpay.com *.onetrust.com region1.google-analytics.com js-na1.hs-scripts.com *.doubleclick.net analytics.google.com js.usemessages.com www.google.im maxcdn.bootstrapcdn.com static.oktopost.com js.hs-analytics.net *.googleapis.com adservice.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.statssa.gov.za *.gstatic.com www.youtube.com www.googletagmanager.com *.googleapis.com *.doubleclick.net region1.google-analytics.com ssl.google-analytics.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 frame-ancestors 'self' https://mob.primericaonline.com https://*.primericaonline.com 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.adroll.com www.google.fr *.googleapis.com www.youtube.com www.googletagmanager.com *.gstatic.com www.google.com.eg www.google.com ipv6.6sc.co www.google.com.np www.google.co.in www.google.co.jp analytics.google.com secure.gravatar.com www.google.co.kr www.google.com.sa bam.nr-data.net www.google.com.ng www.google.com.mx cdn.bizible.com www.google.de js-agent.newrelic.com cdn.bizibly.com *.doubleclick.net www.google.co.za *.imperva.com www.brighttalk.com jscloud.net www.google.se www.google.com.my c.6sc.co www.google.co.ke www.google.com.vn *.optimizely.com www.google.com.tr www.google.com.tw www.google.com.gh gc.kis.v2.scr.kaspersky-labs.com www.google.pl edge.fullstory.com www.google.com.ua cdn.cookielaw.org www.google.nl imperva.piwik.pro www.google.com.pk www.google.ae www.google.com.bd www.google.com.hk www.google.es imperva.containers.piwik.pro www.google.ie www.google.ca j.6sc.co www.google.lk www.google.com.co region1.analytics.google.com *.onetrust.com www.google.co.uk www.google.it adservice.google.com b.6sc.co www.google-analytics.com www.google.com.sg www.google.com.et www.google.co.id rs.fullstory.com www.google.co.il munchkin.marketo.net *.mktoresp.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 font-src fonts.gstatic.com use.typekit.net *.salesforce-sites.com *.salesforce.com *.force.com *.salesforceliveagent.com yotpo-stool.s3.amazonaws.com *.cloudflare.com *.googleapis.com www.google-analytics.com *.gstatic.com *.twitter.com *.typekit.net *.twimg.com *.yotpo.com 'self' data: *.bounceexchange.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.salesforce-sites.com *.salesforce.com *.force.com *.salesforceliveagent.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.bounceexchange.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.salesforce-sites.com *.salesforce.com *.force.com *.salesforceliveagent.com *.barbour.com *.jbs-uat.com admin.barbour.com 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.googletagmanager.com *.adyen.com *.sharethis.com *.salesforce-sites.com *.salesforce.com *.force.com *.salesforceliveagent.com www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.twitter.com *.youtube.com *.hotjar.com *.hotjar.io *.vimeo.com *.google.com *.paypal.com *.bounceexchange.com *.doubleclick.net *.pinterest.com *.facebook.com *.yotpo.com *.addthis.com *.dotmailer-surveys.com *.barbour.com *.jbs-uat.com admin.barbour.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com 'unsafe-inline' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com p.typekit.net s.ytimg.com *.adyen.com *.sharethis.com *.salesforce-sites.com *.salesforce.com *.force.com *.salesforceliveagent.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.postcodeanywhere.co.uk *.cloudflare.com *.google.com *.google.co.uk maps.gstatic.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.yotpo.com yotpo-stool.s3.amazonaws.com https://yotpo-editor-production.s3.amazonaws.com *.doubleclick.net *.curalate.com wf1.mywebdata.co.uk *.bounceexchange.com *.bouncex.net *.paypal.com *.ytimg.com *.facebook.com *.facebook.net *.fbcdn.net *.klarna.com *.twitter.com *.twimg.com *.lightemporium.com *.usercentrics.eu *.barbour.com *.jbs-uat.com admin.barbour.com *.pinterest.com *.unpkg.com *.qubitproducts.com *.qubit.com *.gstatic.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.youtube.com *.adyen.com *.sharethis.com *.salesforce-sites.com *.salesforce.com *.force.com *.salesforceliveagent.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.postcodeanywhere.co.uk *.bugherd.com *.cloudflare.com *.pcapredict.com acsbapp.com *.cloudflareinsights.com analytics.tiktok.com *.google.com *.gstatic.com *.google-analytics.com *.twimg.com *.paypal.com *.googletagmanager.com *.googleapis.com *.twitter.com *.yotpo.com js-agent.newrelic.com *.nr-data.net *.doubleclick.net *.hotjar.com *.hotjar.io www.bugherd.com *.iubenda.com *.iesnare.com *.newrelic.com s.pinimg.com wf1.mywebdata.co.uk *.pingdom.net *.bounceexchange.com *.curalate.com *.goqubit.com js.facebook.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.addthis.com *.moatads.com *.addthisedge.com *.dotmailer-surveys.com *.klarnaservices.com *.barbour.com *.jbs-uat.com admin.barbour.com 'unsafe-inline' data: *.bing.com *.wknd.ai https://www.googletagmanager.com tagmanager.google.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com *.sharethis.com *.salesforce-sites.com *.salesforce.com *.force.com *.salesforceliveagent.com cdn.dnky.co webchat.dotdigital.com *.cloudflare.com *.google.com *.gstatic.com *.google-analytics.com *.googleapis.com 'unsafe-inline' data: *.twitter.com *.typekit.net *.yotpo.com *.twimg.com *.postcodeanywhere.co.uk *.bounceexchange.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.klarnacdn.net *.barbour.com *.jbs-uat.com admin.barbour.com *.unpkg.com *.qubitproducts.com tagmanager.google.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.salesforce-sites.com *.salesforce.com *.force.com *.salesforceliveagent.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.iesnare.com *.cdnwidget.com *.barbour.com *.jbs-uat.com admin.barbour.com *.pinterest.com data: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.sandbox.paypal.com *.adobe.io performance.typekit.net *.adyen.com *.sharethis.com *.salesforce-sites.com *.salesforce.com *.force.com *.salesforceliveagent.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.postcodeanywhere.co.uk *.acsbapp.com *.cloudflare.com *.google-analytics.com *.google.com *.googlesyndication.com *.twitter.com *.paypal.com *.twimg.com *.yotpo.com *.nr-data.net *.doubleclick.net analytics.tiktok.com *.hotjar.com *.hotjar.io wss://mpsnare.iesnare.com *.mpsnare.iesnare.com *.iubenda.com *.curalate.com *.qubit.com *.pingdom.net *.qubitproducts.com *.pinterest.com *.facebook.com *.barbour.com *.jbs-uat.com admin.barbour.com *.unpkg.com *.bouncex.net *.bounceexchange.com *.cdnwidget.com *.cdnbasket.net https://www.google-analytics.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src *.salesforce-sites.com *.salesforce.com *.force.com *.salesforceliveagent.com *.bounceexchange.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' ; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.forbes.pl::PROD_USP 1 object-src 'none'; 1 default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /report-csp-violation 1 object-src 'none';base-uri 'self';script-src 'nonce-kk41XxTaQAz7ks0I_uK2OA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 report-uri /csp-log.php; report-to csp-log-endpoint; default-src 'none'; img-src 'self' data: https://werbung.leipzig.de/ https://data.leipzig.de/ https://static.leipzig.de/ https://www.gstatic.com/images/; script-src 'self' 'unsafe-inline' https://www.leipzig.de/ https://static.leipzig.de/ https://werbung.leipzig.de/delivery/ https://vrweb15.linguatec.org/VoiceReaderWeb15User/player20/scripts/ https://chatbot115.km.usu.com/kfirst-widget/vendor/ https://chatbot115.km.usu.com/kfirst-widget/js/ https://dev.lehst.de/; style-src 'self' 'unsafe-inline' https://static.leipzig.de/ https://vrweb15.linguatec.org/VoiceReaderWeb15User/player/styles/ https://chatbot115.km.usu.com/kfirst-widget/css/ https://chatbot115.km.usu.com/kfirst-widget/vendor/ https://dev.lehst.de/; font-src 'self' https://static.leipzig.de/ https://chatbot115.km.usu.com/kfirst-widget/vendor/ https://fonts.gstatic.com/; media-src 'self' https://static.leipzig.de/ https://vrweb15.linguatec.org/VoiceReaderWeb15User/player20/scripts/; connect-src 'self' https://vrweb15.linguatec.org/VoiceReaderWeb15WebService/ https://dev.lehst.de/ https://chatbot115.km.usu.com/kfirst-widget/api/ https://chatbot115.km.usu.com/kfirst-widget/icons/ https://www.leipzig.de/; frame-src https://www.youtube-nocookie.com/embed/ https://chatbot115.km.usu.com/ https://tnv.leipzig.de https://s-leipzig.maps.arcgis.com https://geoportal.leipzig.de https://www.blitzvideoserver.de https://tportal.toubiz.de https://kwis-web.leipzig.de; 1 default-src https: 'unsafe-inline' 'unsafe-eval' ; frame-src https://* about: javascript: ; img-src https://* data: ; report-to vkpay-csp-endpoint ; report-uri https://cspreport.mail.ru/vkpay?disposition=report 1 default-src 'self' www.youtube.com *.stripe.com *.addthis.com; script-src 'self' assets.sutori.com *.twitter.com *.twimg.com 'unsafe-inline' *.stripe.com apis.google.com 'unsafe-eval' maps.googleapis.com *.crisp.chat *.crisp.im www.youtube.com *.ytimg.com *.addthis.com *.addthisedge.com data: z.moatads.com *.pinterest.com *.iubenda.com cdn.thinglink.me http://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js https://www.thinglink.com *.instagram.com connect.facebook.net *.imgur.com *.flickr.com blob: cdn.headwayapp.co risk.clearbit.com teams.microsoft.com https://cdnjs.cloudflare.com/ajax/libs/lamejs/1.2.0/lame.min.js; script-src-elem assets.sutori.com *.twitter.com *.twimg.com 'unsafe-inline' *.googletagmanager.com *.stripe.com https://apis.google.com/ accounts.google.com 'unsafe-eval' maps.googleapis.com *.crisp.chat *.crisp.im www.youtube.com *.ytimg.com *.addthis.com *.addthisedge.com data: z.moatads.com *.pinterest.com *.iubenda.com cdn.thinglink.me http://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js https://www.thinglink.com *.instagram.com connect.facebook.net *.imgur.com *.flickr.com blob: cdn.headwayapp.co risk.clearbit.com teams.microsoft.com play.vidyard.com challenges.cloudflare.com; worker-src blob:; font-src 'self' data: assets.sutori.com fonts.gstatic.com https://client.crisp.chat; connect-src 'self' https://www.googleapis.com wss://www.sutori.com assets.sutori.com s3.amazonaws.com/assets.sutori.com *.google-analytics.com *.stripe.com accounts.google.com maps.googleapis.com api.amplitude.com wss://*.crisp.chat https://*.crisp.chat *.addthis.com https://syndication.twitter.com/settings https://*.wikipedia.org geo.query.yahoo.com *.flickr.com api.unsplash.com risk.clearbit.com login.microsoftonline.com blob:; img-src 'self' data: * maps.googleapis.com https://maps.gstatic.com/mapfiles/api-3/images/ https://csi.gstatic.com/ https://i.ytimg.com *.addthis.com *.pinterest.com *.iubenda.com; style-src 'self' assets.sutori.com platform.twitter.com 'unsafe-inline' accounts.google.com *.googleapis.com https://client.crisp.chat *.iubenda.com cdn.thinglink.me https://ton.twimg.com cdn.headwayapp.co; media-src 'self' assets.sutori.com https://client.crisp.chat blob:; child-src 'self' * https://www.sutori.com *.stripe.com https://www.google.com/ https://www.youtube-nocookie.com/embed/ https://www.youtube.com/embed/ *.addthis.com *.pinterest.com blob:; manifest-src assets.sutori.com; 1 default-src *.kuajingmaihuo.com *.cdnfe.com wss://seller.kuajingmaihuo.com blob: data: 'unsafe-eval' 'unsafe-inline';report-uri /api/sec-csp/110000010/report 1 default-src 'self' *.relay42.com 6162542.fls.doubleclick.net;script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.centraalbeheer.nl *.doubleclick.net *.facebook.net *.google.com *.googlesyndication.com *.hs-scripts.com *.linkedin.com *.r42tag.com *.relay42.com *.svtrd.com *.usabilla.com achmeadpm.achmea.nl:9999 ajax.googleapis.com api.usabilla.com app.contentsquare.com bat.bing.com cba.nmrc.nl cdn.ampproject.org cdn.harvest.graindata.com d6tizftlrpuof.cloudfront.net googleads.g.doubleclick.net https://www.googleoptimize.com https://www.googletagmanager.com js.hs-analytics.net js.hs-banner.com js.hsadspixel.net js.hsleadflows.net js.monitor.azure.com js.usemessages.com maps.googleapis.com player.quadia.net r.bing.com snap.licdn.com static.cloud.coveo.com surfly.com t.contentsquare.net tags.nmrc.nl www.dwin1.com www.google-analytics.com www.googleadservices.com www.youtube.com www.zenaps.com www.awin1.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com d6tizftlrpuof.cloudfront.net www.google.com optimize.google.com static.cloud.coveo.com;img-src 'self' data: *.centraalbeheer.nl *.contentsquare.net *.doubleclick.net *.googlesyndication.com *.r42tag.com *.relay42.com *.svtrd.com *.svtrd.com *.usabilla.com adservice.google.com adservice.google.nl bat.bing.com c.az.contentsquare.net c.contentsquare.net cba.imgix.net clients1.google.com d6tizftlrpuof.cloudfront.net forms.hubspot.com https://www.googletagmanager.com l.contentsquare.net linkedin.com maps.googleapis.com maps.gstatic.com optimize.google.com px.ads.linkedin.com px4.ads.linkedin.com region1.analytics.google.com region1.google-analytics.com server.arcgisonline.com track.hubspot.com www.advieskeuze.nl www.awin1.com www.facebook.com www.google-analytics.com www.google.com www.google.nl www.googleapis.com www.googletagmanager.com www.zenaps.com https://i.ytimg.com;font-src 'self' fonts.gstatic.com;connect-src 'self' analytics.cloud.coveo.com *.achmea.nl *.centraalbeheer.nl *.contentsquare.net *.doubleclick.net *.facebook.net *.googlesyndication.com *.hubapi.com *.nxtid.nl api.advieskeuze.nl api.hsforms.com api.hubspot.com api.usabilla.com bat.bing.com c.az.contentsquare.net c.contentsquare.net calculations.figlo.com cba.imgix.net cba.nmrc.nl controle.achmea.consentmonitor.nl https://*.in.applicationinsights.azure.com forms.hubspot.com formulier.centraalbeheer.nl geocode.arcgis.com k-aeu1.contentsquare.net l.contentsquare.net maps.googleapis.com r.contentsquare.net region1.analytics.google.com region1.google-analytics.com surfly.com t.svtrd.com wss://bat.bing.com www.google-analytics.com www.google.com *.service.signalr.net wss://*.service.signalr.net adservice.google.com adservice.google.nl px.ads.linkedin.com;media-src 'self';object-src 'self';child-src 'self' blob: youtube.com *.doubleclick.net t.svtrd.com cba.nmrc.nl www.youtube-nocookie.com youtube-nocookie.com surfly.com optimize.google.com d6tizftlrpuof.cloudfront.net redirect.surfly.com centraalbeheer-nl-p.surfly.com surfly.com surfly-com-p.surfly.com *.centraalbeheer.nl player.quadia.net localfocuswidgets.net;frame-ancestors 'self' youtube.com www.youtube-nocookie.com youtube-nocookie.com player.quadia.net;form-action * 'self' t.svtrd.com *.achmea.nl;manifest-src 'self';report-uri https://centraalbeheer.ams.report-uri.com/r/t/csp/enforce; 1 base-uri 'none'; default-src 'none'; style-src 'self' 'unsafe-inline' https://music-bandlink.s3.yandex.net https://ticketscloud.com; script-src 'sha256-/aSFeaaNLwe2p05CXmjrjDdTjRF5kF8ag4T4gOkbxv8=' 'nonce-a291e6af0a6e0694e601e80cfed7090a1e29009d6af7f22775a0605b638fc8ed' 'self' https://api.band.link https://music-bandlink.s3.yandex.net https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://googleads.g.doubleclick.net https://connect.facebook.net https://analytics.tiktok.com https://vk.com https://top-fwz1.mail.ru https://static.tildacdn.com https://ticketscloud.com https://music-bandlink.s3.yandex.net https://music-bandlink-qa.s3.yandex.net https://bandlink.radario.ru https://yastatic.net https://mc.yandex.ru https://mc.yandex.com https://mc.webvisor.com https://mc.webvisor.org; connect-src 'self' https://api.band.link https://music-bandlink.s3.yandex.net https://www.google-analytics.com https://adservice.google.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://analytics.google.com https://analytics.tiktok.com https://login.vk.com https://top-fwz1.mail.ru https://stat.tildacdn.com https://ticketscloud.com https://api.music.apple.com https://mc.admetrica.ru https://yandexmetrica.com:* https://api.qa.bandlink.yandex-team.ru https://new.api.band.link https://music-bandlink-radar.qa.in.yandex-team.ru https://music-bandlink-radar.stable.in.yandex-team.ru https://mc.yandex.ru https://mc.yandex.com https://mc.webvisor.com https://mc.webvisor.org; img-src 'self' https://api.band.link https://music-bandlink.s3.yandex.net data: https://analytics.tiktok.com https://www.facebook.com https://graph.facebook.com https://vk.com https://login.vk.com https://top-fwz1.mail.ru https://*.userapi.com https://*.mzstatic.com https://*.cdninstagram.com https://*.fbcdn.net https://*.ytimg.com https://i.mycdn.me https://i.scdn.co e-cdn-images.dzcdn.net https://img.youtube.com https://www.google.ru https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://yastatic.net https://avatars.yandex.net https://mc.admetrica.ru https://mc.yandex.ru https://mc.yandex.com https://mc.webvisor.com https://mc.webvisor.org; media-src 'self' https://api.band.link https://music-bandlink.s3.yandex.net https://audio-ssl.itunes.apple.com https://video-ssl.itunes.apple.com; frame-src https://frame-analytics.band.link https://www.facebook.com blob: bytedance: sslocal: https://mc.yandex.ru https://mc.yandex.md https://music.yandex.ru https://ticketscloud.com https://www.youtube.com https://youtube.com https://w.soundcloud.com https://www.google.com; font-src 'self' https://static.tildacdn.com yastatic.net; manifest-src 'self'; report-uri https://csp.yandex.net/csp?project=bandlink&from=band.link 1 default-src https: wss: blob:; connect-src https: wss: blob:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' blob:; img-src https: data: blob:; font-src https: data: blob:; object-src https: data:; media-src https: data: blob:; frame-ancestors 'none'; report-uri /security/csp_violations 1 : default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' 1 font-src fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com *.fontawesome.com data: *.gstatic.com *.core.windows.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.olaelectric.com *.olacabs.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ cdn.dnky.co *.hotjar.com *.google.com *.facebook.com *.trustpilot.com *.criteo.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com cdn.moengage.com *.book.olaelectric.com *.cloudinary.com *.magezon.com *.cdn.olaelectric.com *.olaelectric.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.google.com *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com *.gstatic.com *.linkedin.com *.googletagmanager.com gallery.mailchimp.com *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net *.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://www.magezon.com *.core.windows.net d34kmefuuy0be0.cloudfront.net evprodcdn.blob.core.windows.net *.olaelectric.com 'self' *.cloudfront.net *.olacabs.com *.azureedge.net *.stg.corp.olacabs.com *.corp.olacabs.com *.blob.core.windows.net *.ev-discovery-80.stg.corp.olacabs.com cdn.olaelectric.com *.cloudinary.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.paypal.com *.google.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytics.com *.trustpilot.com *.newrelic.com *.nr-data.net cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com cdn.mouseflow.com *.licdn.com *.ads-twitter.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.core.windows.net unpkg.com *.olaelectric.com *.blob.core.windows.net *.unpkg.com cdn.moengage.com *.highcharts.com cdn.olaelectric.com *.cloudinary.com *.ev.corp.olaelectric.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net unsafe-inline *.core.windows.net *.google.com unpkg.com *.olaelectric.com *.cloudinary.com *.cdn.olaelectric.com *.ev.corp.olaelectric.com 'self' 'unsafe-inline'; object-src *.cloudinary.com *.cdn.olaelectric.com 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com *.cloudfront.net *.core.windows.net 'self' *.azureedge.net *.olacabs.com *.stg.corp.olacabs.com *.corp.olacabs.com *.blob.core.windows.net *.ev-discovery-80.stg.corp.olacabs.com *.olaelectric.com cdn.olaelectric.com *.cloudinary.com *.magezon.com 'self' 'unsafe-inline'; manifest-src *.cloudinary.com *.magezon.com *.cdn.olaelectric.com *.olaelectric.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.nr-data.net *.clarity.ms *.facebook.com *.datatrics.com *.linkedin.oribi.io *.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.core.windows.net demotiles.maplibre.org api.geospoc.io *.olaelectric.com sdk-02.moengage.com *.magezon.com *.cdn.olaelectric.com *.corp.olacabs.com *.olacabs.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com *.cloudinary.com *.cdn.olaelectric.com *.olaelectric.com http: https: blob: 'self' 'unsafe-inline'; default-src *.cloudinary.com *.magezon.com *.cdn.olaelectric.com *.olaelectric.com *.corp.olacabs.com *.olacabs.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self'; style-src 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://optimize.google.com https://fonts.googleapis.com; script-src 'self' https://*.smallcase.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://app.link https://script.hotjar.com https://static.hotjar.com https://www.youtube.com https://s.ytimg.com https://apis.google.com https://connect.facebook.net https://*.razorpay.com https://*.gateway-tt.in https://cdn.segment.com https://cdn.amplitude.com https://cdn.moengage.com https://stackpath.bootstrapcdn.com https://a.quora.com https://q.quora.com 'unsafe-eval' 'unsafe-inline' https://appleid.cdn-apple.com https://cdn.branch.io https://optimize.google.com https://www.googleoptimize.com https://*.googlesyndication.com https://partner.googleadservices.com https://www.googletagservices.com https://adservice.google.com https://adservice.google.co.in https://*.tickertape.in https://*.vmax.com https://*.smartyads.com https://*.itdsmr.com https://*.google.com https://www.gstatic.com https://*.nexum.smallcase.com https://securepubads.g.doubleclick.net; img-src 'self' data: https://*.tickertape.in http://*.tickertape.in https://*.smallcase.com https://*.cloudfront.net https://s3.ap-south-1.amazonaws.com https://s3.amazonaws.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.google.com https://www.google.co.in https://pocket-image-cache.com https://*.ytimg.com https://script.hotjar.com https://premium.thehindubusinessline.com https://thehindubusinessline.com https://thehindu.com https://www.thehindu.com https://www.thehindubusinessline.com https://*.reutersmedia.net https://img.youtube.com https://www.facebook.com https://cdn.razorpay.com https://d36bckgfrodyym.cloudfront.net https://moe-email-campaigns.s3.amazonaws.com https://image.moengage.com https://via.placeholder.com https://q.quora.com https://optimize.google.com https://*.tenor.com https://d3jkipq6ucdzmu.cloudfront.net https://pagead2.googlesyndication.com https://www.dspim.com https://*.vmax.com https://*.smartyads.com https://*.itdsmr.com https://dummyimage.com https://*.dummyimage.com https://*.coolbootsmedia.com https://*.pubmatic.com https://*.ergadx.com https://*.criteo.com https://*.themediagrid.com https://*.Pubmatic.com https://*.openx.com https://*.rubiconproject.com https://*.colombiaonline.com https://*.teads.tv https://*.rubiconproject.com https://*.triplelift.com; connect-src https://*.tickertape.in http://*.tickertape.in wss://*.tickertape.in https://*.smallcase.com https://www.google-analytics.com https://www.googletagmanager.com https://*.branch.io https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://surveystats.hotjar.io https://stats.g.doubleclick.net https://graph.facebook.com https://*.razorpay.com https://cdn.segment.com https://api.segment.io https://api.amplitude.com/ https://s3.ap-south-1.amazonaws.com https://sdk-01.moengage.com https://sdk-02.moengage.com https://sdk-03.moengage.com https://d36bckgfrodyym.cloudfront.net https://*.s3.ap-south-1.amazonaws.com https://analytics.google.com https://optimize.google.com https://*.tenor.com https://d3jkipq6ucdzmu.cloudfront.net https://pagead2.googlesyndication.com https://*.vmax.com https://*.amplitude.com:* https://*.smartyads.com https://*.itdsmr.com https://*.google.com https://firebaseremoteconfig.googleapis.com https://firebaseinstallations.googleapis.com https://firebase.googleapis.com https://*.facebook.com https://*.nexum.smallcase.com https://securepubads.g.doubleclick.net; frame-src https://connect.smallcase.com https://connect.smallca.se https://gateway.smallca.se/ https://vars.hotjar.com https://www.googletagmanager.com https://accounts.google.com https://www.youtube.com https://api.razorpay.com https://*.gateway-tt.in https://cdn.moengage.com https://optimize.google.com https://*.tenor.com https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://smallcase.zerodha.com https://*.vmax.com https://*.smartyads.com https://*.itdsmr.com https://*.google.com https://securepubads.g.doubleclick.net; font-src 'self' data: https://script.hotjar.com https://fonts.gstatic.com https://fonts.gstatic.com; frame-ancestors 'self' https://*.smallcase.com; object-src 'none'; report-uri https://sentry.smallcase.com/api/87/security/?sentry_key=fca379fbdc3c49029e8a98bb96a88db2&sentry_environment=production&sentry_release=tickertape-web@8.9.0@production 1 object-src 'none';base-uri 'self';script-src 'nonce-fM3-IXu_D3tzH7Pp6IY3fw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 base-uri 'self'; default-src 'self'; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://mc.yandex.ru https://vk.com https://top-fwz1.mail.ru https://widget.me-talk.ru wss://widget.me-talk.ru https://static.me-talk.ru https://tagmanager.google.com https://www.googletagmanager.com https://score.juicyscore.net https://mc.yandex.ru https://zaymer-api-stage.itrf.tech/socket.io https://www.zaymer.ru/socket.io https://covenant-eu.robocash.global; script-src 'sha256-LsBAgSWhVEVv8/eF5bnWMlmguKx/72ZPoSpVb5LVvYE=' 'nonce-bFf6tlAGo7fUWZ3dFyyITg==' 'self' 'self' 'sha256-TVh24Vdb7GTzT63NsxngfGhs0KMXeoymEQStL6oHOQM=' https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://apis.google.com https://static.cloudflareinsights.com https://mc.yandex.ru https://yastatic.net https://admin.verbox.ru https://top-fwz1.mail.ru https://vk.com https://static.me-talk.ru https://tagmanager.google.com https://score.juicyscore.net; img-src 'self' https://www.googletagmanager.com https://www.google.ru https://www.google.com https://stats.g.doubleclick.net https://www.google-analytics.com https://mc.yandex.ru https://top-fwz1.mail.ru https://vk.com data:; font-src 'self' https://fonts.gstatic.com data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com; frame-src 'self' www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://mc.yandex.ru https://top-fwz1.mail.ru blob:; form-action 'self'; frame-ancestors 'none'; child-src https://mc.yandex.ru blob: ; object-src 'none'; report-uri https://covenant-eu.robocash.global/report/zaymer-ru-front 1 default-src 'self' https://assets.suburbia.com.mx; script-src 'self' https://assets.suburbia.com.mx; script-src 'self' https://assets.suburbia.com.mx* 'unsafe-inline'; font-src 'self' https://assets.suburbia.com.mx; script-src https://assets.suburbia.com.mx; style-src 'self' https://assets.suburbia.com.mx 1 object-src 'none';base-uri 'self';script-src 'nonce-QIf9AzT2hC8qmL2WX7WvXA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.net ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com *.google-analytics.com *.analytics.google.com sanalytics.spreadshirt.net *.spreadshirt.net ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.google-analytics.com *.analytics.google.com *.spreadshirt.net ; font-src 'self' https: data: *.spreadshirt.net ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.net ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.net ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: media-s3-us-east-1.ceros.com cdn.commento.io www.google-analytics.com ficodotcom.prod.acquia-sites.com content.fico.com bam.nr-data.net cmp.osano.com www.fico.com c.cintnetworks.com *.gstatic.com wec-assets.terminus.services consent.api.osano.com js-agent.newrelic.com www.googletagmanager.com pi.pardot.com js.driftt.com cdn.jsdelivr.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.ubagroup.com www.google.co.za cdnt.netcoresmartech.com wdc.netcoresmartech.com www.google.cd *.doubleclick.net www.google.bf *.ads-twitter.com data.stbuttons.click t.co www.google.ci www.google.bj *.gstatic.com *.freshchat.com www.google.cm *.facebook.com maps.google.com www.google.fr *.googleapis.com translate.google.com www.google.co.uk tw.netcore.co.in cdn.jsdelivr.net region1.analytics.google.com psegment.netcoresmartech.com *.alicdn.com www.googletagmanager.com *.licdn.com www.google.ca ubagroup.com www.google.com www.google.co.zm js.boxx.ai l.sharethis.com www.google.com.ng *.linkedin.com analytics.google.com secure.gravatar.com *.facebook.net www.google.sn www.youtube.com www.google.co.in www.google.nl bcp.crwdcntrl.net twa.netcoresmartech.com buttons-config.sharethis.com osjs.netcoresmartech.com platform-api.sharethis.com res-odx.op-mobile.opera.com *.twitter.com www.google.ae www.google.com.gh www.ubauae.com *.instantbillspay.com adservice.google.com px.adx.opera.com www.google.com.sl ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.kyruus.com kyruus-app-static.kyruus.com kit.fontawesome.com use.typekit.net cdn.evgnet.com *.doubleclick.net www.googletagmanager.com *.googleapis.com *.prismahealth.org *.adsrvr.org p.typekit.net adservice.google.com www.youtube.com siteimproveanalytics.com ka-p.fontawesome.com *.gstatic.com google.com *.siteimproveanalytics.io analytics.google.com kloggyr-service.kyruus.com www.google.com *.evergage.com www.googleoptimize.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 object-src 'none'; form-action * 'self'; style-src * 'unsafe-inline' 'self' data:; script-src * data: wasm-eval: 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample'; default-src *; frame-src * 'self'; font-src * data: 'self'; img-src * blob: data: 'self'; upgrade-insecure-requests; connect-src * 'self'; worker-src * blob: 'self'; child-src * blob:; report-uri https://o166208.ingest.sentry.io/api/1238795/security/?sentry_key=eebe259ebaa846d39aaae0e3404505ab&sentry_environment=production 1 default-src 'self'; font-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; report-uri https://nz14bhs2.uriports.com/reports/report; report-to default 1 font-src *.fontawesome.com *.gstatic.com *.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.bytandym.com *.poweredbytandym.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com *.poweredbytandym.com *.bytandym.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.bytandym.com *.poweredbytandym.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.listrakbi.com *.bytandym.com *.poweredbytandym.com tandym-api.s3.amazonaws.com *.gstatic.com *.twitter.com *.bing.com *.facebook.com t.co ct.pinterest.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.listrakbi.com *.bytandym.com *.poweredbytandym.com *.zdassets.com acsbapp.com *.pinimg.com *.bing.com *.klaviyo.com *.facebook.net *.tiktok.com *.ads-twitter.com *.hotjar.com *.hotjar.io *.googleapis.com maps.googleapis.com *.googletagmanager.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.googleapis.com unsafe-inline assets.braintreegateway.com *.listrakbi.com *.bytandym.com *.poweredbytandym.com *.typekit.net *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.listrakbi.com *.poweredbytandym.com *.bytandym.com *.zendesk.com *.google-analytics.com *.rareseeds.com *.googlesyndication.com *.zippopotam.us *.acsbapp.com *.googleapis.com *.google.com *.pinterest.com *.tiktok.com *.hotjar.com *.hotjar.io *.klaviyo.com *.facebook.com *.doubleclick.net ws: 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.bytandym.com *.poweredbytandym.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.facebook.com bsb.widgets.sunwingtravelgroup.com www.sunwing.ca bat.bing.com *.clarity.ms pixel.byspotify.com *.doubleclick.net *.amazon-adsystem.com apps.joinsherpa.io appr.sunwingtravelgroup.com www.google.com.mx cdn.segment.com www.googletagmanager.com static.olark.com www.google.ca cdn.bc0a.com *.tiktok.com adservice.google.com login.sunwing.ca www.google.hn c.bing.com fsa.widgets.sunwingtravelgroup.com *.pinimg.com *.googleapis.com me.kis.v2.scr.kaspersky-labs.com services.sunwinggroup.ca cdn.noibu.com api.sunwingapi.com www.google.com.do www.google.bs www.google.com.cu *.facebook.net infoservice.sunwingtravelgroup.com *.cloudinary.com *.snapchat.com evnt.byspotify.com *.cloudfront.net www.google.co.in api.segment.io api.olark.com *.gstatic.com necolas.github.io www.google.com www.google.com.jm am.freshrelevance.com global.oktacdn.com *.pinterest.com ib.adnxs.com analytics.google.com ixfd1-api.bc0a.com knrpc.olark.com svhandlerapi.sunwingtravelgroup.com assets.sunwingtravelgroup.com widgets.sunwingtravelgroup.com fonts.cdnfonts.com sunwing.tfaforms.net www.google.com.pa acdn.adnxs.com www.google-analytics.com www.google.co.cr ara.paa-reporting-advertising.amazon www.google.fr cares.widgets.sunwingtravelgroup.com region1.analytics.google.com wss://input.noibu.com www.youtube.com input.noibu.com weblogging.sunwingtravelgroup.com book.sunwing.ca www.google.co.uk *.mookie1.com sdk.joinsherpa.io log.olark.com gc.kis.v2.scr.kaspersky-labs.com hotelinfoservice.sunwingtravelgroup.com wss://am.freshrelevance.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 default-src * 'unsafe-inline' 'unsafe-eval' data: *.mktoresp.com/* *.google-analytics.com/* blob:; script-src * 'unsafe-inline' 'unsafe-eval' https://js.driftt.com/* https://www.googletagmanager.com/* https://munchkin.marketo.net/* *.mktoresp.com/* *.google-analytics.com/* blob:; img-src 'self' data: * blob: secure.gravatar.com www.gravatar.com; frame-src * https://js.driftt.com/; report-uri https://www.simpplr.com?gdsih-csp-report; 1 default-src 'self' 'unsafe-inline' data: *.squaretrade.com *.facebook.com *.outbound.io *.auth0.com *.launchdarkly.com *.pndsn.com *.googleapis.com *.google.com *.googletagmanager.com *.google-analytics.com https://api.segment.io https://api.amplitude.com https://privacyportal-eu.onetrust.com https://secure.shippingapis.com https://st-prod-enc-ship-usw-ca.s3.us-west-1.amazonaws.com https://st-prod-enc-ship-use-oh.s3.us-east-2.amazonaws.com https://st-stage-enc-cust-docs-use-oh-1.s3.us-east-2.amazonaws.com https://callback.vhtcx.com https://callback.virtualhold.com https://siteintercept.qualtrics.com; form-action 'self' data: *.squaretrade.com *.force.com *.salesforce.com *.auth0.com; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' data: *.squaretrade.com *.auth0.com https://cdn.segment.com *.bootstrapcdn.com *.force.com *.salesforce.com *.qualtrics.com https://platform.twitter.com; font-src 'self' data: *.squaretrade.com https://fonts.gstatic.com https://use.typekit.net; img-src 'self' data: *.squaretrade.com *.auth0.com *.facebook.com https://p.typekit.net *.google.com *.twitter.com https://st-prod-enc-ship-usw-ca.s3.us-west-1.amazonaws.com https://st-prod-enc-ship-use-oh.s3.us-east-2.amazonaws.com; style-src-elem 'self' 'unsafe-inline' *.squaretrade.com https://hello.myfonts.net https://service.force.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://static.smartrecruiters.com https://cdn.jsdelivr.net *.bootstrapcdn.com; script-src-elem 'self' *.squaretrade.com 'unsafe-inline' *.salesforceliveagent.com https://cdn.segment.com https://cdn.amplitude.com https://cdn.outbound.io https://connect.facebook.net https://www.googletagmanager.com https://service.force.com https://use.typekit.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.gstatic.com https://code.jquery.com https://ajax.googleapis.com https://platform.twitter.com *.bootstrapcdn.com https://cdn.jsdelivr.net *.smartrecruiters.com https://polyfill.io 'https://www.youtube.com https://player.vimeo.com https://zn8jglatqcy5dkma1-squaretrade.siteintercept.qualtrics.com https://siteintercept.qualtrics.com; frame-src https://service.force.com https://squaretrade.az1.qualtrics.com/ https://www.google.com https://www.facebook.com https://platform.twitter.com *.doubleclick.net; report-uri https://appreports.report-uri.com/r/t/csp/wizard 1 default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' ajax.aspnetcdn.com *.plexonline.com *.plexus-online.com *.plex.com web-sdk.aptrinsic.com; style-src 'report-sample' 'self' data: 'unsafe-inline' ajax.aspnetcdn.com *.plexonline.com *.plexus-online.com *.plex.com web-sdk.aptrinsic.com; img-src 'self' data: ajax.aspnetcdn.com *.plexonline.com *.plexus-online.com www.gstatic.com 127.0.0.1:18623 *.plex.com; font-src 'self' *.plex.com data: *.plexus-online.com fonts.gstatic.com maxcdn.bootstrapcdn.com *.plexonline.com at.alicdn.com use.typekit.net; connect-src 'self' web-sdk.aptrinsic.com esp.aptrinsic.com *.plex.com pcn-move.plexdev.io cdnma.cdnservice.space cdnma.global-cache.online cdnmb.global-cache.online 127.0.0.1:18623 js.authorize.net tablet.sigwebtablet.com:47290; media-src 'self' *.plex.com; object-src 'self'; child-src 'self'; frame-src 'self'; worker-src 'self'; frame-ancestors 'self' www.plexonline.com www.plexus-online.com; form-action 'self' *.plexus-online.com *.plexonline.com *.plex.com; base-uri 'self'; manifest-src 'self'; script-src-elem 'self' 'unsafe-inline' web-sdk.aptrinsic.com www.gstatic.com *.plexonline.com *.plex.com js.authorize.net jstest.authorize.net *.google-analytics.com www.pagespeed-mod.com *.plexus-online.com www.gstatic.com; style-src-elem 'unsafe-inline' *.plexonline.com web-sdk.aptrinsic.com www.gstatic.com maxcdn.bootstrapcdn.com *.plex.com *.plexus-online.com; report-uri https://csp.security.plex.com/csp/reporting 1 connect-src 'self'; default-src 'self'; font-src 'self' https://fonts.googleapis.com data:; frame-src 'self'; img-src 'self'; object-src 'self'; script-src 'self' 'sha256-FZL9wRPxhODNXTMLPAzJeMF6/bBMez8pCJgUGC2I27w=' 'sha256-VIuZeiDoEGhPwHlSmouYL2zK/++F5Oa/NFSaX974JCw=' 'sha256-mLFjRlurOZiQ/39Q05BOaNiGRyjWCTFNWhvR5XkQna4=' 'sha256-si/G7U6YqPCqvuOxuNu+pPvPsnp10TXSUNnpjo4o2E8=' 'sha256-3cxnJf8CDp9v9IE/tMoZHTxdQ0jKVEVpmBeN8YcRySA=' 'sha256-OIvam6gdRSMb4vEcvNxnkh28xoHZAgvfTYMqEKnZ4t4=' 'sha256-JKnfXJEksU6GW8RXQGgAP8It2YFYiWB9a6298Z1CVrM=' 'sha256-i4aadpZdid9j3HWHuZI+cIZm1yMlOqVl90CLm0iEl+8=' 'sha256-8D8dEPWVT29qx5X7YYOS4LgaFRv7TWXZru0XP0gTbzg=' 'sha256-kYTWsL3eyz2tbAz4uBgUleoRWTrBffDFMCwOjoXTu2c=' 'sha256-RhSW3VHyIM33OkPY6gg7vrL2NcW5Ms/WbNRvQiwKoYc=' 'sha256-wA5TFYqUzoSGtPZwm8SESTMYr8hZGT/fGZOzbR47kdE=' 'sha256-71FQZ/vodBjadye5uztg7ATFhoyFQYRg/3WQkgfmcMk=' 'sha256-q+o79s/2v3kyn2KgqNj5UMXu6GhJL3C1AR4DgavQYTs=' 'sha256-S6Erfq/TqN8CQj1PfcDLOezVwgyf7DHr/RdgKtqag2M='; style-src 'self' 'sha256-HDYY6U2YJ1OY+bJ5Wfjr2rSQUWfvwIH2JVCtfSjiHPM=' 'sha256-boOol+9NcNYVRpBCSxWeVXPJG0KEcLU/n9ueQidQj3g=' 'sha256-14ckDx3ADOkTfI7ebHbVrmc4RWA8SOdT5AkIYYRSI1g=' 'sha256-o6B1a8BlPsZTLfzSobFT2K+/3Wb3SKUnv21dJj2trO8=' 'sha256-MzotFeyrBPipKDZyID3daFCpYv7umnM7iR1mL99bl7o=' 'sha256-FZL9wRPxhODNXTMLPAzJeMF6/bBMez8pCJgUGC2I27w=' 'sha256-uhyS4TPnOhChCIC9Q/iAQRc8lGfiwN4r1qJcDwNlZR8=' 'sha256-rvCyiQext9QozGia0vXBtjNI2/CnZLvpIWUAxnVm1lo=' 'sha256-6YITkiQ50pHESOjJXub82weWZ7wrdlHd1GN2R78XThI=' 'sha256-yei2dyOJ9Ii+YSeSfZjhNDbA0aWM8uFhjAiO0N2XGtM=' 'sha256-+17AcPK/e5AtiK52Z2vnx3uG3BMzyzRr4Qv5UQsEbDU=' 'sha256-XQ9IIzofSpnsaWUrxgeXIJi+l/iPTcWjVx5ypSCX3V8=' 'sha256-Y4YhHFCyo/BREYP/C8B4z2tIfioIaXiEC560yu0Ne2Q=' 'sha256-ndWczpqXxcKKxPONpaJxM3neXUh3n67sITst3+bycOg=' 'sha256-a4ayc/80/OGda4BO/1o/V0etpOqiLx1JwB5S3beHW0s=' 'sha256-A9V1T7VGV+t+cMXQLwgAKNpNq5NlSUu0cB7zZq8hIr8=' 'sha256-nl4fY3q3DWeRc9tyOng7cHKyMNe9p5d5nHQyUV+C37o=' 'sha256-Nqnn8clbgv+5l0PgxcTOldg8mkMKrFn4TvPL+rYUUGg=' 'sha256-CsN4k1ceJXYtNa6wVQiOk1kqaTWC0dpbSWmp5lieZyE=' 'sha256-qMEuaMl/cJMddT7wKc2NUkzu1yM4fmtzluf3UeMtLLE=' 'sha256-bvnLuy6LpOOT3gDS8p8t314E1W+9iSw0YMOFoyuwiCg=' 'sha256-jBFvfUl7e9k6ujv6uP5817BV+6MND47rKTrIeDhs/98=' 'sha256-QJduzSZApOX4KPuxtdNIOha0CCcphDMXZYXwSFB5iVw=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-9f+IbnZyB9cVT8/xwky9rVVg3LjHInh9MAiva41lZUk=' 'sha256-s/0mrZeE2ueCh3YgZMc8e7OPYI5HSYWEIQf8DaWQaho=' 'sha256-jKGNV7cDpHhn8R9qBJKtiwZIe+33CJqvJm4QrCsX1+0=' 'sha256-dE8X1QbEDDbRcMzk/2HZfE+PaphXlbxT1p2ZdA3VI08=' 'sha256-rm1iUR3vQ3weFX82s2Bv5nbYicbnipX9l2Eb7Ma5Bls=' 'sha256-qRYXPWgeO8DQuggZ5e4ZR8dTMC/u02bYUqKzzTizqAQ=' 'sha256-x/qMT1N4vhfyww3Cl8YyRuexGUTI5ZEw/ZCb86FvIdg=' 'sha256-Nq/OmXCOfffss2QwvNQBZPlL66Fp7KiYwxbhk6p8ulI=' 'sha256-neXcSvRDrd+qMWPGbWJTgyBVFZbdQY8UNZnGhBnxWbw=' 'sha256-mOMG43/8xEDVjdiQbtThixKcS+7CBkAVIZRXWH+l6fw=' 'sha256-vJaQjoEuS/N0MsRKg88KDGnW/7aZlaANfgAw1oeZAYk=' 'sha256-gXy6cGSHvJazs4nCOyks/yFsmrMvrc7fMfWcSzbPn7Q=' 'sha256-LNi1Y8jJd/EPl6sOEHx/J9b21TwWE4pnMmL/ghNxG/Y=' 'sha256-mrDPQSVDIM447aXVd1Xrz7tyYK/AKKv8+p6V+RohaK0=' 'sha256-7M/cpUhDJzkbOFhJUdcQBCRvF3q8d17vp+MygbNtyAw=' 'sha256-W847s+S8mJ0eXC/jm9rdeMEIMDBbTKJnZgQVq4pyk/A=' 'sha256-vLmWL7Grjd8Oav9rqfwV96WtQpvWqtNg3nOI/QQ3bxI=' 'sha256-iUD3g5BH52ycwdWlB3gOOx2JLCquec01EGpdZIfrMaM=' 'sha256-DMzVrH5fz011rpndyEYxmtcP1tTBQt69VIjpQxfYwRo=' 'sha256-tanm74LMzksD1LMJ9nL1q86GepxZoQI0FpLmofQiRiQ=' 'sha256-A/lFqc0v3WZCu/tAktIkGcq3Rwe5KMiF1VunTnlgb4g=' 'sha256-DmrgTjCfZUR0Y/6REq5QsMK7A/vVsC4d1N47OzFcW3E=' 'sha256-oNhK4QQU2pEV0OM6x64xt7raZpRAP3to3QphoXRSfbw=' 'sha256-vN1Qw2Me22uzWuR59eE1pMeOOE3ehoUYa+bO90TMCD4=' 'sha256-zmN9tWjgDrggZ7+jYb6TGt9VsC5bhRO49OWy0sHHjJ4=' 'sha256-PDv7PK7p4vec7tI/1XbvDMwahytuLYN1Ul7CMcw1gHY=' 'sha256-/kXZODfqoc2myS1eI6wr0HH8lUt+vRhW8H/oL+YJcMg=' 'sha256-xK//ASB2GoP3vH742KHL80RY3VDP0olmt+9lxHrKo7g=' 'sha256-VPK3ArT17yU9wkJRM82RcoWcitp49uzM6yeEP8L9a0k=' https://fonts.googleapis.com; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=5jiRr6a9ed0CJIR010Xd5Rus_kHchYJ5PUDgXJDIk.w-1711593220-1.0.1.1-J0an_VGtAdBEvEbI8k7qrXhqZLTkN6cQTW5_qGktuYqCn_mWIkV9jNTVApW3rj.IPk8fwmGAunm7I4UwivIWfmrtsjAOSnn5z0N49e2GjEzDNCrxve0exB3DpYG46eeL4kQP67NA7.LUdUrLPePciwJcBejv0IPRnBjVXMnZEIJ9YiQnyZM9XnQWqd4dHKVUugVnkKoJcDdS5kj_boEszQ; report-to cf-pbaolsgbmkdpqoio 1 form-action 'self' https://selinc-pilot.csod.com https://selinc.csod.com http://events.selinc.com https://www.cvent.com *.facebook.com connect.facebook.net https://pi.pardot.com *.twitter.com https://events.selinc.com; report-uri /api/cspNotification/ 1 worker-src blob:; font-src fonts.gstatic.com *.kxcdn.com *.fontawesome.com principiaskin.com *.principiaskin.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com *.pinterest.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com google.com *.addthis.com *.mercadolibre.com *.weltpixel.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.com *.authorize.net *.google.com *.paypal.com *.freshchat.com *.pagseguro.uol.com.br *.doubleclick.net *.pinterest.com *.principiacosmeticos.com principiaskin.com *.principiaskin.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io scontent.cdninstagram.com *.kxcdn.com *.twitter.com *.googleapis.com google.com *.gstatic.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.apptrian.com *.instagram.com *.magentocommerce.com *.ytimg.com s.ytimg.com *.pinterest.com *.googleadservices.com *.google.com *.google.com.br *.google.it *.google-analytics.com www.paypalobjects.com *.paypalobjects.com *.paypal.com www.paypal.com t.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.ftcdn.com *.behance.com *.pagseguro.com/ *.apptrian.com *.mercadolivre.com *.yotpo.com *.adobedtm.com *.demdex.net *.everesttech.net assets.braintreegateway.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com c.paypal.com checkout.paypal.com https://pagseguro.uol.com.br https://sandbox.pagseguro.uol.com.br https://stc.pagseguro.uol.com.br https://sandbox.stc.pagseguro.uol.com.br *.doubleclick.net *.onesignal.com *.principiacosmeticos.com principiaskin.com *.principiaskin.com *.googletagmanager.com https://principiacosmeticos.com/mtracking.gif https://www.google.com.ar/ads/ga-audiences https://www.google.com.ar/pagead/1p-user-list/700931334/ https://principiaskincare.com.br/mtracking.gif https://t.co/1/i/adsct *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com google.com *.gstatic.com cdn.ampproject.org connect.facebook.net www.googletagmanager.com googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com *.mlstatic.com www.facebook.com graph.facebook.com business.facebook.com raw.githubusercontent.com www.apptrian.com *.freshchat.com *.google.com *.google-analytics.com *.facebook.com *.adobedtm.com *.authorize.net *.braintreegateway.com *.cardinalcommerce.com *.paypal.com www.paypal.com *.ytimg.com *.googleadservices.com *.paypalobjects.com www.paypalobjects.com *.vimeo.com www.youtube.com *.viacep.com.br *.apptrian.com *.polyfill.io *.cloudflare.com *.pagseguro.uol.com.br *.tiktok.com *.pinimg.com *.mercadopago.com *.doubleclick.net *.ccdc02.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io pay.google.com *.yotpo.com *.onesignal.com https://onesignal.com/api/v1/sync/980b27db-f331-407d-8b91-7ea1ff79c577/web *.principiacosmeticos.com https://principiacosmeticos.com/mtc.js *.k-analytix.com principiaskin.com *.principiaskin.com *.cloudflareinsights.com https://designestylelab.com/css/ https://analytics-manager.com/an https://analytics-manager.com/an/ https://principiaskincare.com.br/mtc.js https://static.cloudflareinights.com/beacon.min.js/v52afc6f149f6479b8c77fa569edb01181681764108816 *.ads-twitter.com/uwt.js *.pinterest.com s7.addthis.com https://polyfill.io https://cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com google.com *.kxcdn.com *.gstatic.com *.fontawesome.com fonts.googleapis.com *.freshchat.com *.mercadopago.com getfirebug.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com *.onesignal.com https://onesignal.com/sdks/OneSignalSDKStyles.css *.principiacosmeticos.com principiaskin.com *.principiaskin.com *.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.mercadopago.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.rastreio.alfatracking.com.br *.tracking.totalexpress.com.br *.correios.com.br www.apptrian.com *.instagram.com *.pinterest.com *.apptrian.com *.polyfill.io *.cloudflare.com *.paypal.com *.pinimg.com *.tiktok.com *.google.com *.google.com.br *.google.it https://www.google.com.br/ads/ga-audiences https://www.google.it/ads/ga-audiences *.google-analytics.com *.doubleclick.net *.yotpo.com *.mercadolibre.com *.onesignal.com https://onesignal.com/api/v1/apps/980b27db-f331-407d-8b91-7ea1ff79c577/icon *.principiacosmeticos.com https://principiacosmeticos.com/mtc/event *.konduto.com principiaskin.com *.principiaskin.com *.googleapis.com *.viacep.com.br https://viacep.com.br/ws/ viacep.com.br/ws *.amcglobal.sc.omtrdc.net *.geostag.cardinalcommerce.com *.geo.cardinalcommerce.com *.1eafstag.cardinalcommerce.com *.1eaf.cardinalcommerce.com *.centinelapistag.cardinalcommerce.com *.centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.api.comapi.com *.webchat.dotdigital.com *.ekr.zdassets.com *.braintreegateway.com *.braintree-api.com https://principiaskincare.com.br/mtc/event https://pagead2.googlesyndication.com/pagead/buyside_topics/set/ analytics.pangle-ads.com ekr.zdassets.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io https://polyfill.io https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri csp-reporting/; report-to report-endpoint; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: report.incomm.glassboxdigital.io www.vanillagift.com www.googletagmanager.com *.doubleclick.net *.omtrdc.net assets.adobedtm.com api.giftcardimpressions.com sdk-service.nsureapi.com translate.google.com ib.adnxs.com live.rezync.com bat.bing.com www.google.co.uk www.google.com.au fpnpmcdn.net www.google.com.ng sdk.nsureapi.com www.google.com www.google.co.in *.googleapis.com www.google.ca lex.33across.com *.everesttech.net analytics.google.com r2.trackedweb.net *.gstatic.com www.google.com.mx *.demdex.net www.google.com.pr *.rfihub.com edge.adobedc.net www.google.com.jm *.opendns.com c.evidon.com *.incomm.com l.evidon.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 upgrade-insecure-requests; default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://accessibilityserver.org https://amplify.outbrain.com https://bam.nr-data.net https://bat.bing.com https://c.lytics.io https://cdn.segment.com https://cdn.taboola.com https://cdn.userway.org https://connect.facebook.net https://googleads.g.doubleclick.net https://js-agent.newrelic.com https://platform.twitter.com https://qmod.quotemedia.com https://s.yimg.com https://script.hotjar.com https://securepubads.g.doubleclick.net https://sslwidget.criteo.com https://static.ads-twitter.com https://static.criteo.net https://static.hotjar.com https://tr.outbrain.com https://trc.taboola.com https://www.dwin1.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googletagservices.com https://www.redditstatic.com; style-src 'report-sample' 'self' 'unsafe-inline' https://c.lytics.io https://cdnjs.cloudflare.com https://fonts.googleapis.com https://qmod.quotemedia.com https://static.c1.quotemedia.com; img-src 'self' data: https://alb.reddit.com https://analytics.twitter.com https://bat.bing.com https://c.lytics.io https://cdn.userway.org https://data.dianomi.com https://pagead2.googlesyndication.com https://pubads.g.doubleclick.net https://q.quora.com https://secure.gravatar.com https://sp.analytics.yahoo.com https://syndication.twitter.com https://t.co https://tr.outbrain.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.quotemedia.com; connect-src 'self' https://api.segment.io https://api.userway.org https://app.quotemedia.com https://bam.nr-data.net https://ca.foolpitches.com https://cdn.segment.com https://cdn.userway.org https://cds.taboola.com https://csi.gstatic.com https://in.hotjar.com https://pips.taboola.com https://s.yimg.com https://securepubads.g.doubleclick.net https://stats.g.doubleclick.net https://to.getnitropack.com https://trc-events.taboola.com https://vc.hotjar.io https://www.google-analytics.com; font-src 'self' data: https://cdnjs.cloudflare.com https://fonts.gstatic.com https://static.c1.quotemedia.com; frame-src https://gum.criteo.com https://platform.twitter.com https://syndication.twitter.com https://www.facebook.com; report-uri https://csp.feroot.com/a5814c59-63d2-4c2f-8d39-70a4fbe37b03/a068f8b4-0865-4c32-bd31-375a39409b87/collect; 1 object-src 'none';base-uri 'self';script-src 'nonce-D8e_4eTfK77z3ii_XC3lTA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' *.wistia.com *.wistia.net embedwistia-a.akamaihd.net/ https://fonts.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://edge.fullstory.com https://rs.fullstory.com https://ajax.googleapis.com/ https://first.iovation.com/ https://mpsnare.iesnare.com/ https://128-koi-090.mktoresp.com/ *.gskydev.net *.gskydev.com https://auth.prod.greensky.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://code.jquery.com https://cdn.jsdelivr.net https://pages.greenskycredit.com https://www.google.com/ https://www.gstatic.com https://cdnjs.cloudflare.com https://app-ab27.marketo.com https://munchkin.marketo.net https://abrtp1-cdn.marketo.com blob: http://static.site24x7rum.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com *.wistia.com https://rtp-static.marketo.com https://abrtp1.marketo.com https://js.driftt.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://pages.greenskycredit.com/ https://cdn.jsdelivr.net/ https://www.greensky.com/ *.gskydev.com *.gskydev.net https://use.fontawesome.com/ https://pro.fontawesome.com/ https://rtp-static.marketo.com/ https://fonts.googleapis.com/ https://fonts.googleapis.com/css/ https://app-ab27.marketo.com/ https://munchkin.marketo.net; font-src 'self' https://cdnjs.cloudflare.com https://pro.fontawesome.com/ data: https://fonts.gstatic.com https://fast.wistia.com https://use.fontawesome.com; img-src 'self' https://www.googletagmanager.com https://rs.fullstory.com *.greensky.com/ *.gskydev.com/ *.gskydev.net/ https://embed-ssl.wistia.com data: https://www.google-analytics.com https://stats.g.doubleclick.net https://fast.wistia.com https://greensky.dotcmscloud.com https://*.greensky.dotcmscloud.com embedwistia-a.akamaihd.net/ https://embed-fastly.wistia.com http://embed.wistia.com/ https://www.google.com https://www.google.de https://app-ab27.marketo.com https://pages.greenskycredit.com; media-src 'self' blob: https://js.driftt.com; frame-src 'self' https://pages.greenskycredit.com/ https://app-ab27.marketo.com/ https://www.google.com/ https://js.driftt.com; connect-src 'self' https://analytics.google.com https://edge.fullstory.com https://rs.fullstory.com *.gskydev.com/ *.gskydev.net/ https://128-koi-090.mktoresp.com/ https://abrtp1.marketo.com https://*.google-analytics.com https://stats.g.doubleclick.net *.greensky.dotcmscloud.com https://greensky.dotcmscloud.com *.greensky.com *.litix.io embedwistia-a.akamaihd.net/ *.wistia.com https://128-koi-090.mktoresp.com; object-src 'self' https://app-ab27.marketo.com/ ; base-uri 'self';manifest-src 'self'; worker-src 'none'; report-to https://www.greensky.com 1 font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com *.typekit.net gateway.foresee.com *.xtlo.net *.digitalsurgeons.cloud *.klevu.com *.ksearchnet.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.syfpos.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.affirm.com *.affirm.ca c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.yotpo.com www.xtento.com syf.demdex.net *.syfpos.com *.syf.com *.weltpixel.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com *.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.affirm.com *.affirm.ca www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com * blob: *.syfpos.com *.syf.com analytics.synchrony.com *.d1.sc.omtrdc.net maps.googleapis.com maps.gstatic.com *.klevu.com *.ksearchnet.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com *.magento-ds.com *.googleapis.com *.gstatic.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.affirm.com *.affirm.ca *.attn.tv events.attentivemobile.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.xtento.com cdn.xtento.com *.lovesac.com lovesac.com *.threekit.com *.lovesac.pages.dev lovesac.usablenet.com cdn.gladly.qa cdn.gladly.com assets.pixlee.com assets.pxlecdn.com cdnjs.cloudflare.com *.securiti.ai lovesac.blueconic.net *.scene7.com *.abtasty.com *.digitalsurgeons.cloud *.wufoo.com cdn.noibu.com *.bazaarvoice.com cdn.quantummetric.com www.mczbf.com bat.bing.com *.criteo.net *.criteo.com *.sundaysky.com connect.facebook.net www.lightboxcdn.com sc-static.net analytics.tiktok.com *.xtlo.net live.rezync.com *.mplat-ppcprotect.com *.medallia.com tr.snapchat.com *.boomtrain.com lightboxapi.azurewebsites.net safevisit.online track.securedvisit.com *.rkdms.com *.agkn.com sts.eccmp.com gateway.foresee.com mpsnare.iesnare.com *.syfpos.com analytics.synchrony.com *.mysynchrony.com maps.googleapis.com get.geojs.io js.klevu.com *.ksearchnet.com https://www.googletagmanager.com tagmanager.google.com https://knowledgetags.yextpages.net https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net unsafe-inline assets.braintreegateway.com maxcdn.bootstrapcdn.com *.yotpo.com *.typekit.net *.securiti.ai www.lightboxcdn.com gateway.foresee.com *.xtlo.net *.digitalsurgeons.cloud *.bazaarvoice.com *.syfpos.com *.klevu.com *.ksearchnet.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.scene7.com *.digitalsurgeons.cloud 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.affirm.com *.affirm.ca *.attn.tv events.attentivemobile.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com data: *.threekit.com *.gladly.qa *.gladly.com *.securiti.ai lovesac.blueconic.net *.abtasty.com *.lovesac.com wss://input.noibu.com/ *.bazaarvoice.com *.mplat-ppcprotect.com analytics.tiktok.com tr.snapchat.com *.boomtrain.com *.xtlo.net *.criteo.com *.quantummetric.com *.pixlee.com bat.bing.com sts.eccmp.com analytics.foresee.com conversions.lunio.ai www.mczbf.com *.doubleclick.net analytics.pangle-ads.com *.4seeresults.com *.syfpos.com *.syf.com *.d1.sc.omtrdc.net maps.googleapis.com *.klevu.com *.ksearchnet.com https://www.google-analytics.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' * 'unsafe-inline' 'unsafe-eval' data:; connect-src 'self' https://adservice.google.com https://adservice.google.com/pagead/regclk https://analytics.google.com https://analytics.google.com/g/collect https://analytics.pangle-ads.com https://analytics.pangle-ads.com/api/v2/pangle_pixel https://analytics.tiktok.com https://analytics.tiktok.com/api/v2/pixel https://analytics.tiktok.com/api/v2/pixel/act https://api.ipify.org https://api.ipify.org/ https://api.mercadolibre.com https://api.mercadopago.com https://api.mundipagg.com https://api.siteblindado.com https://api.voxus.tv https://api.voxus.tv/verify/ https://checkip.amazonaws.com https://checkip.amazonaws.com/ https://ct.pinterest.com https://events.mercadopago.com https://logs-01.loggly.com https://maps.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://plugin.handtalk.me https://region1.analytics.google.com https://region1.google-analytics.com https://region1.google-analytics.com/g/collect https://seal.siteblindado.com https://stats.g.doubleclick.net https://stats.g.doubleclick.net/j/collect https://stats.g.doubleclick.net/g/collect https://tagging.betocarrero.com.br https://tagging.betocarrero.com.br/fcp https://targeting.voxus.com.br https://targeting.voxus.com.br/v/ https://translate-pa.googleapis.com https://translate.google.com https://translate.googleapis.com https://translation-v3.handtalk.me https://us.creativecdn.com https://us.creativecdn.com/tags/v2 https://web.facebook.com https://www.betocarrero.com.br https://www.facebook.com https://www.facebook.com/tr https://www.google-analytics.com https://www.google-analytics.com/g/collect https://www.google-analytics.com/j/collect https://www.googletagmanager.com/a https://www.google.com https://www.mercadolibre.com https://clientstream.launchdarkly.com https://logs-01.loggly.com https://logs-01.loggly.com/inputs/27cf9a30-eb89-41a7-ba82-3280d33fb2cf/tag/https/; report-to default; 1 default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://cdn-assets-prod.s3.amazonaws.com https://*.ozmoapp.com https://*.modeaondemand.com https://*.contentsquare.net https://edge.api.flagsmith.com https://*.kaptcha.com https://*.shaw.ca https://*.ctfassets.net https://*.freedommobile.ca https://*.shawmobile.ca https://*.appdynamics.com https://*.contentful.com https://*.eum-appdynamics.com https://*.googleapis.com https://tags.tiqcdn.com https://*.lpsnmedia.net https://*.tealiumiq.com https://*.liveperson.net wss://*.liveperson.net https://*.qualtrics.com https://*.gstatic.com https://*.wysdom.com https://*.optimizely.com https://*.cardinalcommerce.com https://*.googletagmanager.com https://*.googleadservices.com https://*.google.com https://*.google.ca https://*.facebook.net https://*.facebook.com https://*.twitter.com https://*.t.co https://*.demdex.net https://*.doubleclick.net https://*.everesttech.net https://*.adswizz.com https://*.exelator.com https://*.tapad.com https://*.spatialbuzz.com https://*.spatialbuzz.net https://d31hajf7vfnsd2.cloudfront.net; frame-src 'self' https://www.youtube.com https://*.demdex.net https://*.doubleclick.net https://*.optimizely.com https://*.facebook.com https://*.google.com https://*.freedommobile.ca https://*.shawmobile.ca https://*.liveperson.net https://*.lpsnmedia.net https://*.kaptcha.com https://*.spatialbuzz.com https://*.spatialbuzz.net; worker-src 'self' blob:; frame-ancestors 'self' https://*.freedommobile.ca; 1 style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com https://themes.googleusercontent.com https://script.hotjar.com/; object-src 'self'; frame-ancestors 'self'; form-action 'self' https://www.facebook.com https://connect.facebook.net https://ct.pinterest.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.googletagservices.com https://*.googlesyndication.com https://*.consentmanager.net https://www.google.com https://storage.cloud.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.youtube.com https://*.facebook.net https://*.sascdn.com https://*.smartadserver.com https://*.addthis.com https://*.pinterest.com https://*.designconnected.com https://maps.googleapis.com https://storage.googleapis.com https://www.gstatic.com https://www.linkedin.com https://*.addthisedge.com https://*.doubleclick.net https://www.googleadservices.com https://*.facebook.com https://*.adform.net https://code.createjs.com https://d31qbv1cthcecs.cloudfront.net https://assets.adsttc.com/insights/ https://s.pinimg.com/ct/ https://www.googleoptimize.com https://*.hotjar.com https://z.moatads.com https://cdn.pushalert.co https://ced-ns.sascdn.com https://www.google.es https://www.google.it https://www.google.fr https://www.google.ch https://cdnjs.cloudflare.com/ajax/libs/gsap/3.11.4/gsap.min.js https://cdnjs.cloudflare.com/ajax/libs/gsap/3.11.4/ScrollTrigger.min.js; connect-src 'self' https://*.googlesyndication.com https://capi.architonic.com https://*.smartadserver.com https://*.addthis.com https://*.daaily.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://www.youtube.com https://*.doubleclick.net https://*.addthis.com https://www.facebook.com https://*.adform.net https://www.google.com https://www.instagram.com https://ct.pinterest.com https://*.hotjar.com https://*.hotjar.io https://architonic82.pushalert.co https://api.pushalert.co https://id5-sync.com https://maps.googleapis.com/maps/api/mapsjs/gen_204; img-src data: https://*; child-src data: https://www.facebook.com https://connect.facebook.net https://*.addthis.com https://www.designconnected.com https://www.googletagmanager.com https://www.google.com https://www.youtube-nocookie.com https://*.doubleclick.net https://assets.pinterest.com https://*.smartadserver.com https://player.vimeo.com https://creatives.sascdn.com https://*.hotjar.com https://ct.pinterest.com; worker-src blob: https://s.ads.smartadserver.com https://www.architonic.com; frame-src https://www.googleadservices.com https://securepubads.g.doubleclick.net https://*.googlesyndication.com https://*.pinterest.com https://*.consentmanager.net https://www.facebook.com https://vars.hotjar.com https://creatives.sascdn.com https://*.addthis.com https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com https://bid.g.doubleclick.net https://player.vimeo.com; report-uri https://8bccfb85f92743dccb8ce984043b12e3.report-uri.com/r/d/csp/reportOnly 1 font-src *.klevu.com *.ksearchnet.com https://fonts.gstatic.com/ *.typekit.net *.nosto.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.nosto.com *.nos.to *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com *.zenaps.com *.fls.doubleclick.net account.fetchify.com *.klarna.com https://www.googletagmanager.com/ *.nosto.com *.nos.to c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * widget.trustpilot.com simplicity.trustpilot.com *.googlesyndication.com *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com *.zenaps.com *.klarna.com *.klarnaevt.com *.klevu.com *.ksearchnet.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.nosto.com *.nos.to www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.poundshop.com *.poundland.com *.onetrust.com s.kelkoogroup.net c.bing.com c.clarity.ms bat.bing.com *.ometria.com *.google.ac *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.ua *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.com.kh *.google.cc *.google.cd *.google.cf *.google.cat *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gf *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.iq *.google.ie *.google.co.il *.google.im *.google.co.in *.google.io *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.com.lc *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.ne *.google.com.nf *.google.com.ng *.google.com.ni *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pk *.google.com.pa *.google.com.pe *.google.com.ph *.google.pl *.google.com.pg *.google.pn *.google.co.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.rs *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.sm *.google.so *.google.st *.google.sr *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.to *.google.tn *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.co.ug *.google.co.uk *.google.com *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.co.za *.google.co.zm *.google.co.zw data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com *.klarna.com js.klevu.com *.ksearchnet.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.nosto.com *.nos.to js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com s.kelkoogroup.net widget.trustpilot.com invitejs.trustpilot.com sdk.loyaltylion.net foursixty.com sdk-static.loyaltylion.net bat.bing.com *.zendesk.com static.zdassets.com *.ometria.com analytics.tiktok.com www.clarity.ms s.kk-resources.com *.googlesyndication.com *.onetrust.com *.newrelic.com *.soreto.com *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cc-cdn.com *.klevu.com *.ksearchnet.com *.nosto.com *.nos.to unsafe-inline assets.braintreegateway.com sdk.loyaltylion.net foursixty.com fonts.googleapis.com *.onetrust.com *.typekit.net *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://the.sciencebehindecommerce.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.klarnaevt.com *.klevu.com *.ksearchnet.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.nosto.com *.nos.to api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com sdk.loyaltylion.net foursixty.com platform.loyaltylion.com *.zendesk.com widget-mediator.zopim.com wss://widget-mediator.zopim.com analytics.tiktok.com *.clarity.ms s.kelkoogroup.net invitejs.trustpilot.com zendesk-eu.my.sentry.io *.ometria.com *.google-analytics.com *.onetrust.com *.newrelic.com *.nr-data.net *.googlesyndication.com *.soreto.com googleads.g.doubleclick.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-s0tjL85GsiLhCL66q6kMFO5A0' https://blenderartists.org/logs/ https://blenderartists.org/sidekiq/ https://blenderartists.org/mini-profiler-resources/ https://blenderartists.org/assets/ https://blenderartists.org/extra-locales/ https://blenderartists.org/highlight-js/ https://blenderartists.org/javascripts/ https://blenderartists.org/plugins/ https://blenderartists.org/theme-javascripts/ https://blenderartists.org/svg-sprite/ 'report-sample' 'unsafe-inline' https: https://pagead2.googlesyndication.com/; worker-src 'self' https://blenderartists.org/assets/ https://blenderartists.org/javascripts/ https://blenderartists.org/plugins/; report-uri https://blenderartists.org/csp_reports; frame-ancestors 'self'; manifest-src 'self' 1 object-src 'none'; script-src 'self' 'unsafe-eval' fonts.googleapis translate.google.com translate.googleapis.com translate-pa.googleapis.com *.gstatic.com siteimproveanalytics.com *.siteimprove.com svc.webspellchecker.net js-agent.newrelic.com bam.nr-data.net cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://rebilly.github.io https://static.addtoany.com https://unpkg.com maps.googleapis.com platform.instagram.com platform.twitter.com; script-src-attr 'self'; script-src-elem 'self' fonts.googleapis translate.google.com translate.googleapis.com translate-pa.googleapis.com *.gstatic.com siteimproveanalytics.com *.siteimprove.com svc.webspellchecker.net js-agent.newrelic.com bam.nr-data.net cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://rebilly.github.io https://static.addtoany.com https://unpkg.com maps.googleapis.com platform.instagram.com platform.twitter.com; style-src 'self' fonts.googleapis translate.google.com translate.googleapis.com translate-pa.googleapis.com *.gstatic.com siteimproveanalytics.com *.siteimprove.com svc.webspellchecker.net js-agent.newrelic.com bam.nr-data.net cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://use.fontawesome.com; style-src-attr 'self'; frame-ancestors 'self' 1 object-src 'none';base-uri 'self';script-src 'nonce-sTq1tI7CBowGD4gWuyCfMg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.milligazete.com.tr file.daktilo.com static.daktilo.com *.gstatic.com *.googleapis.com *.google.com *.googletagservices.com *.google-analytics.com *.ampproject.org https://cdn.adhouse.pro https://cdn2.bildirt.com https://cdn.onesignal.com https://vjs.zencdn.net *.cloudflare.com *.bik.gov.tr *.criteo.com *.yandex.ru *.yandex.com *.adform.net *.googlesyndication.com *.doubleclick.net *.creativecdn.com *.googletagmanager.com *.facebook.net *.idealmedia.io *.mgid.com *.daktilo.com *.youtube.com *.twitter.com *.facebook.com ads.pubmatic.com static.criteo.net cdn.jsdelivr.net eus.rubiconproject.com fastlane.rubiconproject.com; object-src 'none'; report-uri /csp-violation-report-endpoint/ 1 base-uri 'self'; default-src 'none'; child-src; connect-src 'self' https://rec.smartlook.com http://rec.smartlook.com rec.smartlook.com https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net; font-src 'self' https://fonts.gstatic.com http://fonts.gstatic.com fonts.gstatic.com https://use.typekit.net http://use.typekit.net use.typekit.net data:; form-action 'self' https://*.twitter.com http://*.twitter.com *.twitter.com; frame-ancestors 'none'; frame-src https://youtube.com http://youtube.com youtube.com https://*.twitter.com http://*.twitter.com *.twitter.com; img-src 'self' https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net https://*.twitter.com http://*.twitter.com *.twitter.com https://*.twimg.com http://*.twimg.com *.twimg.com https://*.wp.com http://*.wp.com *.wp.com blob: data:; media-src https://youtube.com http://youtube.com youtube.com; object-src 'none'; script-src 'self' https://www.googletagmanager.com http://www.googletagmanager.com www.googletagmanager.com https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://platform.twitter.com http://platform.twitter.com platform.twitter.com https://rec.smartlook.com http://rec.smartlook.com rec.smartlook.com https://*.twimg.com http://*.twimg.com *.twimg.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.typekit.net http://*.typekit.net *.typekit.net https://*.googleapis.com http://*.googleapis.com *.googleapis.com https://*.twitter.com http://*.twitter.com *.twitter.com https://*.twimg.com http://*.twimg.com *.twimg.com 'unsafe-inline' 1 object-src 'none';base-uri 'self';script-src 'nonce-8p_gRfi8ndxq_tJTD5b7Pg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: static.trackedweb.net *.thegiftcardshop.com www.google.com js.hcaptcha.com report.incomm.glassboxdigital.io sdk.nsureapi.com bat.bing.com *.facebook.com *.doubleclick.net www.google.ca newassets.hcaptcha.com *.gstatic.com *.facebook.net www.googletagmanager.com region1.analytics.google.com analytics.google.com sdk-service.nsureapi.com *.rfihub.com expressentry.melissadata.net l.evidon.com *.rfihub.net *.incomm.com c.evidon.com cdn.glassboxcdn.com fpnpmcdn.net lex.33across.com r2.trackedweb.net adservice.google.com assets.adobedtm.com metrics.nsureapi.com edge.adobedc.net r2-t.trackedlink.net *.demdex.net *.everesttech.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 default-src data: blob: 'self' https://*.ugc.gov.in 'unsafe-inline' *.ugc.gov.in 'unsafe-eval' https://fonts.googleapis.com/ https://fonts.gstatic.com/; script-src *.ugc.gov.in *.google-analytics.com 'unsafe-inline' 'unsafe-eval' blob: data: 'self' ugc.gov.in https://www.gstatic.com/ https://www.ugc.gov.in/js/owl.carousel.min.js https://platform.twitter.com/widgets.js ; connect-src * 'unsafe-inline' googleads.g.doubleclick.net www.googleadservices.com; img-src * data: blob: 'unsafe-inline'; frame-src *; manifest-src 'self'; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.ugc.gov.in/ *.node.js *.page-style.js https://fonts.googleapis.com/; object-src 'none'; base-uri 'none'; 1 report-to slardar-endpoint; script-src 'self' 'report-sample' 'wasm-unsafe-eval' 'nonce-e89ce11675d4b66b861d8418c17c8efd-argus' 'strict-dynamic' 'https://accounts.google.com/gsi/client'; connect-src 'https://accounts.google.com/gsi/' 'self' *.capcut.com *.byteoversea.com *.bytedance.net *.faceulv.com *.byteintl.net *.ibytedtos.com *.bytecdn.com *.vodupload.com *.ibyteimg.com *.tiktokcdn.com *.bytevcloudapi.com *.goofy.app *.bytedance.com *.byteoversea.net *.isnssdk.com *.capcutstatic.com *.byteeffecttos-g.com *.yhgfb-static.com *.google-analytics.com *.google.com *.googleapis.com *.giphy.com *.doubleclick.net blob: wss:; frame-ancestors 'self' *.bytedance.com *.bytedance.net; 1 object-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com https://aws-staging-aeroprecisionusa.smarterspecies.com https://aws-staging-2-aeroprecisionusa.smarterspecies.com/ https://www.aeroprecisionusa.com blob: http: https: blob: 'self' 'unsafe-inline'; upgrade-insecure-requests ; frame-ancestors 'self' *.avantlink.com www.gstatic.com *.authorize.net 'self'; form-action 'self' https://enews.aeroprecisionusa.com/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com swellrewards.com *.swellrewards.com https://plumrocket.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/ https://cdn.listrakbi.com https://mediacdn.espssl.com *.adobe.com *.yotpo.com swellrewards.com *.swellrewards.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.fontawesome.com unsafe-inline assets.braintreegateway.com https://maxcdn.bootstrapcdn.com *.googleapis.com 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.avmws.com https://cdn.listrakbi.com https://s1.listrakbi.com https://m1.listrakbi.com https://at1.listrakbi.com https://www.google-analytics.com https://www.google.com https://maps.google.com https://maps.googleapis.com https://www.googletagmanager.com https://www.gstatic.com https://jstest.authorize.net https://*.addthis.com https://v1.addthisedge.com https://z.moatads.com https://ssl.avmws.com https://bat.bing.com/bat.js https://js.hs-scripts.com https://js-agent.newrelic.com https://bam.nr-data.net https://player.vimeo.com https://f.vimeocdn.com https://widget-prime.rafflecopter.com https://js.hs-banner.com/ https://v2.zopim.com https://js.hs-analytics.net https://static.zdassets.com https://widget-mediator.zopim.com/ https://bam-cell.nr-data.net/ https://cdn.quantummetric.com https://plugin.credova.com https://tags.clickagy.com https://tags.clickagy.com/ https://widget.gleamjs.io assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.elfsight.com *.yotpo.com swellrewards.com *.swellrewards.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.kaptcha.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.authorize.net sandbox-assets.secure.checkout.visa.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.xtento.com cdn.xtento.com https://js.hs-banner.com https://bat.bing.com https://ekr.zdassets.com https://plugin.credova.com/plugin.min.js https://www.youtube.com https://bl.listrakbi.com 'self' 'unsafe-inline' 'unsafe-eval'; media-src https://static.zdassets.com/ *.adobe.com 'self' 'unsafe-inline'; img-src 'self' https://stats.g.doubleclick.net https://mediacdn.espssl.com https://www.xtento.com/media/images/ https://*.listrakbi.com https://www.google.com https://www.google.com.ua https://store.paradoxlabs.com https://cdn.klarna.com https://tracking.avantlink.com https://bat.bing.com https://bam.nr-data.net https://www.googletagmanager.com https://track.hubspot.com https://v2.zopim.com data: https://maps.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://pippio.com https://d2df4e9l5rljaz.cloudfront.net https://api.delivrabl.net https://aorta.clickagy.com https://idsync.rlcdn.com https://us-u.openx.net https://cm.g.doubleclick.net https://yotpo-editor-production.s3.amazonaws.com https://aa.agkn.com https://sync.crwdcntrl.net https://pixel-sync.sitescout.com https://d.agkn.com https://region1.google-analytics.com https://v2assets.zopim.io https://js.gleam.io assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com https://files.elfsightcdn.com store.paradoxlabs.com *.yotpo.com swellrewards.com *.swellrewards.com maps.googleapis.com maps.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com https://sca1.listrakbi.com https://img.youtube.com https://via.placeholder.com data: 'self' 'unsafe-inline'; frame-src 'self' https://www.full30.com https://s7.addthis.com https://player.vimeo.com https://www.google.com https://widget-prime.rafflecopter.com https://ssl.kaptcha.com https://hemsync.clickagy.com https://gleam.io fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.yotpo.com swellrewards.com *.swellrewards.com www.google.com https://plumrocket.com *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com https://tst.kaptcha.com 'self' 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://assets.iglobalstores.com/ https://v2.zopim.com/ https://yotpo-stool.s3.amazonaws.com use.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com *.fontawesome.com https://maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; connect-src 'self' https://api2.authorize.net/ https://js.authorize.net https://jstest.authorize.net https://apitest.authorize.net https://m.addthis.com https://bat.bing.com https://bam.nr-data.net/ https://bat.bing.com/ https://ekr.zdassets.com/ https://www.google-analytics.com https://stats.g.double.analytics.js https://assets.iglobalstores.com/ wss://widget-mediator.zopim.com/ https://*.listrak.com/ https://*.listrakbi.com/ https://stats.g.doubleclick.net/ https://bam-cell.nr-data.net/ https://oc.listrakbi.com/coupon https://enews.aeroprecisionusa.com/ https://aeroprecisionsupport.zendesk.com/ https://aeroprecision-app.quantummetric.com/ https://rl.quantummetric.com/ https://region1.google-analytics.com https://aorta.clickagy.com https://hemsync.clickagy.com https://maps.googleapis.com https://vimeo.com dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://core.service.elfsight.com *.yotpo.com swellrewards.com *.swellrewards.com *.kaptcha.com *.authorize.net https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://api2.authorize.net wss://widget-mediator.zopim.com https://onsite-api.listrak.com https://product.listrakbi.com https://bl.listrakbi.com https://stats.g.doubleclick.net https://aeroprecision-app.quantummetric.com https://rl.quantummetric.com https://sandbox-lending-api.credova.com https://lending-api.credova.com 'self' 'unsafe-inline'; default-src 'self' 'self' 'unsafe-inline' 'unsafe-eval'; worker-src 'self'; 1 script-src 'self' https://cloud.typography.com/7315076/7256812/css/fonts.css siteimproveanalytics.com ; object-src 'none'; img-src *.siteimproveanalytics.io 1 form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com oppwa.com *.oppwa.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.hana.ondemand.com 'self'; object-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; media-src *.gstatic.com *.google.com capitracking.istore.co.za analytics.twitter.com t.co sp.analytics.yahoo.com cdn1.stamped.io stamped.io *.zdassets.com 'self' 'unsafe-inline'; font-src *.gstatic.com fonts.gstatic.com use.typekit.net *.klevu.com *.ksearchnet.com https://fonts.gstatic.com *.fontawesome.com cdn1.stamped.io stamped.io *.cloudflare.com *.googleapis.com *.zopim.com *.tawk.to *.jsdelivr.net media.flixfacts.com 'unsafe-inline' data: data: 'self' 'unsafe-inline'; style-src *.googleapis.com fonts.googleapis.com *.klevu.com *.ksearchnet.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com oppwa.com *.oppwa.com cdn1.stamped.io stamped.io *.cloudflare.com *.jsdelivr.net www.gstatic.com media.flixcar.com 'unsafe-inline' data: 'self' 'unsafe-inline'; connect-src *.googleapis.com *.google.com *.gstatic.com s.yimg.com in.visitors.live dsp-trk.eskimi.com dsp-ap.eskimi.com sslwidget.criteo.com wss://in.visitors.live analytics.tiktok.com/* portal.immerss.live *.linkedin.com *.creativecdn.com wss://ws.hotjar.com *.istore.co.za *.tiktok.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net *.bolt.com qa-api.magedevteam.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klevu.com *.ksearchnet.com https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://get.geojs.io *.avada.io oppwa.com *.oppwa.com cdn1.stamped.io stamped.io *.testfreaks.com *.nosto.com *.hotjar.io *.hotjar.com *.doubleclick.net *.zendesk.com *.paypal.com *.tawk.to wss://*.tawk.to *.tawk.link *.addthis.com *.addthisedge.com vsb111.tawk.to ekr.zdassets.com app.mobicredwidget.co.za wss://widget-mediator.zopim.com bam.nr-data.net *.googletagmanager.com security-hub.vaimo.network 'unsafe-eval' data: 'self' 'unsafe-inline'; frame-src *.google.com ams.creativecdn.com portal.immerss.live *.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com oppwa.com *.oppwa.com data:text *.nosto.com *.issuu.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.criteo.net *.criteo.com *.addthis.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; img-src *.googleapis.com *.gstatic.com *.google.com *.googleusercontent.com capitracking.istore.co.za analytics.twitter.com t.co sp.analytics.yahoo.com pixel.rubiconproject.com cm.g.doubleclick.net r.casalemedia.com eb2.3lift.com simage2.pubmatic.com contextual.media.net sync-t1.taboola.com exchange.mediavine.com s.ad.smaato.net match.sharethrough.com jadserve.postrelease.com c.bing.com sync.outbrain.com rtb-csync.smartadserver.com secure.adnxs.com ib.adnxs.com ads.yahoo.com ups.analytics.yahoo.com dis.criteo.com *.doubleclick.net *.linkedin.com *.tribalfusion.com sync.go.sonobi.com istore.co.za widgets.magentocommerce.com 'unsafe-inline' data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klevu.com *.ksearchnet.com https://*.googleapis.com https://*.googleusercontent.com store.paradoxlabs.com oppwa.com *.oppwa.com cdn1.stamped.io stamped.io *.cloudflare.com *.google.lv *.google.co.za *.google.com.na *.google.na *.zopim.com *.nosto.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.zopim.io *.sfdr.co sfdr.co *.tawk.to tawk.link *.tawk.link *.addthis.com *.jsdelivr.net *.azurewebsites.net maps.googleapis.com app.mobicredwidget.co.za amcglobal.sc.omtrdc.net media.flixcar.com rt.flix360.com assets.secure.checkout.visa.com data: 'self' 'unsafe-inline'; script-src *.google.com *.googleapis.com *.gstatic.com capitracking.istore.co.za s.yimg.com platform2.cloud-iq.com static.ads-twitter.com rookdsp.com dsp-media.eskimi.com portal.immerss.live snap.licdn.com tags.creativecdn.com *.tiktok.com *.tribalfusion.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com commerce.adobedtm.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net assets.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.klevu.com *.ksearchnet.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.avada.io *.oppwa.com oppwa.com cdn1.stamped.io stamped.io *.zopim.com *.videoly.co sfdr.co *.cnetcontent.com *.cloudfront.net *.klevu.com *.google.lv *.google.co.za *.google.com.na *.google.na *.cloudflare.com *.cloudflareinsights.com *.nosto.com *.hotjar.com *.googletagmanager.com *.criteo.net *.criteo.com *.sfdr.co *.tawk.to *.tawk.link *.jsdelivr.net *.addthis.com *.addthisedge.com *.moatads.com *.mouseflow.com *.facebook.com maps.googleapis.com static.zdassets.com app.mobicredwidget.co.za www.gstatic.com bam.nr-data.net js.testfreaks.com media.flixfacts.com media.flixcar.com security-hub.vaimo.network 'self' 'unsafe-inline' 'unsafe-eval'; 1 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/families_google 1 report-uri /upload/csp/csp.php; report-to csp-endpoints 1 report-uri https://52723791ca12811bfedec52ea4c44290.report-uri.com/r/d/csp/reportOnly; default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline'; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem * 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; img-src * data:; font-src * data:; connect-src *; media-src * blob:; object-src 'none'; frame-src *; frame-ancestors *; form-action 'self' 1 frame-ancestors 'none'; report-uri https://13fc2e96c75baedc98bc60c37c2c93be.report-uri.com/r/d/csp/wizard; script-src 'strict-dynamic' 'nonce-PSP28fZYlkZu9QGRDAfS6Q=='; 1 object-src 'none';base-uri 'self';script-src 'nonce-gWtzc9tfRMfOxSdKIRgblw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.liqui-moly.com liquimoly.cloudimg.io *.twofour.dev data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.twofour.dev 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://www.googletagmanager.com/ *.google.com/ js.mollie.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.liqi-moly.com walls.io *.walls.io *.cookiebot.com *.amazon-adsystem.com insight.adsrvr.org *.facebook.com *.twofour.dev 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.magezon.com https://www.mollie.com *.cloudimg.io *.liqi-moly.com liquimoly.cloudimg.io *.google.de *.google.com *.facebook.com *.twofour.dev data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.polyfill.io https://browser.sentry-cdn.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.google.com/ js.mollie.com liquimoly.cloudimg.io *.scaleflex.it *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.liqi-moly.com walls.io *.walls.io *.cookiebot.com *.google-analytics.com *.googleadservices.com maps.googleapis.com googleapis.com connect.facebook.net service.liqui-moly.de *.twofour.dev 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com *.liqui-moly.com walls.io *.walls.io liquimoly.cloudimg.io *.twofour.dev 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.friendlycaptcha.com eu-api.friendlycaptcha.eu https://*.ingest.sentry.io http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.liqi-moly.com walls.io *.walls.io *.cookiebot.com *.analytics.google.com *.twofour.dev 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' data: blob: *.armstrong.com *.armstrongceilings.com armstrongceilings.my.salesforce-sites.com d2qrdklrsxowl2.cloudfront.net fonts.gstatic.com www.google-analytics.com *.akamaihd.net brightcove.hs.llnwd.net *.brightcove.com *.media.brightcove.com manifest.prod.boltdns.net fast.fonts.net ;style-src 'self' 'unsafe-inline' fast.fonts.net d2qrdklrsxowl2.cloudfront.net *.s3.amazonaws.com fonts.googleapis.com display.ugc.bazaarvoice.com s7d9.scene7.com player.interactivity.brightcove.com;form-action 'self' *.armstrong.com *.armstrongceilings.com armstrongceilings.tfaforms.net *.salesforceliveagent.com *.la3-c2-ia4.salesforceliveagent.com www.facebook.com api.bazaarvoice.com;frame-ancestors 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.armstrong.com *.armstrongceilings.com *.bazaarvoice.com *.outbrain.com *.salesforceliveagent.com *.ugc.bazaarvoice.com assets.adobedtm.com connect.facebook.net d2qrdklrsxowl2.cloudfront.net googleads.g.doubleclick.net lib-us-3.brilliantcollector.com players.brightcove.net siteintercept.qualtrics.com snap.licdn.com vjs.zencdn.net *.google-analytics.com www.googleadservices.com www.googletagmanager.com znbmda84ti8npbglj-armstrong.siteintercept.qualtrics.com *.googleapis.com html5.dcatalog.com *.google.com display.ugc.bazaarvoice.com www.gstatic.com s7d9.scene7.com *.mountain.com armstrongceilings.tfaforms.net googleads.g.doubleclick.net js-na1.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hscollectedforms.net *.analytics.google.com 100.20.58.101 18.210.229.244 3.212.39.155 34.215.155.61 35.160.46.251 35.85.84.151 44.212.189.233 44.228.85.26 44.238.122.172 52.22.50.55 52.71.121.170 54.156.2.105 player.interactivity.brightcove.com;frame-src *;img-src 'self' data: blob: *;connect-src 'self' *.akamaihd.net *.armstrong.com *.armstrongceilings.com *.brightcove.com *.qualtrics.com *.hapyak.com cdn.linkedin.oribi.io armstrong.tt.omtrdc.net brightcove.hs.llnwd.net dpm.demdex.net edge.api.brightcove.com lib-us-3.brilliantcollector.com manifest.prod.boltdns.net stats.g.doubleclick.net *.googleapis.com s7d9.scene7.com www.facebook.com *.google.com forms.hubspot.com *.google-analytics.com 100.20.58.101 18.210.229.244 3.212.39.155 34.215.155.61 35.160.46.251 35.85.84.151 44.212.189.233 44.228.85.26 44.238.122.172 52.22.50.55 52.71.121.170 54.156.2.105 px.ads.linkedin.com;object-src players.brightcove.net 1 object-src 'none';base-uri 'self';script-src 'nonce-smnOLN8VXS3eqjUjpmWAtw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src 'self' 'unsafe-inline' 'report-sample' 'nonce-OUW8W0YCgjelLq0MifZVrg=='; base-uri 'none'; img-src 'self' blob: data: https://secure.gravatar.com; object-src 'none'; frame-ancestors 'none'; font-src 'self' data:; style-src 'self' 'unsafe-inline'; connect-src 'self'; default-src 'none' 1 default-src 'self'; style-src 'self' 'unsafe-inline' ; img-src data: *; media-src data: blob: *; font-src data: *; worker-src blob: ; child-src 'self' youtube.com *.youtube.com yastatic.net mc.yandex.ru mc.yandex.com yandex.md *.yandex.md; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ru09.ru yandex.ru *.yandex.ru yastatic.net; script-src-attr 'unsafe-inline'; connect-src 'self' yandex.com *.yandex.com yandex.ru *.yandex.ru yandex.net *.yandex.net yandexmetrica.com ymetrica1.com http://127.0.0.1:* yandexmetrica.com:* yandex.md *.yandex.md ;report-uri /ajax.php?do=csp_report 1 default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; 1 script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=kiGtQCZ35Q3G68RPpVwFOD.7chrOWe.nCrAbg.94sas-1711587865-1.0.1.1-oYVxFHzmDDjdxdi0A17uLK5oRRioqFyEMFijuG22O.HyegjP27rmvNO5eNZPJ7Skn2bQzcyhtxTjniVKYByoGGoP2dVlJPqyH6WM6OG8_LmBnV3DLogoRfDTTFtrOspbnlO.gMO9QiApoj6vDVq3OA; report-to cf-csp-endpoint 1 default-src 'none'; script-src 'self' 'report-sample'; style-src 'self' 'report-sample'; img-src 'self'; connect-src 'self'; font-src 'self'; media-src 'self'; report-uri https://65bb19d961e5f181cebc2978.endpoint.csper.io?v=0; form-action 'self'; frame-ancestors 'none'; object-src 'none'; frame-src 'self'; worker-src 'none'; manifest-src 'self'; base-uri 'self'; block-all-mixed-content; upgrade-insecure-requests 1 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.cloudflare.com *.adbr.io *.fontawesome.com fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.adabra.com 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.doubleclick.net *.facebook.com *.trustpilot.com *.criteo.com *.cookiebot.com *.youtube.com *.hotjar.com *.adbr.io ad4m.at *.ad4m.at service.force.com *.marketingspray.com *.criteo.net *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.google.de *.google.it *.bing.com *.adbr.io maps.googleapis.com *.ad4m.at ih.adscale.de rtb-csync.smartadserver.com simage2.pubmatic.com dsum-sec.casalemedia.com *.twiago.com ad.yieldlab.net *.marketingspray.com *.adform.net *.clarity.ms *.bidswitch.net *.adnxs.com *.media.net *.rubiconproject.com *.sharethrough.com *.taboola.com *.teads.tv *.3lift.com *.yahoo.com *.omnitagjs.com *.casalemedia.com *.criteo.com id5-sync.com *.360yield.com *.ivitrack.com *.mediavine.com *.outbrain.com *.tremorhub.com *.yieldmo.com *.krxd.com *.thebrighttag.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.trustpilot.com *.criteo.com *.criteo.net *.newrelic.com *.cookiebot.com bam.nr-data.net *.google.de *.google.it *.bing.com *.hotjar.com *.adbr.io ad4m.at pushpad.xyz service.force.com *.salesforceliveagent.com *.marketingspray.com *.shippypro.com *.kk-resources.com *.farmae.it *.clarity.ms *.googleoptimize.com *.tiktok.com *.dwin1.com sdk.privacy-center.org api.privacy-center.org pmp-sdk.privacy-center.org *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com cdn.scalapay.com b2c-cdn.scalapay.com maps.googleapis.com tracking.trovaprezzi.it www.trovaprezzi.it 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.cloudflare.com *.adbr.io service.force.com *.shippypro.com *.fontawesome.com cdn.dnky.co webchat.dotdigital.com unsafe-inline fonts.googleapis.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.facebook.com *.facebook.net *.google.com bam.nr-data.net *.doubleclick.net *.trustpilot.com pagead2.googlesyndication.com consentcdn.cookiebot.com *.adbr.io *.googleapis.com *.shippypro.com pushpad.xyz *.clarity.ms *.tiktok.com *.criteo.com sdk.privacy-center.org api.privacy-center.org pmp-sdk.privacy-center.org *.hotjar.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-OpF_MpRRwvIMSskeAIjHmw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' shop2gether.com.br *.shop2gether.com.br shop2gether.fbitsstatic.net fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br dzpxyxks1bfmb.cloudfront.net *.gstatic.com *.soclminer.com.br *.btg360.com.br *.socialminer.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com gstatic.com *.fbits.store *.adyen.com ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.shop2gether.com.br shop2gether.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho 1 font-src https://fonts.gstatic.com *.fontawesome.com * maxcdn.bootstrapcdn.com fonts.gstatic.com *.gstatic.com 'self' data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.sharethis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://www.paypal.com https://www.googletagmanager.com https://www.google.com https://www.vimeo.com https://f.vimeocdn.com https://adyen.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://pal-test.adyen.com https://pal-live.adyen.com https://amazon.com https://www.yotpo.com https://int-ecommerce.nexi.it *.kasanova.com * https://www.googletagmanager.com/ accounts.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.sharethis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.google.com *.gstatic.com https://www.vimeo.com https://f.vimeocdn.com *.googleapis.com *.ggpht https://ecommerce.nexi.it *.cloudfront.net *.kasanova.com * https://static.zdassets.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ 'self' data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com https://www.vimeo.com www.vimeo.com *.vimeocdn.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com *.sharethis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.google.com *.googleapis.com https://f.vimeocdn.com *.gstatic.com https://googleads.g.doubleclick.net *.clerk.io https://int-ecommerce.nexi.it *.kasanova.com https://assets.livestory.io https://js-agent.newrelic.com *.consentcdn.cookiebot.com/ * http://www.googletagmanager.com/ https://www.googletagmanager.com/ accounts.google.com cdn.scalapay.com b2c-cdn.scalapay.com https://accounts.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.sharethis.com cdn.dnky.co webchat.dotdigital.com https://fonts.googleapis.com * *.fontawesome.com accounts.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src https://static.zdassets.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.sharethis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com https://assets.livestory.io https://api.livestory.io *.nr-data.net https://www.google-analytics.com https://int-ecommerce.nexi.it *.kasanova.com *.googleapis.com * http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ accounts.google.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.gstatic.com data: *.cloudflare.com *.typekit.net *.trustedshops.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.sharethis.com www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.superoffice.com *.addthis.com *.google.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.sharethis.com *.gstatic.com *.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.ytimg.com *.lightemporium.com *.usercentrics.eu data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.cloudflare.com *.google-analytics.com *.google.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.hotjar.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com unsafe-inline *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.googleapis.com *.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.chartbeat.com optanon.blob.core.windows.net *.brightcove.net *.brightcove.com *.googleadservices.com *.adservice.google.com https://adservice.google.com/* adservice.google.com.br *.googletagmanager.com *.tagmanager.google.com *.chimpstatic.com chimpstatic.com *.jquery.com *.zencdn.net *.ytimg.com *.surveymonkey.com *.googleapis.com *.facebook.net *.googletagservices.com *.addthis.com *.google-analytics.com *.onetrust.com *.ampproject.org *.doubleclick.net *.google.com *.mailchimp.com *.addthisedge.com *.youtube.com *.google.co.uk *.list-manage.com *.outbrain.com *.twitter.com *.twimg.com *.googlesyndication.com *.moatads.com *.radioplayer.co.uk *.cheqzone.com *.rubiconproject.com *.cookielaw.org *.cloudflareinsights.com *.instagram.com *.apester.com *.snap.licdn.com *.doubleverify.com *.aniview.com *.vidazoo.com *.ajax.cloudflare.com *.licdn.com *.pinterest.com *.embedresponsively.com *.amazonaws.com *.apester.com/* *.forces.liveblog.pro *.forces.liveblog.pro/* *.strawpoll.com *.freewheel.tv *.lkqd.net *.beachfront.com *.smartadserver.com *.aniview.com *.admanmedia.com *.improvedigital.com *.onetag.com *.indexexchange.com *.pubmatic.com *.rhythmone.com *.video.unrulymedia.com *.gstatic.com *.newrelic.com cdn.jsdelivr.net cdn.bidder.dev c.amazon-adsystem.com quantcast.mgr.consensu.org secure.quantserve.com rules.quantcount.com static.criteo.net *.dotomi.com *.tiktok.com *.google.ie *.ibytedtos.com *.tiktokcdn.com chartbeat.com *.media.net *.sharethrough.com *.openx.com *.sonobi.com *.districtm.io *.emxdgt.com *.appnexus.com *.google.com *.rhythmone.com *.33across.com *.lemmatechnologies.com *.e-planning.net *.themediagrid.com *.sovrn.com *.lijit.com *.gumgum.com *.nr-data.net *.ttwstatic.com *.thinglink.com *.thinglink.me *.defybrick.com e.infogram.com; frame-src 'self' 'unsafe-eval' *.addthis.com *.googlesyndication.com *.facebook.com/ *.outbrain.com *.twitter.com *.surveymonkey.com embeds.audioboom.com *.rubiconproject.com *.apester.com *.openx.net *.pinterest.com *.instagram.com *.embedresponsively.com *.youtube.com *.pubmatic.com *.forces.net *.google.com *.bfbs.com apester.com/* forces.liveblog.pro forces.liveblog.pro/* *.strawpoll.com/ timbre-player.sharp-stream.com *.chartbeat.com chartbeat.com *.tiktok.com googleads.g.doubleclick.net gum.criteo.com pre.ads.justpremium.com console.googletagservices.com giphy.com *.giphy.com e.infogram.com *.thinglink.com *.thinglink.me; child-src 'self' 'unsafe-inline' 'unsafe-eval' blob: apester.com/* forces.liveblog.pro/* *.strawpoll.com/; upgrade-insecure-requests 1 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com *.carrefour.ro carrefour.ro *.google.com www.googletagmanager.com *.googletagmanager.com facebook.com *.prefixbox.com *.tiktok.com *.jsdelivr.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.carrefour.ro carrefour.ro facebook.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.googletagmanager.com *.doubleclick.net *.facebook.com *.dotdigital-pages.com *.dotdigital.com *.carrefour.ro carrefour.ro *.krxd.net *.hotjar.com *.jsdelivr.net *.btdirect.ro *.tiktok.com *.prefixbox.com facebook.com *.google.com www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com 'self' data: *.googletagmanager.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.gstatic.com *.carrefour.ro carrefour.ro facebook.com *.krxd.net *.google.com www.googletagmanager.com *.tiktok.com *.prefixbox.com *.jsdelivr.net *.newrelic.com bam.eu01.nr-data.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.carrefour.ro carrefour.ro chimpstatic.com www.googletagmanager.com *.krxd.net *.jsdelivr.net *.prefixbox.com *.tiktok.com *.cookielaw.org *.hotjar.com facebook.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com *.carrefour.ro carrefour.ro *.jsdelivr.net *.prefixbox.com *.tiktok.com maxcdn.bootstrapcdn.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.carrefour.ro carrefour.ro *.cookielaw.org *.krxd.net *.hotjar.com *.jsdelivr.net *.prefixbox.com *.newrelic.com bam.eu01.nr-data.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self';script-src 'self' https://www.googletagmanager.com/gtag/js;style-src 'unsafe-inline' https://meebits.app;object-src 'none';base-uri 'self';connect-src 'self' https://ethgasstation.info https://min-api.cryptocompare.com https://www.google-analytics.com;font-src 'self';frame-src 'self';img-src 'self' data: https://images.meebits.app;manifest-src 'self';media-src 'self';worker-src 'none';frame-ancestors 'self'; 1 font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com https://fonts.gstatic.com data: https://fonts.intercomcdn.com https://*.yotpo.com https://*.typekit.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://*.facebook.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.affirm.com *.affirm.ca https://*.trustpilot.com http://*.trustpilot.com https://*.hotjar.com https://*.affirm.com *.auth0.com https://cdn.auth0.com https://*.auth0.com https://*.infusionsoft.app https://*.doubleclick.net/ https://*.facebook.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com www.xtento.com https://plumrocket.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com *.affirm.com *.affirm.ca https://www.google.com https://track.hubspot.com https://*.intercom.io https://static.intercomassets.com https://*.intercomcdn.com https://sp.analytics.yahoo.com https://*.facebook.com https://*.amazonaws.com https://*.infusionsoft.app https://www.googletagmanager.com https://*.akamaihd.net https://px.ads.linkedin.com https://p.adsymptotic.com https://ssl.gstatic.com https://www.gstatic.com https://*.bing.com https://*.hsforms.com https://*.clarity.ms https://*.wistia.com https://cdn.auth0.com https://p.adsymptotic.com https://www.google.co.uk https://heapanalytics.com https://*.yotpo.com https://content-faculty.blueprintprep.com www.xtento.com cdn.xtento.com https://redchamps.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ beacon-qa.magento-datasolutions.com beacon-stage.magento-ds.com beacon.magento-ds.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com https://*.gstatic.com *.affirm.com *.affirm.ca https://www.googletagmanager.com https://*.google-analytics.com https://tagmanager.google.com https://*.google.com https://googleads.g.doubleclick.net https://*.trustpilot.com http://*.trustpilot.com https://*.newrelic.com https://*.nr-data.net https://*.intercom.io https://*.intercomcdn.com https://*.hotjar.com https://*.bing.com https://*.licdn.com https://*.yimg.com https://sp.analytics.yahoo.com https://*.impactradius-event.com http://*.hs-scripts.com https://*.hscollectedforms.net https://*.hsleadflows.net https://*.hs-analytics.net https://js.hubspot.com https://*.hs-banner.com https://*.hs-scripts.com https://*.facebook.net https://app.convertful.com https://*.affirm.com https://*.pdst.fm *.auth0.com https://cdn.auth0.com https://*.auth0.com https://*.infusionsoft.app https://*.infusionsoft.com https://*.clarity.ms https://vision.duel.me/duel-analytics.js https://*.wistia.com https://*.hsforms.net https://*.hsforms.com https://*.jquery.com https://*.cloudflare.com https://*.yotpo.com https://*.heapanalytics.com https://*.greenhouse.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com https://tagmanager.google.com https://fonts.googleapis.com https://*.yotpo.com https://*.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://*.intercom.io https://*.intercomcdn.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com p13n-mr.adobe.io *.adobedc.net *.demdex.net *.adobe.io performance.typekit.net *.sentry.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.affirm.com *.affirm.ca https://www.googletagmanager.com https://*.google-analytics.com https://*.yimg.com https://sp.analytics.yahoo.com https://*.hubspot.com https://*.hotjar.com https://app.convertful.com https://*.affirm.com https://*.intercom.io wss://*.intercom.io https://*.newrelic.com https://*.nr-data.net https://*.paypal.com https://us-central1-adaptive-growth.cloudfunctions.net *.auth0.com https://cdn.auth0.com https://*.auth0.com https://*.bing.com https://*.clarity.ms https://*.doubleclick.net/ https://*.hotjar.io/ https://*.hotjar.com/ https://*.wistia.com https://*.hsforms.net https://*.hsforms.com https://*.trustpilot.com https://*.litix.io wss://*.hotjar.com https://*.yotpo.com https://*.google.com https://*.hscollectedforms.net https://*.pfx.io https://edge.adobedc.net https://*.greenhouse.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-Gh2nSDdmgOKZD3flfe_kLg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src fonts.gstatic.com use.typekit.net *.fontawesome.com https://cdnjs.cloudflare.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.facebook.com 3dsecure.nexi.it *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.nexigroup.com *.redsys.es *.sia.eu *.vinea.es *.ing.ro *.landbank.com *.eewosecure.com *.sibs.ro *.mercurypaymentservices.it *.netsgroup.com *.cic.fr *.creditmutuel.fr *.modirum.com *.secure.lcl.fr *.arcot.com www.securesuite.co.uk *.wlp-acs.com *.otpbank.hu *.3ds-hanseaticbank.de *.abanca.com *.securesuite.co.uk *.revolut.com *.apata.io *.ing.com *.psa.at *.stripeauthentications.com www.secure22gw.ro *.secure22gw.ro *.winbank.gr *.piraeusbank.gr www.rsa3dsauth.co.uk *.n26.com *.egcp.com *.cardcomplete.com *.sibs.pt *.swedbank.se *.3dsecure.no *.citibank.pl 3dsecure-vrp.de *.3dsecure-vrp.de *.consorsfinanz.de *.emlpayments.com *.bnpparibas.pl *.pluscard.de *.sgb.pl *.cm-cic.com *.edb.com *.cyris.com *.garantibank.ro *.kombank.com:8449 *.pkobp.pl *.sebkort.com *.enfuce.com:* *.cardcenter.ch *.bankmillennium.pl *.nbg.gr *.easybank.at *.bpcprocessing.com *.capitalone.com *.kbcard.com *.sparebank1.no *.viseca.ch *.luottokunta.fi *.csi-processing.com *.cld.asseco-see.hr *.bankid.no *.ibotta.com *.marqeta.com *.raiffeisen.hu *.fisglobal.com *.3debspay.boc.cn *.btrl.ro *.sparkassen-kreditkarten.de *.firstdata.de *.bonuscard.ch *.cornercard.ch *.dkb.de *.sparkasse.at *.uobgroup.com *.bkm.com.tr *.garanti.com.tr *.acb.com.vn:* *.borica.bg *.hdbank.com.vn:* *.kredobank.com.ua *.mbank.pl *.s-id-check-sparkassen.de *.six-group.com *.sbanken.no *.credit-agricole.pl *.samsungcard.com *.mycardplace.com *.otpbanka.hr *.apac.citibank.com *.monzo.com *.alinma.com *.rsa3dsauth.com rsa3dsauth.com easyabc.95599.cn *.easyabc.95599.cn *.bov.com *.ipc.kg *.oschadbank.ua *.qnb.com *.seglan.com *.placetopay.com *.postfinance.ch *.leobank.az *.maybank.com.sg *.raiffeisenbank.rs *.tatrabanka.sk *.ocbc.com *.cupdapp.cn *.fssnet.co.in *.gc.ge *.luminorgroup.com *.swisscard.ch *.targobank.de *.bankofafrica.ma *.rba.hr *.privatbank.ua *.3dsecure-csas.cz *.smartsecure.tsys.co.uk *.ccb.com.cn *.2c2p.com *.bci.cl *.commerzbank.de mycardsecure.com *.mycardsecure.com *.citadele.lv *.creditcard.ecitic.com *.monext.fr *.pekao24.pl *.nonghyup.com *.acs.cmbchina.com *.comdirect.de *.mutuauniversal.net *.centrum24.pl *.acdcproc.com *.akbank.com.tr *.paylife.at *.hanacard.co.kr:* *.ufc.ge *.gpesecure.com *.cafis-paynet.jp *.lloydsbankinggroup.com *.mitid.dk *.nccc.com.tw *.cebbank.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.sharethis.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.gigya.com pay.google.com consentcdn.cookiebot.com www.youtube.com vimeo.com *.facebook.com https://www.yumpu.com/ *.snapchat.com *.doubleclick.de *.doubleclick.ne *.doubleclick.net *.sc-static.net sc-static.net *.container.webgains.link 3dsecure.nexi.it *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.recaptcha.net *.google.com *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.nexigroup.com *.redsys.es *.sia.eu *.vinea.es *.ing.ro *.landbank.com *.eewosecure.com *.sibs.ro *.mercurypaymentservices.it *.netsgroup.com *.cic.fr *.creditmutuel.fr *.modirum.com *.secure.lcl.fr *.arcot.com www.securesuite.co.uk *.wlp-acs.com *.otpbank.hu *.3ds-hanseaticbank.de *.abanca.com *.securesuite.co.uk *.revolut.com *.apata.io *.ing.com *.psa.at *.stripeauthentications.com www.secure22gw.ro *.secure22gw.ro *.winbank.gr *.piraeusbank.gr www.rsa3dsauth.co.uk *.n26.com *.egcp.com *.cardcomplete.com *.sibs.pt *.swedbank.se *.3dsecure.no *.citibank.pl 3dsecure-vrp.de *.3dsecure-vrp.de *.consorsfinanz.de *.emlpayments.com *.bnpparibas.pl *.pluscard.de *.sgb.pl *.cm-cic.com *.edb.com *.cyris.com *.garantibank.ro *.kombank.com:8449 *.pkobp.pl *.sebkort.com *.enfuce.com:* *.cardcenter.ch *.bankmillennium.pl *.nbg.gr *.easybank.at *.bpcprocessing.com *.capitalone.com *.kbcard.com *.sparebank1.no *.viseca.ch *.luottokunta.fi *.csi-processing.com *.cld.asseco-see.hr *.bankid.no *.ibotta.com *.cardinalcommerce.com *.marqeta.com *.raiffeisen.hu *.fisglobal.com *.3debspay.boc.cn *.btrl.ro *.sparkassen-kreditkarten.de *.firstdata.de *.bonuscard.ch *.cornercard.ch *.dkb.de *.sparkasse.at *.uobgroup.com *.bkm.com.tr *.garanti.com.tr *.acb.com.vn:* *.borica.bg *.hdbank.com.vn:* *.kredobank.com.ua *.mbank.pl *.s-id-check-sparkassen.de *.six-group.com *.sbanken.no *.credit-agricole.pl *.samsungcard.com *.mycardplace.com *.otpbanka.hr *.apac.citibank.com *.monzo.com *.alinma.com *.rsa3dsauth.com rsa3dsauth.com easyabc.95599.cn *.easyabc.95599.cn *.bov.com *.ipc.kg *.oschadbank.ua *.qnb.com *.seglan.com *.placetopay.com *.postfinance.ch *.leobank.az *.maybank.com.sg *.raiffeisenbank.rs *.tatrabanka.sk *.ocbc.com *.cupdapp.cn *.fssnet.co.in *.gc.ge *.luminorgroup.com *.swisscard.ch *.targobank.de *.bankofafrica.ma *.rba.hr *.privatbank.ua *.3dsecure-csas.cz *.smartsecure.tsys.co.uk *.ccb.com.cn *.2c2p.com *.bci.cl *.commerzbank.de mycardsecure.com *.mycardsecure.com *.citadele.lv *.creditcard.ecitic.com *.monext.fr *.pekao24.pl *.nonghyup.com *.acs.cmbchina.com *.comdirect.de *.mutuauniversal.net *.centrum24.pl *.acdcproc.com *.akbank.com.tr *.paylife.at *.hanacard.co.kr:* *.ufc.ge *.gpesecure.com *.cafis-paynet.jp *.lloydsbankinggroup.com *.mitid.dk *.nccc.com.tw *.cebbank.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net commerce.adobe.io widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com *.sharethis.com *.gigya.com 'self' data: 'unsafe-inline' data: *.magentosite.cloud panini.it *.googleapis.com *.gstatic.com bam.nr-data.net www.panini.it www.paninibelgium.com www.panini.co.il www.panini.es www.panini.co.uk www.panini.fr www.panini.ch www.panininederland.com www.paninihungary.com www.panini.pl www.paniniportugal.com www.paninistore.com www.panini.ro www.panini.com.gr www.panini.de collectibles.paniniamerica.net www.paninisuomi.com www.paninisverige.com www.paninidanmark.com www.panininorge.com *.bing.com ib.adnxs.com *.facebook.com *.tiktok.com *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.cookiebot.com *.doubleclick.net *.google.com *.google.it *.google.fr *.google.es *.google.be *.twitter.com *.store-cdc-us-collectibles.collectibles.paniniamerica.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.sharethis.com jquery.sellxed.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.gigya.com https://cdnjs.cloudflare.com *.panini.it *.facebook.net *.googleapis.com js-agent.newrelic.com bam.eu01.nr-data.net bam.nr-data.net consent.cookiebot.com consentcdn.cookiebot.com *.clarity.ms cdn.noibu.com wss://*.noibu.com https://*.noibu.com *.queue-it.net *.bing.com *.sc-static.net sc-static.net *.adnxs.com *.acdn.adnxs.com acdn.adnxs.com https://players.yumpu.com *.snapchat.com *.facebook.com *.connect.facebook.net connect.facebook.net *.ads-twitter.com *.google.com *.google.it *.recaptcha.net *.tiktok.com analytics.webgains.io *.webgains.link *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.collectibles.paniniamerica.net *.paniniamerica.net *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.cardinalcommerce.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.sharethis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com 'unsafe-inline' data: *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com js-agent.newrelic.com *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.collectibles.paniniamerica.net *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net qa-api.magedevteam.com *.adyen.com *.sharethis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.panini.it *.gigya.com *.pnn.webformat.cloud *.googleapis.com consentcdn.cookiebot.com consent.cookiebot.com *.facebook.com google.com/pay pay.google.com wss://*.noibu.com https://*.noibu.com bam.nr-data.net paninitutor-be-stage.nw.r.appspot.com paninitutor-be-prod.nw.r.appspot.com clarity.ms *.clarity.ms paniniadrenalyn.com *.paniniadrenalyn.com paninitutor-be-stage.appspot.com paninitutor-be-prod.appspot.com *.snapchat.com *.google.com *.google.it *.doubleclick.net *.pagead2.googlesyndication.com *.tiktok.com *.webgains.io *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.bing.com *.google.fr *.google.es *.google.be *.googlesyndication.com *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.cardinalcommerce.com t.elasticsuite.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src wss://*.noibu.com https://*.noibu.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';report-uri https://www.panini.it/shp_ita_it/webformat_csptools/report/; 1 default-src *.facebook.com *.fbcdn.net *.instagram.com data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self' *.teststagram.com *.instagram.com static.cdninstagram.com *.google-analytics.com https://translate.google.com https://apis.google.com https://accounts.google.com;style-src data: blob: 'unsafe-inline' *.fbcdn.net *.facebook.com *.instagram.com *.teststagram.com static.cdninstagram.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* ws://localhost:* blob: *.instagram.com *.cdninstagram.com wss://*.instagram.com:* 'self' *.teststagram.com wss://edge-chat.instagram.com connect.facebook.net about.instagram.com;font-src *.facebook.com data: fonts.gstatic.com *.fbcdn.net *.instagram.com *.teststagram.com static.cdninstagram.com *.intern.facebook.com;img-src *.instagram.com *.facebook.com *.fbcdn.net data: blob: *.cdninstagram.com *.fbsbx.com android-webview-video-poster: *.giphy.com *.teststagram.com *.igsonar.com *.google-analytics.com;media-src *.facebook.com *.fbcdn.net *.instagram.com *.cdninstagram.com cdn.fbsbx.com data: blob: https://*.giphy.com;frame-src *.instagram.com *.facebook.com *.fbsbx.com fbsbx.com data:;worker-src *.instagram.com/static_resources/webworker_v1/init_script/ *.instagram.com/static_resources/webworker/init_script/ *.instagram.com/static_resources/sharedworker/init_script/ *.instagram.com/www-service-worker.js;block-all-mixed-content;report-uri https://www.facebook.com/csp/reporting/?minimize=0; 1 default-src 'self'; script-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://www.google-analytics.com; upgrade-insecure-requests; 1 default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://5b0dfxfhuka0vuk5ju0see3i.httpschecker.net/report 1 object-src 'none';base-uri 'self';script-src 'nonce-QHQsJYLcN_EXjHl2gjbrKg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 base-uri 'none'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-Lj8ytFjTQMqbyqeVQK7DgA==' 1 default-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://sentry.amazongames.com https://dqzvgunkova5o.cloudfront.net; script-src 'nonce-5cfc44efbaa44c45935094ef7c27870e' https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://sentry.amazongames.com https://dqzvgunkova5o.cloudfront.net; style-src 'self' 'nonce-5cfc44efbaa44c45935094ef7c27870e' https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://sentry.amazongames.com https://dqzvgunkova5o.cloudfront.net; img-src 'self' data: https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://sentry.amazongames.com https://dqzvgunkova5o.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://*.ytimg.com; media-src 'self' data: https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://sentry.amazongames.com https://dqzvgunkova5o.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://www.youtube.com https://youtube.com https://*.googlevideo.com; frame-src https://www.youtube.com https://youtube.com https://*.googlevideo.com https://*.twimg.com https://player.twitch.tv/ https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.newworld.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://sentry.amazongames.com https://dqzvgunkova5o.cloudfront.net; report-uri https://www.amazon.com/1/batch/2/OE/mid=ATVPDKIKX0DER:sid=146-9136576-3865733:rid=854761910A824C158CE5:sn=www.newworld.com 1 font-src *.fontawesome.com maxcdn.bootstrapcdn.com https://*.movidesk.com fonts.gstatic.com static.sizebay.technology 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com 'self' 'unsafe-inline'; frame-ancestors https://*.cartstack.com.br https://*.directtalk.com.br https://*.soclminer.com.br https://*.pinimg.com sslwidget.criteo.com api.linximpulse.com 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: cdn.dnky.co webchat.dotdigital.com *.mercadolibre.com www.youtube.com *.weltpixel.com https://*.movidesk.com https://*.criteo.net dtbot.directtalk.com.br api.sunset.systems https://*.soclminer.com.br i.btg360.com.br https://*.criteo.com https://*.pinterest.com https://*.doubleclick.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.facebook.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com https://cdn.mundipagg.com https://api.pagar.me i.ytimg.com https://*.com https://*.net https://*.tv https://*.com.br https://*.co https://*.io https://*.fi https://*.it 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com js.iugu.com kaptcha.iugu.com *.googletagmanager.com *.facebook.net *.avada.io *.mlstatic.com *.mercadopago.com *.pagseguro.com.br https://yeesco.s3.amazonaws.com https://*.movidesk.com https://*.yeesco.com.br https://*.jquery.com https://*.shoptarget.com.br googleads.g-static.co static.shopback.net js.adstart.com.br api.pushio.com static.ads-twitter.com plausible.io moneribr.blob.core.windows.net https://*.directtalk.com.br googleads.g.doubleclick.net www.googletagmanager.com https://*.google.com www.gstatic.com js-agent.newrelic.com bam.nr-data.net u.heatmap.it app.cartstack.com.br conectiva.io s.pinimg.com plugins.soclminer.com.br static.socialminer.com https://*.yourviews.com.br https://*.lomadee.com i.btg360.com.br staticfiles.yviews.com.br https://*.sizebay.technology suite.linximpulse.net https://*.criteo.com static.criteo.net tag.rmp.rakuten.com https://*.segmentify.com https://*.sgmntfy.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com maxcdn.bootstrapcdn.com https://*.movidesk.com www5.directtalk.com.br fonts.googleapis.com https://*.soclminer.com https://*.soclminer.com.br staticfiles.yviews.com.br service.yourviews.com.br static.sizebay.technology https://*.segmentify.com https://*.sgmntfy.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com *.google-analytics.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolibre.com https://api.mundipagg.com https://api.pagar.me cdn.plyr.io noembed.com https://*.sizebay.technology https://*.retargeter.com.br https://*.movidesk.com https://*.shoptarget.com.br ckies.net https://*.shopback.net plausible.io pixel.adstart.com.br front.shopconvert.com.br www.google-analytics.com stats.g.doubleclick.net bam.nr-data.net ct.pinterest.com api.performa.ai https://*.yourviews.com.br https://*.soclminer.com.br https://*.linximpulse.net https://*.chaordicsystems.com https://*.socialminer.com https://*.tiktok.com https://*.yeesco.com.br https://*.sgmntfy.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src 'self'; frame-src 'self'; img-src 'self' data: https://img.airtel.tv https://moe-email-campaigns.s3.amazonaws.com https://image.moengage.com; style-src report-sample 'self' 'unsafe-inline'; script-src report-sample 'self' 'unsafe-inline' https://app.link/_r https://cdn.branch.io/branch-latest.min.js https://www.googletagmanager.com/gtag/js https://cdn.moengage.com/webpush/moe_webSdk.min.latest.js https://cdn.moengage.com/webpush/modules/inapp.js https://cdn.moengage.com/webpush/beta/sdk.inapp.cdnHelper.js https://cdn.moengage.com/webpush/releases/serviceworker_cdn.min.latest.js https://cdn.moengage.com/webpush/moe_webSdk_cards.min.latest.js https://cdn.moengage.com/webpush/moe_webSdk_webp.min.latest.js; 1 script-src 'nonce-619MtTGyafW+fYqXB0bvMw==' 'strict-dynamic' 'unsafe-eval' 'report-sample' https: 'unsafe-inline'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=QFCEPw0nkAB6m2moWY4KNrKzqDN0eYOUzrqOwzmK83K4gBqTK9Ydv2uMmFatO9Tnpwc=&policy_id=10&user_id=&request_id=006048b4-1c15-4d40-8688-ebff2c9b597b; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1 default-src 'self'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; font-src 'self' https: data: 'unsafe-inline'; img-src 'self' https: data:; connect-src 'self' https:; frame-src 'self' https://*.vipleiloes.com.br https://*.provedor.space https://streaming01.vplpar.com:5443; media-src 'self' https:; form-action 'self' https:; base-uri 'self'; frame-ancestors 'self' https://*.vipleiloes.com.br https://streaming01.vplpar.com:5443; object-src 'none'; 1 object-src 'none';base-uri 'self';script-src 'nonce-BrnTUo78Gim2jgg0vwluNQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src https://client.crisp.chat *.fontawesome.com *.cloudflare.com fonts.gstatic.com/ maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com www.promessedefleurs.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com p.monetico-services.com www.promessedefleurs.com 'self' 'unsafe-inline'; frame-ancestors www.promessedefleurs.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com *.google.com www.promessedefleurs.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://image.crisp.chat https://images.unsplash.com *.jardindupicvert.com *.promessedefleurs.com https://redchamps.com *.openstreetmap.fr *.openstreetmap.org unpkg.com *.google.com *.google.fr *.google.ie www.promessedefleurs.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.google.com https://client.crisp.chat *.avada.io https://cdnjs.cloudflare.com https://unpkg.com/pwacompat *.google.fr *.google.ie *.googletagmanager.com *.googleadservices.com www.promessedefleurs.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://client.crisp.chat *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unpkg.com www.promessedefleurs.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.promessedefleurs.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com https://client.crisp.chat wss://client.relay.crisp.chat https://plugins.crisp.chat *.jardindupicvert.com *.promessedefleurs.com https://get.geojs.io *.avada.io *.openstreetmap.org *.arcgis.com *.google-analytics.com *.doubleclick.net www.promessedefleurs.com 'self' 'unsafe-inline'; child-src www.promessedefleurs.com http: https: blob: 'self' 'unsafe-inline'; default-src www.promessedefleurs.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 'img-src' 'blob' 'default-src' 'self' 'unsafe-inline' 'unsafe-eval' 'blob' blob: http://blog-cms.weddingz.in https://stats.g.doubleclick.net https://securesentry.oyorooms.io https://code.getmdl.io https://assets.pinterest.com https://graph.facebook.com *.s3.amazonaws.com https://api.instagram.com https://api.pinterest.com https://connect.facebook.net *.cloudfront.net https://ds-aksb-a.akamaihd.net *.googleapis.com *.gstatic.com *.criteo.com *.criteo.net https://www.facebook.com https://www.google-analytics.com https://www.google.co.in https://www.google.com https://www.googletagmanager.com https://www.googleadservices.com https://m.weddingz.in https://media.weddingz.in https://js-agent.newrelic.com https://assets.oyoroomscdn.com https://maxcdn.bootstrapcdn.com https://weddingz.in https://www.youtube.com https://tagmanager.google.com *.instagram.com https://instagram *.tile.openstreetmap.org; report-uri /private_apis/content-security-violation/ 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.doubleclick.net *.snapchat.com www.speedway.com cdn.clarip.com *.facebook.com *.demdex.net www.googletagmanager.com *.gstatic.com sc-static.net cdn.jsdelivr.net assets.adobedtm.com olivia.paradox.ai www.google.com *.googleapis.com *.facebook.net assets.speedway.com www.google-analytics.com edge.adobedc.net adservice.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: l.evidon.com *.rfihub.net c.evidon.com somni.bluebird.com www.google.com *.doubleclick.net *.demdex.net *.rfihub.com *.gstatic.com www.googletagmanager.com assets.adobedtm.com adservice.google.com *.omtrdc.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 object-src 'none';base-uri 'self';script-src 'nonce-T38Ztev4v-hfmx_91_QpNg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.mktoutil.com bat.bing.com borrower-shared.fundingcircle.com cdn-account.optimonk.com *.optimizely.com dataplane.rum.eu-west-1.amazonaws.com cdn.polyfill.io cdn.redoc.ly *.googlesyndication.com cognito-identity.eu-west-1.amazonaws.com api.honeybadger.io www.google-analytics.com fc-uk-documents-production.s3.eu-west-1.amazonaws.com www.google.co.uk static.fundingcircle.com region1.analytics.google.com api.segment.io assets-fca.fundingcircle.com api.neuro-id.com *.doubleclick.net www.fundingcircle.com *.clarity.ms www.google.es borrower-api.fundingcircle.com front.optimonk.com analytics.google.com cdn.cookielaw.org *.cloudfront.net wa-us.fundingcircle.com www.google.nl ekr.zdassets.com *.gstatic.com assets-frontend.fundingcircle.com cdn.segment.com munchkin.marketo.net operation-diameter.fundingcircle.com *.mktoresp.com click.prod.mplat-ppcprotect.com www.google.ie sts.eu-west-1.amazonaws.com wa.fundingcircle.com *.youtube-nocookie.com img.shields.io content-uk.fundingcircle.com *.hotjar.com gs-cdn.optimonk.com api.addressy.com metrics.hotjar.io use.typekit.net *.facebook.com polyfill.io www.google.fr *.googleapis.com vc.hotjar.io api.cmp.inmobi.com *.licdn.com www.google.de www.google.com onsite.optimonk.com cmp.inmobi.com www.googletagmanager.com otel-collector.fundingcircle.com api.trustpilot.com *.linkedin.com widget.trustpilot.com *.facebook.net cdnjs.cloudflare.com jfapiprod.optimonk.com www.consumersadvocate.org js.honeybadger.io us-production-loan-application-documents.s3.us-east-1.amazonaws.com w.usabilla.com fc-auth-api.fundingcircle.com api.amplitude.com content.hotjar.io api.eu.amplitude.com eu-images.contentstack.com adservice.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 policy 1 script-src 'nonce-NEW5tNsPIlj59EoYvJVOzA==' 'strict-dynamic' https: 'unsafe-inline' 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=UELS4b0KSYWm42aVXCSWhghxK7Zc2_UGTnANBzcFH3Mm_YhmbHD7aBdf4c0tURljRu3x&policy_id=9&user_id=&request_id=58524fc5-cb4d-48a3-b145-9ad2dd6afdf3; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1 connect-src 'self' https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://*.googletagmanager.com; font-src 'self' data: fonts.gstatic.com; img-src 'self' data: https://*.google-analytics.com https://*.googletagmanager.com gstatic.com ytimg.com reliefweb.int; object-src 'none'; script-src 'self' 'unsafe-inline' fonts.googleapis.com www.gstatic.com https://*.google.com https://*.googletagmanager.com cdn.jsdelivr.net *.google-analytics.com https://cdnjs.cloudflare.com; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri https://response.reliefweb.int/report-uri/reportOnly 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.doubleclick.net www.mercurycards.com edge.fullstory.com tattle.api.osano.com use.fontawesome.com *.okta.com *.twitter.com www.googletagmanager.com logs.mercurycards.com rs.fullstory.com *.gstatic.com *.qualtrics.com www.google.com.ph api.cybersource.com cmp.osano.com staticimages.mercurycards.com hcaptcha.com 1.b406929acabac9b095f124c81bdfcf57f.com wss://mpsnare.iesnare.com www.google.com adservice.google.com *.linkedin.com t.co 1.c81358859121583b7adf2ace89cb39f44.com www.google-analytics.com *.licdn.com *.googleusercontent.com wup.mercurycards.com *.facebook.com *.ads-twitter.com go.mercurycards.com consent.api.osano.com mpsnare.iesnare.com 1.a79ab95c1589a13f8a4cab612bc71f9f7.com pixel.locker2.com *.facebook.net bcdn-god.we-stats.com thefontzone.com *.amazon-adsystem.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 frame-ancestors 'self' *.cfwnet.org http://www.cfwnet.org http://cfwnet.org www.cfwnet.org; report-uri /ocapi/Public/report-uri/csp; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: prod2-live-chat.sprinklr.com *.sprinklr.com www.google.ae www.google.jo js-agent.newrelic.com *.snapchat.com *.ads-twitter.com *.visualwebsiteoptimizer.com *.googleapis.com www.osn.com www.google.com www.google.tn bam.nr-data.net www.google.com.pk www.google.com.qa analytics.pangle-ads.com www.google-analytics.com *.doubleclick.net www.googletagmanager.com images.tv.osn.com www.google.com.ly analytics.osn.com www.google.dz www.google.com.eg content.osn.com region1.google-analytics.com *.facebook.com tags.bkrtx.com *.gstatic.com www.youtube.com *.twitter.com *.facebook.net www.google.co.uk eu1.clevertap-prod.com www.google.com.sa region1.analytics.google.com analytics.google.com www.google.com.bh cdnjs.cloudflare.com *.cloudfront.net www.google.com.om www.google.co.ma t.co *.tiktok.com sc-static.net *.bluekai.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 font-src https://*.gstatic.com https://fonts.gstatic.com https://widgets.xsellco.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.adyen.com *.sharethis.com account.fetchify.com *.klarna.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.adyen.com https://*.gstatic.com *.sharethis.com *.klarna.com *.klarnaevt.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.sharethis.com *.klarna.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com/ *.sharethis.com cc-cdn.com https://widgets.xsellco.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.sharethis.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.klarnaevt.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'none' ; img-src 'self' data: https://blob.userflow.com https://cdn.userflow.com https://js.userflow.com https://storage.googleapis.com/studio1-prod-blob/ * ; connect-src 'self' https://browser-intake-datadoghq.eu https://rum.browser-intake-datadoghq.eu https://logs.browser-intake-datadoghq.eu https://session-replay.browser-intake-datadoghq.eu https://api.analytics.pigment.app https://cdn.analytics.pigment.app https://auth.pigment.app https://staging-login.pigment.app wss://pigment.app wss://e.userflow.com https://cdn.userflow.com https://e.userflow.com https://js.userflow.com https://inapp.planhat.com https://analytics.planhat.com https://rs.fullstory.com wss://rs.fullstory.com https://edge.fullstory.com https://global.oktacdn.com https://api.segment.io https://cdn.segment.com ; script-src 'self' cdn.analytics.pigment.app edge.fullstory.com rs.fullstory.com js.userflow.com cdn.userflow.com app.planhat.com cdn.announcekit.app cdn.segment.com ; frame-src announcekit.co auth.pigment.app staging-login.pigment.app ; style-src 'self' 'unsafe-inline' js.userflow.com cdn.userflow.com fonts.googleapis.com cdn.announcekit.co ; worker-src blob: ; font-src 'self' fonts.gstatic.com data: ; manifest-src 'self' ; object-src 'none' ; media-src https://blob.userflow.com https://cdn.userflow.com https://storage.googleapis.com/studio1-prod-blob/ ; frame-ancestors https://pigmentsa-dev-ed.lightning.force.com/ https://pigmentsa-dev-ed--c.visualforce.com/; base-uri 'self' ; form-action https://announcekit.co ; report-uri https://pigment.uriports.com/reports/report ; report-to report ; 1 default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.de https://www.myheritage.de 'unsafe-eval' 'nonce-5c2b5fbe6addd466d0f15af0b61c842b' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.de;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1 object-src 'none';base-uri 'self';script-src 'nonce-8uZV6OxXxyJtV1Eh0RTyfw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 connect-src 'self' https://www.google-analytics.com *.google-analytics.com *.doubleclick.net *.analytics.google.com *.googletagmanager.com https://www.google.fi https://bam.nr-data.net *.bing.com wss://*.bing.com *.clarity.ms https://www.facebook.com https://locationservice.posti.com *.giosg.com *.adform.net *.giosgusercontent.com *.krxd.net *.swogo.net *.zdassets.com *.zopim.com *.zendesk.com wss://*.zopim.com *.sync.ksync.fi *.ksync.k-rauta.fi inpref.com *.inpref.com https://d2wzl9lnvjz3bh.cloudfront.net *.via.placeholder.com *.google.com *.google.se *.google.no *.google.fr *.google.co.uk *.google.ru *.google.de *.google.es *.google.dk *.google.nl https://survey.feedbackly.com *.sync.kesko.fi https://js.testfreaks.com *.optimizely.com; img-src 'self' data: *.keskofiles.com http://public-qa.keskofiles.com *.imgix.net https://www.google-analytics.com https://www.googletagmanager.com *.googletagmanager.com https://ssl.gstatic.com *.doubleclick.net https://www.gstatic.com https://www.google.se https://www.google.fi https://www.google.com *.analytics.google.com images.contentful.com images.ctfassets.net https://keskoanalytics.s3.eu-central-1.amazonaws.com https://maps.googleapis.com *.bing.com *.microsoft.com https://www.facebook.com https://img.youtube.com *.giosg.com *.adform.net *.giosgusercontent.com *.krxd.net https://giosg-chat-public-eu.s3.amazonaws.com *.ytimg.com *.videoly.co *.wistia.com *.wistia.net *.swogo.net https://optimize.google.com *.googleoptimize.com *.zdassets.com *.zopim.io *.sync.ksync.fi *.via.placeholder.com *.vumbnail.com *.sync.kesko.fi *.images.testfreaks.com; manifest-src 'self'; font-src 'self' https://fonts.gstatic.com 'unsafe-inline' data: *.giosg.com *.adform.net *.giosgusercontent.com *.krxd.net *.swogo.net *.cloudfront.net *.googleoptimize.com *.sync.ksync.fi https://sync.kesko.fi; frame-src 'self' *.doubleclick.net *.youtube.com *.youtu.be https://utm.keskoanalytics.com/ https://keskoanalytics.s3.eu-central-1.amazonaws.com sdx.microsoft.com https://www.facebook.com https://plussa.com/ https://www.plussa.com https://www.prkk.fi https://games.kesko.fi https://www.kromo.eu *.giosg.com *.adform.net *.giosgusercontent.com *.krxd.net *.kesko.fi http://krauta-fi.stage.rautakesko.episerverhosting.com *.stage.rautakesko.episerverhosting.com *.prod.rautakesko.episerverhosting.com *.thinglink.com https://optimize.google.com *.googleoptimize.com *.sync.ksync.fi https://sync.ksync.fi https://widget.trustpilot.com *.vimeo.com *.optimizely.com; style-src 'self' 'unsafe-inline' blob: https://tagmanager.google.com https://fonts.googleapis.com *.analytics.google.com *.googletagmanager.com https://keskoanalytics.s3.eu-central-1.amazonaws.com *.bing.com *.giosg.com *.cloudfront.net https://optimize.google.com *.googleoptimize.com https://sync.kesko.fi; script-src 'self' 'unsafe-inline' *.keskofiles.com https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com http://tagmanager.google.com *.doubleclick.net https://www.googleadservices.com *.analytics.google.com *.googletagmanager.com https://js-agent.newrelic.com https://bam.nr-data.net https://keskoanalytics.s3.eu-central-1.amazonaws.com https://scjc708q0d.execute-api.eu-west-1.amazonaws.com https://bat.bing.com https://r.bing.com https://connect.facebook.net *.giosg.com *.adform.net *.giosgusercontent.com *.krxd.net 'unsafe-eval' *.videoly.co *.swogo.net *.cloudfront.net https://optimize.google.com www.googleoptimize.com *.googleoptimize.com *.zdassets.com *.zopim.com *.zendesk.com *.kesko.fi *.kesko.se *.sync.ksync.fi inpref.com *.inpref.com https://d2wzl9lnvjz3bh.cloudfront.net fi1.frosmo.com *.fi1.frosmo.com https://d2oarllo6tn86.cloudfront.net *.k-rauta.fi https://widget.trustpilot.com https://sync.kesko.fi *.r.testfreaks.com https://js.testfreaks.com https://cr.testfreaks.com https://code.jquery.com https://scandit.com https://ssl.scandit.com; style-src-elem 'self' 'unsafe-inline' https://optimize.google.com *.googleoptimize.com *.sync.ksync.fi *.k-rauta.fi https://sync.kesko.fi; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com https://www.googletagmanager.com *.googletagmanager.com https://ssl.gstatic.com *.doubleclick.net https://www.gstatic.com https://www.google.se https://www.google.fi https://www.google.com *.analytics.google.com *.bing.com *.clarity.ms https://connect.facebook.net *.giosg.com *.adform.net *.giosgusercontent.com *.krxd.net *.videoly.co *.swogo.net *.cloudfront.net https://optimize.google.com *.googleoptimize.com *.zdassets.com *.zopim.com *.zendesk.com *.k-rauta.fi https://widget.trustpilot.com https://survey.feedbackly.com https://sync.kesko.fi *.r.testfreaks.com https://js.testfreaks.com https://cr.testfreaks.com https://code.jquery.com *.optimizely.com; media-src videos.contentful.com videos.ctfassets.net *.zdassets.com; default-src *.videoly.co *.youtube-nocookie.com *.youtube.com *.ytimg.com *.wistia.com *.wistia.net; report-uri https://www.k-rauta.fi/csp-report; 1 font-src *.fontawesome.com *.cloudflare.com *.twitter.com *.facebook.net *.gstatic.com *.typekit.net *.twimg.com *.hotjar.com *.trustedshops.com *.googleapis.com *.magentocommerce.com *.paypal.com *.cardinalcommerce.com *.authorize.net *.masterpassturkiye.com *.iyzipay.com *.bkm.com.tr *.akbank.com.tr *.yapikredi.com.tr *.garanti.com.tr *.zopim.com *.zopim.io *.mncdn.com *.personaclick.com *.mnmedya.com *.ipaper.io *.useinsider.com https://*.useinsider.com wss://*.useinsider.com *.tiktok.com *.googleoptimize.com *.creativecdn.com https://buysoci.al https://*.amazonaws.com *.criteo.com *.rossmann.com.tr *.vimeo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.twitter.com *.facebook.com *.mncdn.com *.personaclick.com *.mnmedya.com *.ipaper.io *.useinsider.com https://*.useinsider.com wss://*.useinsider.com *.tiktok.com *.googleoptimize.com *.creativecdn.com https://buysoci.al https://*.amazonaws.com *.criteo.com *.rossmann.com.tr *.vimeo.com 'self' 'unsafe-inline'; frame-ancestors *.google.com *.gstatic.com *.mncdn.com *.personaclick.com *.mnmedya.com *.ipaper.io *.useinsider.com https://*.useinsider.com wss://*.useinsider.com *.tiktok.com *.googleoptimize.com *.creativecdn.com https://buysoci.al https://*.amazonaws.com *.criteo.com *.rossmann.com.tr *.vimeo.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ https://www.googletagmanager.com/ *.twitter.com *.google.com *.gstatic.com *.hotjar.com *.google.com.tr *.veinteractive.com *.demdex.net *.solocpm.com *.facebook.com *.facebook.net *.addthis.com *.livechatinc.com *.yandex.ru *.adyen.com *.vimeo.com *.doubleclick.net *.bluekai.com *.useinsider.com *.masterpassturkiye.com *.iyzipay.com *.bkm.com.tr *.akbank.com.tr *.yapikredi.com.tr *.garanti.com.tr https://www.youtube.com http://www.sandbox.paypal.com www.paypal.com *.mncdn.com *.personaclick.com *.mnmedya.com *.ipaper.io https://*.useinsider.com wss://*.useinsider.com *.tiktok.com *.googleoptimize.com *.creativecdn.com https://buysoci.al https://*.amazonaws.com *.criteo.com *.rossmann.com.tr 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: *.vimeocdn.com i.ytimg.com *.youtube.com *.swagger.io http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.paypalobjects.com *.hotjar.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.magentocommerce.com *.cardinalcommerce.com *.authorize.net *.omtrdc.net *.newrelic.com *.doubleclick.net *.google.com *.google.com.tr *.facebook.com *.facebook.net *.demdex.net *.everesttech.net *.googleapis.com *.gstatic.com *.adis.ws *.livechatinc.com *.yandex.ru *.adyen.com *.setrowid.com *.setrow.com *.instagram.com *.useinsider.com *.googletagmanager.com *.masterpassturkiye.com *.iyzipay.com *.bkm.com.tr *.akbank.com.tr *.yapikredi.com.tr *.garanti.com.tr *.bing.com *.zopim.com *.zopim.io *.google.co.in *.mastercard.com *.mncdn.com *.personaclick.com *.mnmedya.com *.ipaper.io https://*.useinsider.com wss://*.useinsider.com *.tiktok.com *.googleoptimize.com *.creativecdn.com https://buysoci.al https://*.amazonaws.com *.criteo.com *.rossmann.com.tr *.vimeo.com *.bidswitch.net *.adnxs.com *.casalemedia.com *.media.net *.360yield.com *.outbrain.com *.rubinproject.com *.sharethrough.com *.smartadserver.net *.taboola.com *.teads.tv *.3lift.com *.emxdgt.com *.adform.net *.omnitagjs.com *.sync.com *.ivitrack.com *.mediavine.com *.pubmatic.com *.tremorhub.com *.yieldlab.net *.yieldmo.com *.semasio.net *.krxd.net *.thebrighttag.com *.smartadserver.com *.yahoo.com https://id5-sync.com *.rubiconproject.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.magentocommerce.com *.paypal.com *.hotjar.com *.cardinalcommerce.com *.authorize.net *.omtrdc.net *.instana.io *.google.com *.google.com.tr *.googletagmanager.com *.veinteractive.com *.facebook.net *.supert.ag *.setrowid.com *.mainadv.com *.doubleclick.net *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.livechatinc.com *.yandex.ru *.adyen.com *.vimeo.com *.jsdelivr.net *.setrow.com *.instagram.com *.criteo.com *.criteo.net *.ciritizr.com *.bkrtx.com *.cloudfront.net *.useinsider.com *.critizr.com *.behance.net *.swagger.io *.masterpassturkiye.com *.iyzipay.com *.bkm.com.tr *.akbank.com.tr *.garanti.com.tr *.bing.com *.zopim.com *.zdassets.com *.mncdn.com *.personaclick.com *.mnmedya.com *.ipaper.io https://*.useinsider.com wss://*.useinsider.com *.tiktok.com *.googleoptimize.com *.creativecdn.com https://buysoci.al https://*.amazonaws.com *.rossmann.com.tr 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.facebook.net *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.magentocommerce.com *.paypal.com *.paypalobjects.com *.hotjar.com *.cardinalcommerce.com *.authorize.net *.omtrdc.net *.newrelic.com *.setrowid.com *.setrow.com *.critizr.com *.useinsider.com *.adobedtm.com *.google-analytics.com *.googletagmanager.com *.swagger.io *.masterpassturkiye.com *.iyzipay.com *.bkm.com.tr *.akbank.com.tr *.yapikredi.com.tr *.garanti.com.tr *.bing.com *.mncdn.com *.personaclick.com *.mnmedya.com *.ipaper.io https://*.useinsider.com wss://*.useinsider.com *.tiktok.com *.googleoptimize.com *.creativecdn.com https://buysoci.al https://*.amazonaws.com *.criteo.com *.rossmann.com.tr *.vimeo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net *.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io *.cloudflare.com https://stats.g.doubleclick.net *.twitter.com *.facebook.com *.facebook.net *.paypal.com *.paypalobjects.com *.hotjar.com *.hotjar.io *.twimg.com *.magentocommerce.com *.cardinalcommerce.com *.cardinalcommerce.net *.veinteractive.com *.demdex.net *.yandex.ru *.vimeo.com *.setrowid.com *.setrow.com *.useinsider.com *.adobedtm.com *.swagger.io *.masterpassturkiye.com *.iyzipay.com *.bkm.com.tr *.akbank.com.tr *.yapikredi.com.tr *.garanti.com.tr *.zdassets.com *.zopim.com *.zopim.io wss://widget-mediator.zopim.com *.google-analytics.com *.mncdn.com *.personaclick.com *.mnmedya.com *.ipaper.io https://*.useinsider.com wss://*.useinsider.com *.tiktok.com *.googleoptimize.com *.creativecdn.com https://buysoci.al https://*.amazonaws.com *.criteo.com *.rossmann.com.tr 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-pu3juUMPbpwLobSUJuog9A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.nl https://www.myheritage.nl 'unsafe-eval' 'nonce-f7cabc0cc42cfc5dd64b3133198bbe54' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.nl;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1 default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.es https://www.myheritage.es 'unsafe-eval' 'nonce-24c060c4623c888c5c4902f475407b0e' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.es;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1 default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self';base-uri 'self';form-action 'self' 1 default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; worker-src blob: 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com t.co *.qualtrics.com www.mercadopago.com.mx *.googleapis.com magento-recs-sdk.adobe.net *.ads-twitter.com analytics.google.com *.clarity.ms commerce.adobedc.net www.mercadolibre.com unpkg.com sdk.mercadopago.com l.sharethis.com *.doubleclick.net commerce.adobe.io *.gstatic.com events.mercadopago.com http2.mlstatic.com *.facebook.com api.mercadopago.com bam.nr-data.net *.crazyegg.com commerce.adobedtm.com www.google-analytics.com api.mercadolibre.com *.facebook.net t.sharethis.com www.google.com.mx mcstaging.chopo.com.mx www.googletagmanager.com *.twitter.com adservice.google.com *.licdn.com ws.sharethis.com js-agent.newrelic.com *.linkedin.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 script-src 'strict-dynamic' 'nonce-VEM2KDERuE5F/cbZhdv7dA=='; 1 font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com staticw2.yotpo.com static.klaviyo.com *.fontawesome.com *.alothemes.com *.magepow.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.youtube.com tpc.googlesyndication.com pinterest.com tr.snapchat.com ct.pinterest.com paymentcapture.resin.com payments.amazon.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com *.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.azureedge.net *.highlights.com bat.bing.com ct.pinterest.com log.pinterest.com markhor.organicfruitapps.com cdn-vzn.yottaa.net p.yotpo.com collector-9323.us.tvsquared.com tr2.smarterhq.io login.dotomi.com login-ds.dotomi.com sp.analytics.yahoo.com t.co instagram.com d3k81ch9hvuctc.cloudfront.net global.smarterhq.io assets.bounceexchange.com events.bouncex.net tr.snapchat.com idr.cdnwidget.com c.bing.com bam.nr-data.net c.clarity.ms https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.alothemes.com *.magepow.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ connect.facebook.net graph.facebook.com business.facebook.com *.cloudfront.net *.smarterhq.io *.highlights.com s.pinimg.com bat.bing.com autolinkmaker.itunes.apple.com collector-9323.us.tvsquared.com assets.pinterest.com payments.qa-cloud.buysub.com identity.qa-cloud.buysub.com static.klaviyo.com s.yimg.com platform.twitter.com static.ads-twitter.com analytics.twitter.com www.google.com www.googleoptimize.com tpc.googlesyndication.com staticw2.yotpo.com https://api.bounceexchange.com/ assets.bounceexchange.com js-agent.newrelic.com/ lsdm.co mpsnare.iesnare.com *.mpsnare.iesnare.com wss://mpsnare.iesnare.com static-tracking.klaviyo.com bam.nr-data.net tag.wknd.ai track.securedvisit.com *.clarity.ms sc-static.net paymentcapture.resin.com cdn.quantummetric.com analytics.tiktok.com paymentcapture-staging.resin.com static-na.payments-amazon.com *.siteintercept.qualtrics.com *.abtasty.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.alothemes.com *.magepow.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.highlights.com payments.qa-cloud.buysub.com static.klaviyo.com use.typekit.net p.typekit.net staticw2.yotpo.com *.fontawesome.com https://static.klaviyo.com *.alothemes.com *.magepow.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.highlights.com ct.pinterest.com stats.g.doubleclick.net bat.bing.com tr2.smarterhq.io payments-api.qa-cloud.buysub.com static-forms.klaviyo.com telemetrics.klaviyo.com a.klaviyo.com s.yimg.com staticw2.yotpo.com bam.nr-data.net adservice.google.com wss://mpsnare.iesnare.com *.clarity.ms *.cdnbasket.net tr.snapchat.com pd.cdnwidget.com static-na.payments-amazon.com dfp.bouncex.net events.bouncex.net analytics.tiktok.com highlights-app.quantummetric.com *.siteintercept.qualtrics.com *.abtasty.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.alothemes.com *.magepow.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src static.klaviyo.com *.abtasty.com 'self' 'unsafe-eval'; base-uri 'self'; report-uri https://highlights.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1 object-src 'none';base-uri 'self';script-src 'nonce-C6v_zTNC1YJ83SYYnEhpng' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.fontawesome.com *.googleapis.com *.gstatic.com https://fonts.gstatic.com *.bootstrapcdn.com *.paypalobjects.com *.gladly.com https://www.google.com https://www.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://plumrocket.com *.facebook.com *.facebook.net *.yotpo.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://plumrocket.com *.weltpixel.com *.facebook.com *.paypal.com *.yotpo.com *.creditguard.co.il *.vimeo.com vimeo.com *.googletagmanager.com *.google.com *.xtento.com *.doubleclick.net *.gladly.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com https://cdn.cardknox.com/ *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * speedsize.com *.speedsize.com www.xtento.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com *.gstatic.com *.googleadservices.com *.facebook.com *.yotpo.com *.cdninstagram.com *.google-analytics.com *.google.com *.google.com.vn *.google.co.il *.google.com.sg *.google.co.uk *.google.de https://www.google *.magentocommerce.com *.paypal.com *.paypalobjects.com *.ytimg.com *.web-view.net *.googleapis.com *.nagich.co.il vimeo.com *.vimeo.com *.tilebar.com *.zdassets.com *.pxlecdn.com *.cloudfront.net *.roomvo.com *.byondxr.com *.searchspring.net *.gladly.com *.edgecastcdn.net *.doubleclick.net *.bing.com *.pinterest.com *.optimizely.com *.adnxs.com *.pubmatic.com *.adingo.jp *.adingo.com *.creativecdn.com *.yahoo.com *.yahoo.net *.trackedlink.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://redchamps.com speedsize.com *.speedsize.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com *.fontawesome.com *.googleapis.com *.gstatic.com *.google-analytics.com *.google.com *.googleadservices.com *.googletagmanager.com *.facebook.net *.doubleclick.net *.analytics.com *.rawgit.com *.nagich.co.il *.luckyorange.com *.xtento.com *.paypal.com *.paypalobjects.com *.forsixty.com *.criteo.com *.searchspring.io *.searchspring.net *.roomvo.io *.roomvo.com *.cloudflareinsights.com *.optimizely.com *.turnto.com *.pixlee.com *.pxlecdn.com *.byondxr.com *.cloudflare.com *.gladly.com *.smooch.io *.bing.com *.creativecdn.com *.pinimg.com *.particularaudience.com *.googletagservices.com *.googlesyndication.com cnstrc.com getrockerbox.com/ *.adnxs.com *.adingo.jp *.adingo.com *.cnstrc.com *.tilebar.com *.pinterest.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com https://cdn.cardknox.com/ifields/2.15.2309.2601/ifields.min.js *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com speedsize.com *.speedsize.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.googleapis.com *.bootstrapcdn.com *.cloudflare.com *.turnto.com *.gladly.com *.google.com *.gstatic.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com unsafe-inline assets.braintreegateway.com speedsize.com *.speedsize.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com speedsize.com *.speedsize.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com *.doubleclick.net *.analytics.com *.facebook.com *.google-analytics.com *.nagich.co.il player.vimeo.com *.luckyorange.com *.googleapis.com wss://realtime.luckyorange.com wss://in.visitors.live/socket.io wss://in.visitors.live/socket.io/ *.zdassets.com *.searchspring.io *.searchspring.net *.roomvo.io *.roomvo.com cloudflareinsights.com *.cloudflareinsights.com *.optimizely.com *.turnto.com *.byondxr.com unpkg.com *.unpkg.com *.gladly.com *.smooch.io *.creativecdn.com *.pinimg.com *.particularaudience.com *.googletagservices.com *.googlesyndication.com *.pinterest.com *.cnstrc.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com sessions.bugsnag.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com speedsize.com *.speedsize.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src speedsize.com *.speedsize.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-inline' https://player.vimeo.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' https://static.queue-it.net https://assets.queue-it.net https://www.youtube.com https://player.vimeo.com https://cdn.jsdelivr.net 'nonce-ImLOCP2PgShIgBFD1RCeBPxRnrJqO1c8WRS01VLePZM='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://vimeo.com https://cdn.jsdelivr.net; worker-src 'self' blob:;report-to https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub7b365ff4e383a8c546d53da7507a6fc0&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=booker 1 frame-src 'self' https://*.adyen.com *.cookiebot.com https://apps.apple.com https://*.zebet.fr https://*.zebet.com https://*.zebet.be https://*.zebet.es https://*.zebet.nl https://*.zeturf.be https://*.zeturf.com https://*.zeturf.es https://*.zeturf.fr https://*.zeturf.nl https://*.m-itrust.com https://*.redsys.es https://*.apata.io https://*.abanca.com https://*.n26.com https://*.postfinance.ch https://*.ing.fr https://*.monext.fr https://*.ing.com https://*.vinea.es https://*.verifiedbyvisa.com https://*.cic.fr https://*.cm-cic.com https://*.creditmutuel.fr https://*.modirum.com https://*.gbp.ma https://*.cornercard.ch https://*.wlp-acs.com ; report-uri /en/webservice/api/report-csp 1 require-trusted-types-for 'script'; base-uri 'none'; object-src 'none'; script-src 'self' 'sha256-VUe4dOmI6AU+F7Lx/KlcO2BRlAtDZCZqVMLIy8HZd4A=' *.google.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.youtube.com *.ytimg.com 1 object-src 'none';base-uri 'self';script-src 'nonce-wHXA7lepF2uXH6sPWMFUYA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.vita4you.gr *.googletagmanager.com *.adobe.com www.googleadservices.com www.google-analytics.com *.googleapis.com vimeo.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.contactpigeon.com assets.vita4you.gr *.newrelic.com *.nr-data.net fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com *.fontawesome.com 'self' data: *.skroutz.gr *.cloudflare.com *.twitter.com *.twimg.com *.usercentrics.eu *.bing.com *.zdassets.com *.google.com *.google.gr *.clarity.ms/ *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.contactpigeon.com assets.vita4you.gr *.google.gr *.skroutz.gr *.zopim.com *.moosend.com *.cloudflare.com td.doubleclick.net 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ widget-v3.boxnow.gr/ widget-v5.boxnow.cy *.skroutz.gr *.contactpigeon.com *.hotjar.com *.facebook.com td.doubleclick.net widget-v3.boxnow.gr *.clarity.ms/ *.bing.com *.addthis.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://trustmark.gr *.tiktok.com *.contactpigeon.com assets.vita4you.gr *.vita4you.gr *.googleapis.com *.gstatic.com *.trustedshops.com *.zopim.com cdn.jsdelivr.net *.skroutz.gr *.moosend.com *.cloudflare.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.bing.com *.zopim.io td.doubleclick.net *.facebook.com *.mastercard.com *.google.com *.google.gr *.googletagmanager.com *.clarity.ms/ *.klevu.com *.ksearchnet.com https://meetanshi.com/media/logo.png flagpedia.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ 'self' data: *.tiktok.com *.googletagmanager.com *.googleapis.com *.vita4you.gr *.facebook.net *.facebook.com *.doubleclick.net *.google-analytics.com *.gstatic.com *.contactpigeon.com assets.vita4you.gr *.newrelic.com *.nr-data.net *.paypal.com *.google.com *.hotjar.com *.fontawesome.com *.feedbackcompany.com *.trustpilot.com cdn.jsdelivr.net *.googleoptimize.com *.youtube.com *.skroutz.gr skroutza.skroutz.gr *.cloudflare.com *.google.gr https://trustmark.gr/badge/dist/index.js https://static.adman.gr/adman.js https://greca.adman.gr cdn.omnicliq.com/ss.js *.clarity.ms/ *.bing.com *.debugbear.com *.klevu.com *.ksearchnet.com *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com *.avada.io maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googletagmanager.com www.googleadservices.com www.google-analytics.com *.googleapis.com vimeo.com *.vita4you.gr *.facebook.net *.facebook.com *.doubleclick.net *.google-analytics.com *.gstatic.com *.contactpigeon.com assets.vita4you.gr *.newrelic.com *.nr-data.net *.fontawesome.com *.trustpilot.com cdn.jsdelivr.net *.skroutz.gr *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.bing.com *.hotjar.com *.clarity.ms/ *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' data: *.contactpigeon.com assets.vita4you.gr *.google.gr *.zopim.com *.skroutz.gr *.moosend.com *.cloudflare.com 'self' 'unsafe-inline'; manifest-src assets.vita4you.gr 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.gstatic.com *.mastercard.com *.google.com *.google.gr *.googletagmanager.com *.tiktok.com *.contactpigeon.com assets.vita4you.gr *.paypal.com td.doubleclick.net https://googleads.g.doubleclick.net/ *.zdassets.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.skroutz.gr *.cloudflare.com api.zevioo.com https://pagead2.googlesyndication.com ss.vita4you.gr *.bing.com *.clarity.ms/ *.debugbear.com *.klevu.com *.ksearchnet.com *.addthis.com https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 frame-ancestors 'self'; report-uri https://www.weeklytimesnow.com.au/csp-reports 1 object-src 'none';base-uri 'self';script-src 'nonce-IiJbrWX5_S1x02E6ZEMG4g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' *.adsrvr.org *.google.com *.doubleclick.net *.optimizely.com *.facebook.com *.cookielaw.org;script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com cdn.jsdelivr.net code.jquery.com embed.signalintent.com *.optimizely.com cdn.segment.com *.googleapis.com www.googletagmanager.com www.google.com www.gstatic.com *.btttag.com *.bing.com *.app-us1.com *.adsrvr.org *.doubleclick.net *.cookielaw.org www.google-analytics.com *.mypurecloud.com *.googleadservices.com *.pure.cloud *.aptrinsic.com *.bootstrapcdn.com js.monitor.azure.com *.facebook.net *.facebook.com trackcmp.net extractable-finalytics-storage.s3.us-west-2.amazonaws.com extractable-finalytics-stable.s3.us-west-2.amazonaws.com dfy3oyzv6dw2d.cloudfront.net;style-src 'self' 'unsafe-inline' use.fontawesome.com use.typekit.net embed.signalintent.com p.typekit.net *.mypurecloud.com *.googleapis.com *.aptrinsic.com *.jsdelivr.net *.bootstrapcdn.com extractable-finalytics-storage.s3.us-west-2.amazonaws.com extractable-finalytics-stable.s3.us-west-2.amazonaws.com dfy3oyzv6dw2d.cloudfront.net;img-src 'self' data: bat.bing.com *.google.com www.google-analytics.com content-cdn.com *.gstatic.com *.googleapis.com www.googletagmanager.com *.facebook.net *.facebook.com *.adsrrvr.org *.doubleclick.net *.yahoo.com *.cookielaw.org *.googlesyndication.com;font-src 'self' use.fontawesome.com embed.signalintent.com use.typekit.net *.mypurecloud.com *.gstatic.com *.googleapis.com *.cloudfront.net data:;connect-src 'self' ws: wss: *.googlesyndication.com signal-intent-production-back.herokuapp.com cdn.segment.com *.optimizely.com *.cookielaw.org calc-backend-prod.herokuapp.com d.btttag.com *.googleapis.com www.google-analytics.com api.segment.io *.doubleclick.net *.alaskausa.org *.bing.com *.aptrinsic.com *.episerver.net *.visualstudio.com *.google.com *.facebook.com finalyticsdata.com devfinalyticsdata.com stgfinalyticsdata.com;block-all-mixed-content 1 default-src 'self' https://exlibris.ch https://*.exlibris.ch https://baqend.com https://*.baqend.com; script-src 'self' https://exlibris.ch https://*.exlibris.ch https://baqend.com https://*.baqend.com https://googletagmanager.com https://*.googletagmanager.com https://epoq-systems.de http://epoq-systems.de https://*.epoq-systems.de http://*.epoq-systems.de https://epoq.de http://epoq.de https://*.epoq.de http://*.epoq.de https://google.com https://*.google.com https://googleanalytics.com https://*.googleanalytics.com https://google-analytics.com https://*.google-analytics.com https://googlesyndication.com https://*.googlesyndication.com https://gstatic.com https://*.gstatic.com https://googleapis.com https://*.googleapis.com https://googleadservices.com https://*.googleadservices.com bat.bing.com https://*.hotjar.com https://*.hotjar.io https://datatrans.com https://*.datatrans.com https://cookielaw.org https://*.cookielaw.org https://*.trustpilot.com *.kameleoon.eu 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://exlibris.ch https://*.exlibris.ch https://baqend.com https://*.baqend.com exlibris.azureedge.net exlibris.blob.core.windows.net https://epoq.de https://*.epoq.de https://migros.ch https://*.migros.ch https://*.google.de https://*.google.ch https://*.google.com https://*.google.it https://*.google.li https://*.google.tn https://*.google.co.uk https://*.google.com.sa https://*.google.ba https://google-analytics.com https://*.google-analytics.com https://google-analytics.ch https://*.google-analytics.ch https://google.com https://*.google.com https://analytics.google.com https://*.analytics.google.com https://analytics.google.ch https://*.analytics.google.ch https://googleapis.com https://*.googleapis.com bat.bing.com https://doubleclick.net https://*.doubleclick.net https://g.doubleclick.net https://*.g.doubleclick.net https://cookielaw.org https://*.cookielaw.org https://onetrust.com https://*.onetrust.com https://onetrust.io https://*.onetrust.io https://hotjar.com https://*.hotjar.com https://hotjar.io https://*.hotjar.io wss://*.hotjar.com wss://hotjar.com https://raygun.io https://*.raygun.io *.kameleoon.io; style-src 'self' 'unsafe-inline' https://exlibris.ch https://*.exlibris.ch https://baqend.com https://*.baqend.com https://googleapis.com https://*.googleapis.com https://google.com https://*.google.com fast.fonts.net https://epoq-systems.de https://*.epoq-systems.de https://epoq.de https://*.epoq.de http://epoq-systems.de http://*.epoq-systems.de http://epoq.de http://*.epoq.de; img-src 'self' dhttps data: https://baqend.com https://*.baqend.com https://exlibris.ch https://*.exlibris.ch https://googletagmanager.com https://*.googletagmanager.com exlibris.azureedge.net https://epoq-systems.de https://*.epoq-systems.de https://epoq.de https://*.epoq.de http://epoq-systems.de http://*.epoq-systems.de http://epoq.de http://*.epoq.de https://gstatic.com https://*.gstatic.com https://googleapis.com https://*.googleapis.com https://google-analytics.com https://*.google-analytics.com https://doubleclick.net https://*.doubleclick.net https://g.doubleclick.net https://*.g.doubleclick.net https://googlesyndication.com https://*.googlesyndication.com https://*.google.de https://*.google.ch https://*.google.at https://*.google.fr https://*.google.hr https://*.google.dz https://*.google.nl https://*.google.es https://*.google.it https://*.google.li https://*.google.lu https://*.google.sc https://*.google.si https://*.google.co.uk https://*.google.co.in https://*.google.com https://*.google.com.pa https://*.google.com.ph https://*.google.com.gh https://*.google.com.tr https://*.google.com.br https://*.google.com.cy https://hotjar.com https://*.hotjar.com https://hotjar.io https://*.hotjar.io bat.bing.com https://cookielaw.org https://*.cookielaw.org optanon.blob.core.windows.net exlibris.blob.core.windows.net https://migros.ch https://*.migros.ch https://ytimg.com https://*.ytimg.com; media-src 'self' data https://exlibris.ch https://*.exlibris.ch exlibris.blob.core.windows.net https://*.phononet.de/ exlibris.azureedge.net; frame-src 'self' https://exlibris.ch https://*.exlibris.ch https://google.de https://*.google.de https://google.com https://*.google.com https://googletagmanager.com https://*.googletagmanager.com https://googlesyndication.com https://*.googlesyndication.com https://youtube.com https://*.youtube.com https://datatrans.com https://*.datatrans.com https://bic-media.com https://*.bic-media.com https://youtube-nocookie.com https://*.youtube-nocookie.com https://doubleclick.net https://*.doubleclick.net https://hotjar.com https://*.hotjar.com https://hotjar.io https://*.hotjar.io https://tradedoubler.com https://*.tradedoubler.com https://blickinsbuch.de https://*.blickinsbuch.de https://book2look.com https://*.book2look.com https://postfinance.ch https://*.postfinance.ch https://viseca.ch/ https://*.viseca.ch/ https://bonuscard.ch/ https://*.bonuscard.ch/ https://3ds.bonuscard.ch/ https://*.3ds.bonuscard.ch/ https://arcot.com/ https://*.arcot.com/ https://*.trustpilot.com; font-src 'self' data https://exlibris.ch https://*.exlibris.ch https://baqend.com https://*.baqend.com https://gstatic.com https://*.gstatic.com https://google.com https://*.google.com https://hotjar.com https://*.hotjar.com https://hotjar.io https://*.hotjar.io; manifest-src 'self' https://exlibris.ch https://*.exlibris.ch https://baqend.com https://*.baqend.com; frame-ancestors 'self' https://exlibris.ch https://*.exlibris.ch; report-uri /loc/csp-report 1 base-uri 'self'; default-src 'self'; connect-src 'self' https://cdn.contentful.com https://graphql.contentful.com https://*.abtasty.com https://api.jardiland.com https://*.sentry.io https://api.axept.io https://client.axept.io https://*.algolia.net https://*.algolianet.com https://insights.algolia.io https://auth.jardiland.com https://*.google-analytics.com https://*.analytics.google.com https://www.facebook.com https://www.google.com https://www.google.fr https://*.contentsquare.net https://adservice.google.com https://analytics.google.com https://uberall.com https://geo.api.gouv.fr https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://s3.eu-west-1.amazonaws.com https://storage.googleapis.com https://izanami-api.tooling.invivodigitalfactory.com https://api-adresse.data.gouv.fr https://www.bonial.fr https://www.bonialserviceswidget.de https://trackingapi.bonial.fr https://bonialconnect.com https://analytics.tiktok.com https://maps.googleapis.com https://ct.pinterest.com https://lp.jardiland.com https://www.googleapis.com/geolocation/v1/geolocate 'self' false http://localhost:3000; font-src 'self' data: https://bonialconnect.com https://*.uberall.com https://fonts.gstatic.com 'self' https://*.abtasty.com; form-action 'self' https://*.be2bill.com/ https://*.dalenys.com/ https://www.facebook.com; frame-ancestors https://app.contentful.com; frame-src 'self' https://www.facebook.com https://*.doubleclick.net https://tpc.googlesyndication.com https://*.be2bill.com https://*.dalenys.com/ https://ct.pinterest.com https://www.youtube-nocookie.com; img-src 'self' data: blob: https://res.cloudinary.com https://images.ctfassets.net https://axeptio.imgix.net https://www.facebook.com https://connect.facebook.net https://*.contentsquare.net https://ade.googlesyndication.com https://adservice.google.com https://googleads.g.doubleclick.net https://img.youtube.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://www.google.fr https://www.google.com https://www.google.be https://www.google.it https://www.google.de https://www.google.es https://www.google.ch https://www.google.co.uk https://content-media.bonial.biz https://bonialconnect.com https://publisher-media-old.bonial.biz https://maps.googleapis.com https://maps.gstatic.com https://*.uberall.com https://ct.pinterest.com https://favicons.axept.io https://ct.pinterest.com 'self' https://assets.jardiland.com https://*.abtasty.com; object-src 'none'; script-src 'self' 'unsafe-eval' https://*.abtasty.com https://www.googletagmanager.com https://static.axept.io https://connect.facebook.net https://*.contentsquare.net https://*.dalenys.com https://googleads.g.doubleclick.net https://bonialconnect.com https://maps.googleapis.com https://uberall.com https://*.uberall.com https://tpc.googlesyndication.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.google.fr https://cdn.jsdelivr.net/npm/search-insights@2.2.1 https://france.conversiontoolbox.net https://analytics.tiktok.com https://s.pinimg.com https://lp.jardiland.com 'self' false 'nonce-KhZH+EYIiZAD+u3NXUBdng=='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com 'self' https://*.abtasty.com; worker-src blob: 1 connect-src 'self' 6sense.com *.6sense.com 6sc.co *.6sc.co acsbapp.com *.acsbapp.com adnxs.com *.adnxs.com agari.com *.agari.com company-target.com *.company-target.com demandbase.com *.demandbase.com doubleclick.net *.doubleclick.net google-analytics.com *.google-analytics.com google.co.in *.google.co.in google.com *.google.com hotjar.com *.hotjar.com hotjar.io *.hotjar.io hsforms.com *.hsforms.com hubspot.com *.hubspot.com linkedin.com *.linkedin.com litix.io *.litix.io nr-data.net *.nr-data.net omappapi.com *.omappapi.com visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com wistia.com *.wistia.com g2crowd.com *.g2crowd.com wss://ws.hotjar.com pagead2.googlesyndication.com adservice.google.com; default-src 'self'; font-src 'self' gstatic.com *.gstatic.com data: themes.googleusercontent.com fast.wistia.com; frame-src 'self' static.addtoany.com s.company-target.com consent.trustarc.com js.driftt.com x.adroll.com td.doubleclick.net fortra.outgrow.us; img-src 'self' data: secure.gravatar.com *.6sc.co *.helpsystems.com *.fortra.com www.coresecurity.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.omappapi.com track.hubspot.com *.trustarc.com *.hsforms.com dev.visualwebsiteoptimizer.com embed-ssl.wistia.com id.rlcdn.com segments.company-target.com fast.wistia.com x.adroll.com www.google.co.in www.google.ca ipv4.d.adroll.com www.google.com.ar www.google.co.uk px.ads.linkedin.com www.google.fi www.google.com.my www.google.it www.google.co.nz www.google.com.bd www.google.pl www.google.nl www.linkedin.com; media-src 'self' blob: embed-ssl.wistia.com; object-src 'self'; script-src 'self' 33across.com 6sc.co acsbapp.com adroll.com agari.com cloudflareinsights.com demandbase.com doubleclick.net g2crowd.com google-analytics.com googletagmanager.com hotjar.com *.agari.com *.33across.com *.6sc.co *.acsbapp.com *.adroll.com *.cloudflareinsights.com *.demandbase.com *.doubleclick.net *.g2crowd.com *.google-analytics.com getsmartacre.github.io *.getsmartacre.github.io *.googletagmanager.com *.hotjar.com hs-analytics.net *.hs-analytics.net hs-banner.com *.hs-banner.com hs-scripts.com *.hs-scripts.com hsforms.net *.hsforms.net hsleadflows.net *.hsleadflows.net hubspot.com *.hubspot.com intentsify.io *.intentsify.io licdn.com *.licdn.com newrelic.com *.newrelic.com omappapi.com *.omappapi.com trustarc.com *.trustarc.com usemessages.com *.usemessages.com visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com wistia.com *.wistia.com 'sha256-QGdp0ljQJ0iidDV0P52xF/pVLTBl8XZw/BZN7Wp3C6M=' addtoany.com *.addtoany.com 'sha256-DrNRwxb1e+98GdHlXlxIM0+OFQvH2M8cvaqOFbloKyw=' 'sha256-AkMX/lsA2MuhlogszMv7DXEVsVVtM4tWH29mKTyxHJk=' 'sha256-tQ/xQHJbpYC4OvqFLskjG/H+URKopxf8pFwcNJYvouU=' 'sha256-RhSW3VHyIM33OkPY6gg7vrL2NcW5Ms/WbNRvQiwKoYc=' 'sha256-8D8dEPWVT29qx5X7YYOS4LgaFRv7TWXZru0XP0gTbzg=' 'sha256-bQIPaGr9aIbpPAFo8/ifn27Q1QDyiozI48ADbBb+vFc=' 'sha256-SL83/XJXDYtmAwkPciOWy477WBm+1+7eA9nRnzGLpUA=' 'sha256-RIe0nOG9iuWT9XykOFx4qffffByjtUfsGjipXn8/o6w=' 'sha256-ZyEtbQegETkrDUL8eMmdlGkuBX6ZfS1FjXqJJqHUH1E=' 'sha256-NTrfK2AWitvKC80jLA+z3ohTHYK8OWKNlc8uecd7G8s=' driftt.com *.driftt.com 'sha256-iF51hwP8IBAv+fPuc9gZBlWEiquS8l34OSGZkOuMuLc=' 'sha256-MxYn/1PCuW3ycnAqM+sxl7EqKBbuGUOBLSIjqrRRX1A=' cloudflare.com *.cloudflare.com 'sha256-q+o79s/2v3kyn2KgqNj5UMXu6GhJL3C1AR4DgavQYTs=' 'sha256-RQ27XPhzgV7CA6Ii0127ZV3fJju4uzZcHD5lno3kKZM=' 'sha256-ivAGOBQj3CgbLlWmR35GDsy/V9pI9PY2QJI9oYIPATA=' 'sha256-ie2mNu4qAHIW1xLoCXaExN7pHbtvMKxAwAj66ZL20W0=' 'sha256-S6Erfq/TqN8CQj1PfcDLOezVwgyf7DHr/RdgKtqag2M=' 'sha256-y3p+BeHZv8Tcjz2kbbDY+1s3ds9b2+mkP6LZQPYFNJE=' 'sha256-sIgtaxywr6/TO7urivd83dA/0YwRJfcGNC4lCByLLG0=' 'sha256-FbKC/h+NnS6z8U8fJoITc8rinvsKOjxsRH0lZxd64gE=' 'sha256-I66AimRxl+69xdNjR6FWmQ8eWNwsHgWuFYxnZZM1UeI=' 'sha256-EKi+Um52ZYr2NP/LZWujrku6eluGchflZqNo0UgPQq8=' 'sha256-wI8MSIadO7n++39voIpaBxz6Ron/irRf6mK0GLWHaSE=' 'sha256-MC5Nm9GAiY2MjJ3gYHvnheAN8jJtDkiBC8KcccIJfY0=' 'sha256-i4aadpZdid9j3HWHuZI+cIZm1yMlOqVl90CLm0iEl+8=' 'sha256-gqwMmtvdbC677uz9VjkZBugo8T+GpyZhTv5uPRo3UcA=' 'unsafe-eval' 'sha256-vaDLdv2o4b+8iV9e9rWM3ABeKZEx+NvnbrlP/BNLft4=' 'sha256-NPqUzVP5+lvWHD6rHKo0DZ9cJ2+CDcAAyZxkFswHuAE=' 'sha256-4NnDKKm7eGg/67XScOGTWhoso+kRIOFnZirHDAnzU7Y=' 'sha256-liAF/nC7v/Alpzx1QMIiH5cetbnMY7JBrVUQG6mDRIs=' 'sha256-X3ENyBmYIzwaWlLGgYstDuGRE313ukLjZPaosBSmwzQ=' 'sha256-8u9Z217R4UwlgtSH/YSfu+en6qvTbm6wpuwcUNwl3mc=' 'sha256-dfIg75m7UvR6K27yS3QYE6Aa9RXwiaufJtcrCeUsNbM=' 'sha256-9O9Jy9OtqPrSyQvygmTJ7dnjQRa5OBZD5GhRjTZBQUw=' 'sha256-OEFjIoY1s5mx90qNdzURyrBsn/Ql0njM9HlP2mJyUhw=' 'sha256-33wfXQMBts+SamTlVRL6lkoEaM73xomPI4PdO3U+S78=' 'sha256-45fSwqNQfnWaWXe4n/mhHYnpDWQw5ud7hb45ubIz1W4=' 'sha256-l0Z81jZh6rZBY2u6x/xBxHo/ylOkYcvn2W361SfFT3Y=' 'sha256-NFHvmii43ohqGHWv/cMEYNFmgLTEXHAzvOmAGnEIjZs=' 'sha256-jl35KLQAfABo4F8z+/xBKkFy9HqyrPgZdBUjIzB6vkc=' 'sha256-4FvOU6CtyShmYC8h6h3gksqYXKBAkpqhqfP9HFueEwk=' 'sha256-WweXHIqc3lJWBnbQzcSq/xPtJd5ctmk3KhUeNpvNK8o=' dyv6f9ner1ir9.cloudfront.net 'sha256-D86GKf7JkVHwSvYAocMo+dDA0Ec167OyN4oc+fueWUM=' 'sha256-jd6A5h8PVeADKfUrRz5t9GCN+AeYnZClSt4O/OD5oz0='; style-src 'self' fonts.googleapis.com cdnjs.cloudflare.com *.fontawesome.com stackpath.bootstrapcdn.com *.omappapi.com 'unsafe-inline'; worker-src 'self'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=vi5jiwvl8xYqSJf75u59CJTQZfxl5rkytKRPP1eTwZk-1711594254-1.0.1.1-pNY8w7EV0ygRumtmOQJfojoku7HAKIjXdOlHKk5toVNFiCCZujXmQITpGClE8EeXWHt2F.pxrRXt3XNH4KwtwesRrRgSLepUaNNuYRuRGQ.p7YqmOic0R5p1NeFTtUYngvsfWUYyE_6cBe6Hn_peznVOeNgFDuVj8QRzS2tEI1dWclqAudb7vckQ01MfbApowqDqMHm83n3n4IlSmgdPSQ; report-to cf-itnocntwfrezgrvz 1 font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com 'self' data: *.tawk.to fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.tawk.to *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.innoship.ro https://www.googletagmanager.com/ *.wesupply.xyz https://wesupplylabs.com s.pinimg.com ct.pinterest.com consentcdn.cookiebot.com *.tawk.to *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.gstatic.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.tbicp.com *.tile.openstreetmap.org *.openstreetmap.org http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ cdn1.themarketer.com *.hsforms.net *.hsforms.com 'self' data: www.google.ro/ads www.facebook.com/tr analytics.tiktok.com *.google-analytics.com *.analytics.google.com s.pinimg.com ct.pinterest.com *.tawk.to cdn.jsdelivr.net *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.tbicp.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io cdn1.themarketer.com *.hsforms.net *.hsforms.com www.google.ro attr-2p.com cdnjs.cloudflare.com retargeting.newsmanapp.com analytics.tiktok.com https://connect.facebook.net s.pinimg.com ct.pinterest.com consent.cookiebot.com *.tawk.to cdn.jsdelivr.net https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com cdn1.themarketer.com *.googleapis.com *.gstatic.com *.tawk.to cdn.jsdelivr.net tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io cdn1.themarketer.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com https://connect.facebook.net analytics.tiktok.com *.analytics.google.com s.pinimg.com ct.pinterest.com *.tawk.to wss://*.tawk.to *.facebook.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: wss://oomessaging.service.signalr.net *.akamaihd.net skywest.dimelochat.com *.brightcove.net cdn.honey.io www.skywestonline.com *.gstatic.com manifest.prod.boltdns.net oomessaging.service.signalr.net ajax.aspnetcdn.com metrics.brightcove.com files-skywest-com.s3.us-west-2.amazonaws.com *.googleapis.com myswc.com www.googletagmanager.com www.google-analytics.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.doubleclick.net cdn.landbot.io *.clarity.ms *.facebook.net content.hotjar.io static.landbot.io www.google.com.mx vc.hotjar.io *.gstatic.com *.googleapis.com *.hotjar.com www.google-analytics.com *.googleadservices.com analytics.google.com www.googletagmanager.com chats.landbot.io www.google.com *.facebook.com adservice.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 img-src 'self' data: https: https://*.johnnybet.com/ https://*.johnnybet.ru/; default-src 'none'; font-src 'self' data: https://fonts.gstatic.com/ https://*.johnnybet.com/ https://*.johnnybet.ru/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://*.johnnybet.com/ https://*.johnnybet.ru/; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com/ https://mc.yandex.ru/metrika/tag.js https://static.hotjar.com https://www.gstatic.com/recaptcha/ https://ajax.googleapis.com/ajax/libs/webfont/ https://www.googletagmanager.com/ https://*.google-analytics.com/ https://bam.nr-data.net/ https://js-agent.newrelic.com/ https://connect.facebook.net/ https://www.googleoptimize.com/ https://script.hotjar.com/ https://*.johnnybet.com/ https://faye.johnnybet.com/faye https://*.johnnybet.ru/; media-src 'self' https://*.johnnybet.com/ https://*.johnnybet.ru/; frame-src 'self' http: https:; manifest-src 'self' https://*.johnnybet.com/ https://*.johnnybet.ru/; connect-src 'self' https://stats.g.doubleclick.net/ https://*.google-analytics.com/ https://bam.nr-data.net/ https://mc.yandex.md/ https://mc.yandex.ru/ https://yandexmetrica.com:* https://*.johnnybet.com/ https://faye.johnnybet.com/faye https://*.johnnybet.ru/ 1 font-src *.bootstrapcdn.com *.trackcmp.net *.hotjar.com *.google-analytics.com *.nr-data.net *.typeform.com use.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://plumrocket.com 'self' business.facebook.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google.com https://plumrocket.com *.hotjar.com *.addthis.com *.libsyn.com *.locally.com *.sheerid.com *.wayin.com *.newtonsoftware.com https://recruitingbypaycor.com/ *.curalate.com *.formstack.com *.trackcmp.net *.google-analytics.com *.nr-data.net data: *.typeform.com *.pagescdn.com *.yextpages.net business.facebook.com *.googleapis.com *.weltpixel.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com store.paradoxlabs.com *.google.com *.mageside.com mageside.com *.bc0a.com *.curalate.com *.s3.amazonaws.com *.amazonaws.com *.leupold.com *.googleapis.com *.gstatic.com *.trackcmp.net *.hotjar.com *.google-analytics.com *.nr-data.net *.typeform.com *.b0e8.com https://img.youtube.com business.facebook.com maps.gstatic.com *.yotpo.com swellrewards.com *.swellrewards.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google.com *.gstatic.com *.authorize.net *.hotjar.com *.curalate.com *.app-us1.com *.avmws.com *.acsbapp.com acsbapp.com *.googleapis.com *.googletagmanager.com *.paypalobjects.com *.sheerid.com *.jsdelivr.net *.addthis.com *.addthisedge.com *.moatads.com *.cloudfront.net *.locally.com *.wayin.com *.activehosted.com *.newtonsoftware.com recruitingbypaycor.com *.leupold.com *.trackcmp.net *.google-analytics.com trackcmp.net *.vimeo.com *.apptrian.com *.facebook.com *.typeform.com *.sitescdn.net *.yextpages.net *.pagescdn.com *.b0e8.com *.bc0a.com *.kaptcha.com s7.addthis.com business.facebook.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com swellrewards.com *.swellrewards.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sheerid.com *.bootstrapcdn.com *.trackcmp.net *.hotjar.com *.google-analytics.com *.nr-data.net *.typeform.com *.sitescdn.net tagmanager.google.com *.yotpo.com swellrewards.com *.swellrewards.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.googleapis.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src *.trackcmp.net *.hotjar.com *.google-analytics.com *.nr-data.net *.doubleclick.net *.typeform.com 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.authorize.net *.bc0a.com *.hotjar.com wss://*.hotjar.com *.addthis.com *.googleapis.com *.acsbapp.com *.curalate.com *.hotjar.io *.trackcmp.net *.google-analytics.com *.g.doubleclick.net *.typeform.com *.pagescdn.com *.yext.com *.yext-pixel.com *.kaptcha.com ekr.zdassets.com/ business.facebook.com *.yotpo.com swellrewards.com *.swellrewards.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-1heVN4EHtL99GXrLknqCQw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src fonts.gstatic.com use.typekit.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net resources.directa24.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br *.mercadopago.com.br *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.attn.tv events.attentivemobile.com resources.directa24.com *.googleadservices.com *.gstatic.com *.google.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br *.mercadopago.com.br *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com https://static.klaviyo.com *.fontawesome.com *.cloudflare.com https://fonts.googleapis.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br *.mercadopago.com.br *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net qa-api.magedevteam.com *.attn.tv events.attentivemobile.com directa24.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br *.mercadopago.com.br *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.pl https://www.myheritage.pl 'unsafe-eval' 'nonce-58cffe26ac69923d0c8dc04080c9c1f3' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.pl;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1 object-src 'none';base-uri 'self';script-src 'nonce-RnAxNLXaLiYtZxJC0X2eZQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: get.geojs.io cdn.jsdelivr.net *.doubleclick.net www.google-analytics.com *.facebook.com bam.nr-data.net analytics.google.com netdna.bootstrapcdn.com code.jquery.com cdn.cookielaw.org www.youtube.com *.gstatic.com *.twitter.com d.tailtarget.com tags.t.tailtarget.com player.twitch.tv ipinfo.io static.addtoany.com js-agent.newrelic.com *.clarity.ms tt-10943-6.seg.t.tailtarget.com t.tailtarget.com *.googleapis.com t.co *.facebook.net www.google.com.br www.googletagmanager.com b.t.tailtarget.com cdnjs.cloudflare.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 default-src https:;frame-ancestors about: 'self';frame-src https://optimize.google.com *;style-src https://optimize.google.com https://fonts.googleapis.com https: data: 'unsafe-inline' *;script-src https://www.googleanalytics.com https://www.google-analytics.com https://optimize.google.com * 'unsafe-inline' 'unsafe-eval';img-src https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com https: data: *;font-src https://fonts.gstatic.com data: *;object-src 'none';connect-src * ws: wss:; report-uri https://res.destinia.com/web/csp-violation-report-endpoint; report-to default; 1 base-uri 'self'; default-src 'self'; connect-src 'self' https://cdn.contentful.com https://graphql.contentful.com https://*.abtasty.com https://api.gammvert.fr https://*.sentry.io https://api.axept.io https://client.axept.io https://*.algolia.net https://*.algolianet.com https://insights.algolia.io https://auth.gammvert.fr https://*.google-analytics.com https://*.analytics.google.com https://www.facebook.com https://www.google.com https://www.google.fr https://*.contentsquare.net https://adservice.google.com https://analytics.google.com https://uberall.com https://geo.api.gouv.fr https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://s3.eu-west-1.amazonaws.com https://storage.googleapis.com https://izanami-api.tooling.invivodigitalfactory.com https://api-adresse.data.gouv.fr https://www.bonial.fr https://www.bonialserviceswidget.de https://trackingapi.bonial.fr https://bonialconnect.com https://analytics.tiktok.com https://maps.googleapis.com https://ct.pinterest.com https://lp.jardiland.com https://www.googleapis.com/geolocation/v1/geolocate 'self' false http://localhost:3000; font-src 'self' data: https://bonialconnect.com https://*.uberall.com https://fonts.gstatic.com 'self' https://*.abtasty.com; form-action 'self' https://*.be2bill.com/ https://*.dalenys.com/ https://www.facebook.com; frame-ancestors https://app.contentful.com; frame-src 'self' https://www.facebook.com https://*.doubleclick.net https://tpc.googlesyndication.com https://*.be2bill.com https://*.dalenys.com/ https://ct.pinterest.com https://www.youtube-nocookie.com; img-src 'self' data: blob: https://res.cloudinary.com https://images.ctfassets.net https://axeptio.imgix.net https://www.facebook.com https://connect.facebook.net https://*.contentsquare.net https://ade.googlesyndication.com https://adservice.google.com https://googleads.g.doubleclick.net https://img.youtube.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://www.google.fr https://www.google.com https://www.google.be https://www.google.it https://www.google.de https://www.google.es https://www.google.ch https://www.google.co.uk https://content-media.bonial.biz https://bonialconnect.com https://publisher-media-old.bonial.biz https://maps.googleapis.com https://maps.gstatic.com https://*.uberall.com https://ct.pinterest.com https://favicons.axept.io https://ct.pinterest.com 'self' https://assets.gammvert.fr https://*.abtasty.com; object-src 'none'; script-src 'self' 'unsafe-eval' https://*.abtasty.com https://www.googletagmanager.com https://static.axept.io https://connect.facebook.net https://*.contentsquare.net https://*.dalenys.com https://googleads.g.doubleclick.net https://bonialconnect.com https://maps.googleapis.com https://uberall.com https://*.uberall.com https://tpc.googlesyndication.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.google.fr https://cdn.jsdelivr.net/npm/search-insights@2.2.1 https://france.conversiontoolbox.net https://analytics.tiktok.com https://s.pinimg.com https://lp.jardiland.com 'self' false 'nonce-4+HKUc8Xa0TwZKuW1BDrFg=='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com 'self' https://*.abtasty.com; worker-src blob: 1 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 1 default-src 'self' data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com https://cdn.jsdelivr.net https://kit.fontawesome.com https://www.google.com/recaptcha/api.js https://www.google.com https://www.gstatic.com/recaptcha https://www.gstatic.com https://foodstandards.gov.au https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net; img-src 'self' data: https://www.googletagmanager.com https://foodstandards.gov.au https://foodstandards.govt.nz data:; media-src 'self' data:; frame-src 'self' https://www.youtube.com https://www.google.com; font-src *.fonts.googleapis.com *.fontawesome.com https://fonts.gstatic.com https://fonts.googleapis.com https://cdn.jsdelivr.net 'self'; connect-src 'self' https://ka-p.fontawesome.com https://kit.fontawesome.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 object-src 'none';base-uri 'self';script-src 'nonce-AfkJyIfaT5OZimjRYom8QA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 base-uri 'self'; connect-src 'self' https: https://loveholidays-dataplane.rudderstack.com; style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com https://a.loveholidays.com https://www.googletagmanager.com https://sdk.primer.io; script-src 'self' 'unsafe-inline' https://a.loveholidays.com https://www.googletagmanager.com https://maps.googleapis.com https://*.g.doubleclick.net https://tagmanager.google.com; img-src 'self' https: data: blob: https://a.loveholidays.com; font-src 'self' data: https: https://a.loveholidays.com; media-src 'self' https: blob:; worker-src 'self' https: blob:; report-uri /csp-report/; report-to /csp-report/ 1 default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=show&source%5Bapp%5D=ShopifyAppStore&source%5Bcontroller%5D=merchant%2Fapp_details&source%5Buuid%5D=2ba50950-a719-4c08-90b7-e186a565159f-1711592000 1 connect-src 'self' data: *.fontawesome.com *.google-analytics.com *.doubleclick.net *.google.com googletagmanager.com *.acsbapp.com wss://webmessaging.usw2.pure.cloud *.pure.cloud *.userway.org *.alive5.com alive5.com;default-src 'self' data: d13qcyivyon4xf.cloudfront.net *.recollect.net www2.elpasotexas.gov *.piktochart.com elpasotx.citysourced.com alive5.com *.pure.cloud td.doubleclick.net *.userway.org *.powerbigov.us;font-src 'self' data: *.gstatic.com *.fontawesome.com *.jsdelivr.net *.typekit.net *.fastly.net acsbapp.com *.userway.org;img-src 'self' data: *.google.com *.googleapis.com *.google-analytics.com *.jsdelivr.net *.fastly.net *.recollect.net *.piktochart.com *.userway.org *.alive5.com;script-src 'self' 'nonce-1f0ecd002ebe247d' *.fontawesome.com *.googletagmanager.com *.google.com *.google-analytics.com *.gstatic.com *.jquery.com 'sha256-EFV8pmp/wh+U6PZamj4KQ0q8X4ZQK18tF7skjashMC0=' 'sha256-d470bixwKmL9bRvqX+/YcGn63ywAfKoybYPkM5Uytpg=' 'sha256-CWheM/qrotfHL9rkBHCUQoQJ26R59qBT9Y6zmdWMo4I=' *.cloudflare.com *.jsdelivr.net *.recollect.net 'sha256-GZcyqV0YX2St+S/OQczTu1wNNg/O+RTwzw2JTTta3P0=' googletagmanager.com acsbapp.com *.pure.cloud *.acsbapp.com 'sha256-EhQpu6NNucte8YbnJ4xqNQ3ZEr6lZr9OylXRM08U23w=' 'sha256-6LGMzcnzg+kSHN9kCfnGBfyFkTD5ralHy4kgX9bEKac=' *.userway.org alive5.com 'sha256-Ktbr5+uWaq/tdIzd+uSnzMynWRb8C1GgwNmidruZnl4=' *.elpasotexas.gov 'sha256-N/ojzpn0NH2iToAWgtz7/qj3VTBrzGc5Kq/wcHmeC9g=' 'sha256-32mhgs7qr26DY71TSkr2GH6b4cN1O1vqJZeD8VqK09E=';style-src 'self' 'unsafe-inline' *.googleapis.com *.fontawesome.com *.google.com *.jsdelivr.net *.typekit.net *.fastly.net alive5.com *.userway.org; 1 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.klevu.com *.ksearchnet.com *.personalizer.ai data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.vimeo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.klevu.com *.ksearchnet.com *.personalizer.ai *.eplaneta.ha.rs *.eplaneta.rs *.google.hr *.google.rs data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com js.klevu.com *.ksearchnet.com *.klevu.com *.personalizer.ai *.platforma-microservices.loc platforma-microservices.loc 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.klevu.com *.ksearchnet.com *.personalizer.ai 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.klevu.com *.ksearchnet.com *.personalizer.ai *.zsdevelopment.com *.platforma-microservices.loc platforma-microservices.loc *.remiks.com *.eplaneta.rs *.eplaneta.loc *.google.hr *.google.rs *.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.googleapis.com fonts.gstatic.com https://fonts.gstatic.com *.gstatic.com data: *.fontawesome.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com 'self' data: *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://plumrocket.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.weltpixel.com https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com maxcdn.bootstrapcdn.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; img-src https://www.google.com/pagead/1p-user-list/1006330028/?random=1661327724506&cv=9&fst=1661324400000&num=1&label=tXnKCO7515ICEKzB7d8D&bg=ffffff&guid=ON&u_h=1200&u_w=1920&u_ah=1160&u_aw=1920&u_cd=24&u_his=2&u_tz=180&u_java=false&u_nplug=5&u_nmime=2>m=2wg8m0&sendb=1&data=ecomm_pagetype%3Dhome&frm=0&url=https%3A%2F%2Fdomko.stenik.cloud%2F&tiba=%D0%9E%D0%BD%D0%BB%D0%B0%D0%B9%D0%BD%20%D0%BC%D0%B0%D0%B3%D0%B0%D0%B7%D0%B8%D0%BD%20%D0%B7%D0%B0%20T%D0%B0%D0%BF%D0%B5%D1%82%D0%B8%20%7C%20%D0%9C%D0%BE%D0%BA%D0%B5%D1%82%D0%B8%20%7C%20%D0%9E%D1%81%D0%B2%D0%B5%D1%82%D0%B8%D1%82%D0%B5%D0%BB%D0%BD%D0%B8%20&async=1&fmt=3&is_vtc=1&cid=CAQSMACsnQUxXY1ty335Q-oZoc0Ng5sw4MqUyNqMK17x-s44kqDdqYuUavuzYHB3OESkVA&random=3010647948&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y connect.facebook.com connect.facebook.net facebook.com googleads.g.doubleclick.net www.google-analytics.com www.google.com/pagead/ www.google.bg/pagead/ www.facebook.com/tr/ maps.googleapis.com www.google.com/jsapi www.gstatic.com/charts/ ajax.cloudflare.com cloudflare.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com maps.gstatic.com *.gstatic.com *.googleapis.com https://images.unsplash.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com www.facebook.com graph.facebook.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com flagpedia.net 'self' data: *.facebook.com *.yotpo.com data: 'self' 'unsafe-inline'; connect-src stats.g.doubleclick.net dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io www.gstatic.com t.elasticsuite.io *.google-analytics.com analytics.google.com *.facebook.net https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; script-src www.googleadservices.com connect.facebook.com connect.facebook.net facebook.com googleads.g.doubleclick.net www.google-analytics.com www.google.com/pagead/ www.google.bg/pagead/ www.facebook.com/tr/ maps.googleapis.com www.google.com/jsapi www.gstatic.com/charts/ ajax.cloudflare.com cloudflare.com http://www.googleadservices.com&async=1&rfmt=3&fmt=4 assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com www.facebook.com graph.facebook.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.google.com *.avada.io https://www.googletagmanager.com tagmanager.google.com analytics.google.com *.facebook.net unpkg.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; 1 font-src fonts.googleapis.com fonts.gstatic.com *.fontawesome.com https://cdnjs.cloudflare.com *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.adyen.com *.instagram.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://plumrocket.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.trustpilot.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.adyen.com *.cdninstagram.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.instagram.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io https://cdnjs.cloudflare.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.google.com *.gstatic.com *.trustpilot.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline *.googleapis.com *.gstatic.com *.trustpilot.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com t.elasticsuite.io *.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.gstatic.com use.typekit.net fonts.googleapis.com *.klarnacdn.net *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.conforama.it *.flipsnack.com *.facebook.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com p.typekit.net www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io maps.googleapis.com maps.gstatic.com *.avis-verifies.com *.facebook.com https://*.google.com *.google.it *.klarna.com *.klarnaevt.com *.klarnacdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.iubenda.com *.zdassets.com *.youtube.com *.facebook.com *.facebook.net *.newrelic.com *.nr-data.net *.klarna.com *.klarnaservices.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com https://analytics.tiktok.com/ https://widgets.rr.skeepers.io/ https://ehatec.quest/ https://*.googletagmanager.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.iubenda.com *.klarnacdn.net *.fontawesome.com unsafe-inline tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.zendesk.com *.zdassets.com *.iubenda.com *.googleapis.com *.doubleclick.net *.nr-data.net *.newrelic.com *.demdex.net *.aptrinsic.com *.klarnaevt.com *.klarnaservices.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net https://analytics.tiktok.com/ https://pilotech.store/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co https://www.youtube.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wargaming.net *.tvsquared.com *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com *.redditstatic.com s.yimg.jp https://sc-static.net https://ob.cheqzone.com https://analytics.google.com https://www.google.com https://www.google.com.cy https://*.adform.net https://partner.worldoftanks.com https://*.wgcdn.co https://*.gcdn.co https://www.googleoptimize.com https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://www.googleadservices.com https://u360.d-bi.fr https://bat.bing.com https://connect.facebook.net https://googleads.g.doubleclick.net https://*.adroll.com https://*.addthis.com https://*.addthisedge.com https://tag.marinsm.com https://pixel-geo.prfct.co https://static.criteo.net https://stackadapt.com https://*.creative-serving.com https://*.criteo.com https://*.cloudfront.net https://js.gleam.io https://a1.adform.net https://ajax.googleapis.com https://www.youtube.com https://animate.adobe.com https://*.stackadapt.com https://pagead2.googlesyndication.com https://secure.quantserve.com https://rules.quantcount.com https://*.clarity.ms s.yimg.jp ; style-src 'self' 'unsafe-inline' *.wargaming.net https://fonts.googleapis.com https://*.wgcdn.co https://*.gcdn.co ; img-src 'self' data: android-webview-video-poster: * ; connect-src 'self' *.wargaming.net *.cookielaw.org *.onetrust.com *.outbrain.com *.snapchat.com s.yimg.jp https://sc-static.net https://ob.cheqzone.com https://analytics.google.com https://www.google.com wss://worldoftanks.ru wss://worldoftanks.eu wss://worldoftanks.asia wss://worldoftanks.com https://*.facebook.com https://www.googleoptimize.com https://*.addthis.com https://*.google-analytics.com https://*.analytics.google.com https://ymetrica1.com https://*.cloudfront.net https://google.com https://google.ru https://google.com.ua https://google.by https://google.pl https://*.doubleclick.net https://*.googleapis.com https://pagead2.googlesyndication.com https://*.clarity.ms s.yimg.jp https://collect.worldoftanks.asia ; font-src 'self' *.wargaming.net https://fonts.gstatic.com https://*.wgcdn.co https://*.gcdn.co ; media-src 'self' *.wargaming.net https://*.wgcdn.co https://*.gcdn.co ; frame-src 'self' *.wargaming.net https://tr.snapchat.com https://creativecdn.com https://*.adform.net https://*.facebook.com https://ad3.adfarm1.adition.com https://connect.facebook.net https://www.youtube.com https://bid.g.doubleclick.net https://*.criteo.com https://*.addthis.com https://gleam.io https://*.gcdn.co https://*.wgcdn.co https://aax-eu.amazon-adsystem.com ; object-src 'self' *.wargaming.net https://*.gcdn.co https://www.youtube.com ; report-uri https://cspreport.wargaming.net/cspreport 1 default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=show&source%5Bapp%5D=ShopifyAppStore&source%5Bcontroller%5D=merchant%2Fapp_details&source%5Buuid%5D=c876a810-e7c3-40bd-90cf-01acbcfcd311-1711591104 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.onlinegames22.com m.pgf-thzvvo.com *.googleapis.com play.gold88dragon.com update.82pgs3.com *.gstatic.com gameweb.rsgaming888.com lobby.gold88dragon.com m.pgf-thek63.com cdn.dcloud.net.cn wss://wss.m98tacc.com translate.google.com api-www.m98tamm.com www.recaptcha.net wbgame.bd33fgabh.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 frame-src 'self' https://static.addtoany.com https://*.youtube.com https://mastdata.com https://bhcc.maps.arcgis.com https://bhccportal.icasework.com https://*.infogram.com https://*.youtube-nocookie.com https://umap.openstreetmap.fr https://*.google.com https://avlive.apprenticeships.org.uk https://public.tableau.com https://player.vimeo.com https://www.facebook.com https://afs.googlesyndication.com https://www.ons.gov.uk https://*.adsensecustomsearchads.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://*.google-analytics.com https://bhccportal.icasework.com https://*.infogram.com https://*.google.com https://*.brighton-hove.gov.uk https://partner.googleadservices.com https://public.tableau.com https://use.fontawesome.com https://*.googleapis.com https://*.gstatic.com https://cdn.ons.gov.uk assets.pinterest.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://connect.facebook.net https://maps.googleapis.com https://platform.twitter.com https://polyfill-fastly.io https://polyfill.io https://stackpath.bootstrapcdn.com https://unpkg.com maps.google.com; frame-ancestors 'self'; report-uri https://www.brighton-hove.gov.uk/csp-report-uri/reportOnly 1 default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' ws: *.nexiuslearning.com *.google-analytics.com *.etitan.hu *.googletagmanager.com *.googleapis.com *.gstatic.com *.google.com *.bootstrapcdn.com *.extremenet.hu stats.g.doubleclick.net www.youtube-nocookie.com; report-uri https://etitancsp.azurewebsites.net/api/eTitanCSP; 1 frame-ancestors 'self'; report-uri https://www.ntnews.com.au/csp-reports 1 script-src 'unsafe-inline' 'unsafe-eval' cdn2.hubspot.net *.hubspot.com *.hubspotusercontent10.net js.hscollectedforms.net js.hsleadflows.net js.hs-scripts.com js.hsadspixel.net js.hs-analytics.net js.hs-banner.com js.hs-banner.net *.hsforms.net *.hsforms.com static.hsappstatic.net js.hubspotfeedback.com feedback.hubapi.com js.usemessages.com *.vidyard.com cdnjs.cloudflare.com cdnjs.cloudflare.com 10921146.fls.doubleclick.net plausible.io *.hotjar.com *.hotjar.io *.qualified.com bttrack.com *.googletagmanager.com *.force.com *.thycotic.com *.centrify.com *.bidr.io *.rlcdn.cm t.co *.twitter.com burly.io *.clickagy.com *.doubleclck.net *.zoominfo.com lltrck.com facebook.com *.facebook.net *.redditstatic.com *.linkedin.com *.licdn.com *.demandbase.com *.zoominfo.com 'strict-dynamic' 'nonce-N9fqI62fCLRYuQaEm0f/0Q=='; ; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: bam.nr-data.net js-agent.newrelic.com *.regence.com api-js.mixpanel.com *.googleapis.com maxcdn.bootstrapcdn.com beonbrand.getbynder.com alb.reddit.com id.rlcdn.com tags.srv.stackadapt.com jadserve.postrelease.com www.youtube.com use.typekit.net tags.tiqcdn.com *.pinterest.com *.doubleclick.net *.facebook.com *.gstatic.com *.online-metrix.net *.force.com www.redditstatic.com www.cambiahealthplanapis.com p.typekit.net *.serving-sys.com *.facebook.net www.google.com polyfill.io *.tealiumiq.com *.linkedin.com cdn.mxpnl.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 font-src 'self' data: fonts.gstatic.com *.flightio.com at.alicdn.com; frame-ancestors 'self' *.flightio.com; report-uri https://flightiorp.report-uri.com/r/d/csp/reportOnly; 1 font-src www.searchanise.com *.searchserverapi.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.searchanise.com *.searchserverapi.com *.twitter.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.searchanise.com *.searchserverapi.com *.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.twitter.com *.twimg.com www.google.ru www.searchanise.com *.searchserverapi.com s3.amazonaws.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.pagar.me searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com *.searchserverapi.com *.searchanise.com api.amplitude.com *.twitter.com *.twimg.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com www.searchanise.com *.searchserverapi.com searchanise-ef84.kxcdn.com s3.amazonaws.com *.twitter.com ton.twimg.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.pagar.me https://viacep.com.br https://www.viacep.com.br api.amplitude.com stats.g.doubleclick.net https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-75f54df720eb4011b281f694e59c4a4a' https://www.maisa.fi 'self' https://apomato.maisa.fi/matomo/matomo.js;img-src https://* 'self' blob: data:;connect-src 'self' https://apomato.maisa.fi/matomo/matomo.js https://apomato.maisa.fi/matomo/matomo.php;style-src https://www.maisa.fi 'self' 'unsafe-inline';form-action 'self' https://testi.apro.tunnistus.fi https://tunnistautuminen.suomi.fi https://www.terveyskyla.fi;media-src https://* 'self'; 1 default-src 'self';font-src 'self' data:; connect-src 'self' https://region1.google-analytics.com/g/ https://pagead2.googlesyndication.com/pcs/ https://csi.gstatic.com/ https://securepubads.g.doubleclick.net/pagead/ https://securepubads.g.doubleclick.net/gampad/ https://pagead2.googlesyndication.com/getconfig/ https://securepubads.g.doubleclick.net/pcs/ https://pagead2.googlesyndication.com/pagead/; img-src 'self' data: https://tpc.googlesyndication.com/simgad/ https://www.google.com/ads/measurement/ https://pagead2.googlesyndication.com/pagead/ https://googleads.g.doubleclick.net/pagead/interaction/; script-src 'self' https://www.googletagservices.com/activeview/js/current/ https://www.googletagmanager.com/gtag/ https://cdn.jsdelivr.net/npm/ https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/ https://tpc.googlesyndication.com/pagead/js/; frame-src 'self' https://securepubads.g.doubleclick.net/ https://tpc.googlesyndication.com/ https://www.google.com/ https://*.safeframe.googlesyndication.com/; style-src 'self' https://cdn.websitepolicies.io/lib/cookieconsent/ sha256-+aLPRy1XVSz3J4TB/q2GPhf14Z2bpiro19WK4oQJeKg= sha256-0MC35p+eS0qvYUz6lHA9LnfYiLiKhfTOglWIPjH5D8w= sha256-qYmbHlxTHA4tuhrYIiUGzy8pGe+z1JfZ07r86ElfSLY= sha256-HhdiwPT6NvHjIA9I6BIJ1crwfwF/RLkZ6B/Ne8+ViGY=; script-src-elem 'self' https://tpc.googlesyndication.com/sodar/ https://www.googletagmanager.com/gtag/ https://cdn.jsdelivr.net/npm/ https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/ https://tpc.googlesyndication.com/pagead/js/ https://www.googletagservices.com/activeview/js/current/ sha256-V0S+fmRK0Hmsobc2w0Z2CE32IjALvf5RquZuRauRFvU= sha256-v4iehfMPVAxwQ012LlsSWRHMyqeBE3Z9ENRn/I+Xk0M= sha256-69EwnDHWsQ4irmvEh17dq3FHd3y1igeNXNyY9vQBZkE= sha256-j9NAl2+a64GbwpZmf072Gq8I8ik8al+kl3m4a4K8pC4= sha256-ROmUPJM01pLcAVrlKZl897bPCvZZSvRYhpe/FO1GXbE= sha256-LtWaSvFUEWv7sOaPjVsol3KAfCaEN7BxF7aMl6FljMQ= sha256-LD7I/Iu6EmxMh65RLiHxRzj0Gp6Im9qBAI8o33lx7PY= sha256-sXHKixK4PZi7ib3RWc14e7OrIbXO4DOstMWP6YRDT5Y= sha256-5XvMNdq9U/5jwF9Z+i/86bWRZhtLqhI3nWa2aaBpDoY= sha256-xGvubHTdmgQTTWHO/V3KZf25US0DfKhLI4zdi5g1t9o= sha256-RVygF58q2xZ42y5zrYJuqc5VOcRNBL+bU32ZFahLSkI= https://cdn.websitepolicies.io/lib/cookieconsent/ sha256-JmouiLo6YM9zF29tAQ80x2LZp87+lxdvgPuTZQVJGeM= sha256-KDtgrxiynauc5ynvAQMhWdm2hK/Z8XCdxwEzsseDM50= sha256-KoZvlNi6WIlva5SMPsgkZKuz3pwSCUhpugmi7saPqak=; 1 default-src 'self' blob: https://staffbase.com https://s15952.pcdn.co; report-uri https://casper-de1.staffbase.com/report/staffbase.com; script-src 'report-sample' 'self' blob: 'unsafe-eval' 'unsafe-inline' https://*.google-analytics.com https://analytics.twitter.com https://bat.bing.com https://cdn.cookielaw.org https://cdn.linkedin.oribi.io/34930/ https://cdnjs.cloudflare.com/ajax/libs/dompurify/ https://connect.facebook.net https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.hubspot.com https://js.hscta.net https://*.hubspot.net https://*.hsforms.com https://googleads.g.doubleclick.net https://hackerone.com https://npmcdn.com/pikasso@4.2.0/build/umd.min.js https://pikasso-preview.bananatag.com https://j.6sc.co https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.hsforms.net https://*.hsleadflows.net https://*.qualified.com https://maps.googleapis.com https://okt.to/ping https://rum-static.pingdom.net https://snap.licdn.com https://static.ads-twitter.com https://static.oktopost.com/oktrk.js https://tagmanager.google.com https://tags.clickagy.com/data.js https://tracking.g2crowd.com https://ws.zoominfo.com https://www.gartner.com/reviews/public/Widget/js/widget.js https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://s15952.pcdn.co; font-src 'self' data: application/x-font-woff https://*.google-analytics.com https://cdn.getspeechify.com/hosted-fonts/GreycliffCF-*.woff2 https://fonts.staffbase.com https://www.gartner.com https://s15952.pcdn.co; img-src 'self' data: image/svg+xml https: https://s15952.pcdn.co; style-src https: 'self' 'unsafe-inline' 'report-sample'; connect-src https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat 'self' https://*.google-analytics.com https://*.pingdom.net https://*.ads.linkedin.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://aorta.clickagy.com/data https://api.ipstack.com https://app.qualified.com https://bat.bing.com https://*.6sc.co https://cdn.cookielaw.org https://cdn.linkedin.oribi.io/partner/34930/domain/staffbase.com/token https://*.hubapi.com https://js.hscta.net https://*.hsforms.com https://*.hubspot.com https://geolocation.onetrust.com https://hackerone.com https://hemsync.clickagy.com/external/hasHashes https://hubspot-forms-static-embed.s3.amazonaws.com https://*.6sc.co https://*.6sense.com https://*.hs-banner.com https://*.linkedin.oribi.io/event https://tracking.g2crowd.com https://privacyportal.onetrust.com https://secure.adnxs.com/getuidj https://staffbase-privacy-request.my.onetrust.com/request/v1/consentreceipts https://stats.g.doubleclick.net https://ws.zoominfo.com/pixel/collect https://www.facebook.com wss://app.qualified.com wss://ws.qualified.com https://s15952.pcdn.co; frame-src https:; media-src https:; frame-ancestors 'none'; object-src 'none'; 1 font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com d114hh0cykhyb0.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com google.com www.google.com *.google.com *.google.com.ua *.google.co.uk www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com superbrightleds.atlassian.net *.brevo.com sibautomation.com *.criteo.com *.nr-data.net *.trustpilot.com *.pinimg.com *.pinterest.com *.licdn.com *.linkedin.com *.facebook.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.google.com *.google.com.ua *.google.co.uk *.doubleclick.net https://www.magezon.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://redchamps.com maps.gstatic.com livehelpnow.net *.livehelpnow.net *.placeholder.com *.cloudfront.net *.trustkeeper.net *.trustwave.com *.digicert.com dis.criteo.com tags.bluekai.com secure.adnxs.com sync.ad-stir.com *.yahoo.com *.360yield.com *.3lift.com *.addthis.com *.adnxs.com *.adscale.de *.advertising.com *.agkn.com *.amazon-adsystem.com *.bbb.org *.bidswitch.net *.bing.com *.casalemedia.com *.clmbtech.com *.contextweb.com *.criteo.com *.demdex.net *.dmxleo.com matching.ivitrack.com *.krxd.net *.liadm.com mcprod.superbrightleds.com *.media.net exchange.mediavine.com partner.mediawallahscript.com *.omnitagjs.com *.outbrain.com *.postrelease.com *.pubmatic.com *.revcontent.com *.rlcdn.com *.rubiconproject.com *.sharethrough.com *.smaato.net *.socdm.com *.smartadserver.com *.stickyadstv.com *.taboola.com *.tapad.com *.teads.tv ad.tpmn.co.kr *.tremorhub.com *.turn.com *.yieldlab.net *.yieldmo.com *.zonos.com *.pinimg.com *.pinterest.com *.linkedin.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com polyfill.io *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com *.google.com *.google.com.ua *.google.co.uk *.googletagmanager.com *.doubleclick.net *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com superbrightleds.atlassian.net *.brevo.com sibautomation.com *.bugsnag.com *.digicert.com *.criteo.net *.newrelic.com *.criteo.com *.nr-data.net *.zonos.com *.trustpilot.com *.iglobalstores.com *.mixpanel.com *.mxpnl.com *.pinimg.com *.pinterest.com *.googleoptimize.com pageimprove.io *.licdn.com *.linkedin.com *.facebook.net *.livehelpnow.net *.luckyorange.com d10lpsik1i8c69.cloudfront.net *.bing.com *.maxmind.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.googleapis.com *.googletagmanager.com *.fontawesome.com d114hh0cykhyb0.cloudfront.net http://localhost:* *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.googleapis.com *.google.com https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.brevo.com *.bugsnag.com *.nr-data.net *.criteo.com *.zonos.com *.mixpanel.com *.doubleclick.net *.pinimg.com *.pinterest.com pageimprove.io *.facebook.com *.luckyorange.net *.mmapiws.com wss://www.superbrightleds.com:35729 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-QJ2QjNuT1IVIiIadXvkBpg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com media-wp.huntstand.com *.googlesyndication.com *.facebook.net static-tracking.klaviyo.com *.googleapis.com t.sharethis.com *.doubleclick.net assets.huntstand.com js.getlasso.co use.typekit.net a.klaviyo.com api.userway.org p.typekit.net cdn.userway.org app.huntstand.com c.ltmsphrcl.net buttons-config.sharethis.com vc.hotjar.io bat.bing.com data.stbuttons.click l.sharethis.com cdn77.api.userway.org *.gstatic.com lasso.link ka-p.fontawesome.com *.facebook.com platform-cdn.sharethis.com *.hotjar.com static.klaviyo.com platform-api.sharethis.com www.google-analytics.com sync.sharethis.com www.googletagmanager.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 img-src 'self' data: https://heapanalytics.com;default-src 'self';frame-ancestors 'self' *.emotiveapp.dev https://setup-shop.emotiveapp.co *.myshopify.com;style-src 'self' 'unsafe-inline' https://emotivecdn.io *.emotiveapp.dev fonts.googleapis.com;connect-src https://api.segment.io;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://emotivecdn.io *.emotiveapp.dev https://www.googletagmanager.com https://static.hotjar.com https://cdn4.mxpnl.com https://cdn.segment.com https://cdn.heapanalytics.com https://script.hotjar.com;font-src fonts.gstatic.com;frame-src https://vars.hotjar.com 1 frame-src 'self' https://www.google.com https://www.youtube.com https://vars.hotjar.com www.googletagmanager.com e.issuu.com *.recaptcha.net td.doubleclick.net; base-uri 'self'; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'report-sample' *.gosh.nhs.uk www.gosh.nhs.uk feeds.trac.jobs *.googletagmanager.com www.cqc.org.uk e.issuu.com 'nonce-d8oDEwBHZHOKL8Mg'; img-src 'self' data: *.gosh.nhs.uk *.google-analytics.com *.googletagmanager.com i.ytimg.com *.cqc.org.uk *.gstatic.com *.google.com stats.g.doubleclick.net feeds.trac.jobs https://static.trac.jobs static.trac.jobs healthjobsuk.com services.postcodeanywhere.co.uk dx4nr741tfc02.cloudfront.net www.healthjobsuk.com 'sha384-YephmBv2489Q13yLaARSHqhDtSlHeIs5DEiq8I1fyh4aQcG+nRoz5Y6eWndd5cVz' *.onetrust.com cdn-ukwest.onetrust.com script.hotjar.com www.google.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.com.ai www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.ms www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.vg www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.doubleclick.net www.google.co.uk https://analytics.google.com https://vc.hotjar.io https://in.hotjar.com https://content.hotjar.io https://csmetrics.hotjar.com metrics.hotjar.io wss://ws.hotjar.com surveystats.hotjar.io https://feeds.trac.jobs sentry.issuu.com stats.g.doubleclick.net translate.googleapis.com *.onetrust.com cdn-ukwest.onetrust.com adservice.google.com www.google.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.com.ai www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.ms www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.vg www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat; manifest-src 'self' *.gosh.nhs.uk; style-src 'self' 'report-sample' 'unsafe-inline' services.postcodeanywhere.co.uk fonts.googleapis.com feeds.trac.jobs www.cqc.org.uk www.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'report-sample' https://www.googletagmanager.com https://www.google.co.uk https://www.google.com https://feeds.trac.jobs feeds.trac.jobs 'nonce-d8oDEwBHZHOKL8Mg'; object-src 'none'; media-src 'self' gosh.shorthandstories.com cdn.plyr.io data: media.gosh.nhs.uk ssl.gstatic.com *.s3.amazonaws.com; font-src 'self' https://fonts.gstatic.com script.hotjar.com https://fonts.googleapis.com data:; default-src 'self' *.gosh.nhs.uk; report-uri https://o516378.ingest.sentry.io/api/5622733/security/?sentry_key=c5f8a650e74b48a889ccadeaa5014261&sentry_environment=production 1 font-src fonts.gstatic.com use.typekit.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.narvar.com *.narvar.qa data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.nosto.com *.nos.to *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.stripe.com stripe.com 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.nosto.com *.nos.to c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * photos.pixlee.co 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.narvar.com *.narvar.qa *.nosto.com *.nos.to www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.pixlee.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.nosto.com *.nos.to js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.pxlecdn.com *.pixlee.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.nosto.com *.nos.to unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.narvar.com *.narvar.qa 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.adobe.io performance.typekit.net *.sentry.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.nosto.com *.nos.to api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://inbound-analytics.pixlee.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-AVhNC8OTodUghJyQ9XAe6w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-uHF8DfiezSVLATtiowNRtg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *.americanmeadows.com *.privy.com *.richpanel.com *.ryzeo.com *.signifyd.com *.yotpo.com accounts.livechatinc.com analytics.tiktok.com api.livechatinc.com bam.nr-data.net bat.bing.com cdn-widgetsrepository.yotpo.com cdn.livechatinc.com cdn.richpanel.com cdn.statstrk01.com cdnapisec.kaltura.com chimpstatic.com connect.facebook.net ct.pinterest.com googleads.g.doubleclick.net js-agent.newrelic.com js-eu1.hs-analytics.net js-eu1.hs-banner.com js-eu1.hs-scripts.com js-eu1.hscollectedforms.net js-eu1.usemessages.com na-library.klarnaservices.com na-library.playground.klarnaservices.com s.pinimg.com secure.livechatinc.com static.hsappstatic.net static.trackedweb.net staticw2.yotpo.com www.clarity.ms www.facebook.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.youtube.com x.klarnacdn.net cdn.cookielaw.org code.jquery.com api.bluecore.com www.redditstatic.com siteassets.bluecore.com ui.powerreviews.com assets.pinterest.com americanmeadows.formstack.com static.formstack.com ajax.googleapis.com static.powerreviews.com dynamic.criteo.com snap.licdn.com sslwidget.criteo.com widget.us.criteo.com *.paypal.com *.wistia.com *.howuku.com *.jsdelivr.net *.criteo.com *.paypalobjects.com *.clarity.ms *.convertexperiments.com measurement-api.criteo.com display.powerreviews.com *.powerreviews.com *.corvuscro.com mjbeisch.github.io *.noibu.com *.highcountrygardens.com *.hotjar.com *.stripe.com; report-uri /.webscale/csp-report 1 base-uri 'self'; child-src 'self' https: http://localhost:* data: blob:; connect-src 'self' https: http://localhost:* wss: data: blob:; default-src 'none'; font-src 'self' https: http://localhost:* http://themes.googleusercontent.com data:; form-action 'self'; frame-ancestors 'self' https://app.eu.pendo.io; frame-src 'self' https: http://localhost:* data: blob:; img-src 'self' https: data: blob:; media-src 'self' https: data:; script-src 'self' https: http://localhost:* blob: 'unsafe-inline' 'unsafe-eval' 'report-sample'; style-src 'self' https: http://localhost:* data: 'unsafe-inline' 'report-sample'; worker-src 'self' blob:; report-uri https://linnworks17.report-uri.com/r/d/csp/reportOnly 1 script-src 'self' 'unsafe-inline' *.netlify.app https://ad.doubleclick.net https://api.usabilla.com https://apps.mypurecloud.de https://assets.adobedtm.com https://code.jquery.com/jquery-3.4.1.min.js https://connect.facebook.net https://googleads.g.doubleclick.net https://policy.app.cookieinformation.com https://px.ads.linkedin.com https://sc-static.net/sc-pixel-helper.min.js https://script.hotjar.com https://serve.albacross.com https://snap.licdn.com https://ssl.google-analytics.com/ga.js https://static.hotjar.com https://tdc.ladesk.com/scripts/track.js https://tdce.kontakt.tdc.dk https://translate.google.com https://translate.googleapis.com https://w.usabilla.com https://www.facebook.com https://www.google-analytics.com/analytics.js https://www.googleadservices.com https://www.googletagmanager.com https://www.youtube.com ; frame-ancestors https://app.contentful.com ; report-to csp-endpoint 1 object-src 'none';base-uri 'self';script-src 'nonce-hO4oBhvvB7R3d1E3gDOtkA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' bam.nr-data.net js-agent.newrelic.com tags.srv.stackadapt.com snap.licdn.com connect.facebook.net www.google-analytics.com www.googletagmanager.com googleads.g.doubleclick.net translate.googleapis.com prod.ally.ac a.omappapi.com a.opmnstr.com yoda.unifyed.com www.googleadservices.com js.adsrvr.org translate.google.com cdn01.basis.net translate-pa.googleapis.com cdn.gtranslate.net tags.srv.stackadapt.com *.google.com; style-src 'self' 'unsafe-inline' cloud.typography.com tags.srv.stackadapt.com a.omappapi.com prod.ally.ac translate.googleapis.com fonts.gstatic.com fonts.googleapis.com www.gstatic.com; img-src 'self' my.unifyed.com px.ads.linkedin.com www.gstatic.com www.facebook.com www.google.com pixel.sitescout.com www.google-analytics.com i.ytimg.com i.vimeocdn.com translate.google.com translate.googleapis.com fonts.gstatic.com ad.doubleclick.net; frame-src 'self' insight.adsrvr.org *.doubleclick.net www.youtube.com www.youtube-nocookie.com pixel.sitescout.com player.vimeo.com www.facebook.com; frame-ancestors 'self' insight.adsrvr.org *.doubleclick.net www.youtube.com www.youtube-nocookie.com pixel.sitescout.com player.vimeo.com www.facebook.com; child-src 'self' insight.adsrvr.org *.doubleclick.net www.youtube.com www.youtube-nocookie.com pixel.sitescout.com player.vimeo.com www.facebook.com; font-src 'self' themes.googleusercontent.com fonts.gstatic.com; connect-src 'self' cloud.typography.com tags.srv.stackadapt.com api.omappapi.com prod.ally.ac translate.googleapis.com yoda.unifyed.com www.google-analytics.com stats.g.doubleclick.net bam.nr-data.net play.google.com www.facebook.com https://px.ads.linkedin.com/wa/; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' hr2day-5629.my.salesforce-sites.com hcaptcha.com *.googleadservices.com googleads.g.doubleclick.net snap.licdn.com bat.bing.com www.redditstatic.com sc-static.net analytics.tiktok.com *.snapchat.com platform.twitter.com content.presspage.com *.unibuddy.co *.ipify.org *.hotjar.com *.windows.net *.customsearch.ai *.msecnd.net *.google.com *.googletagmanager.com *.google-analytics.com wss: *.linkedin.com *.facebook.net *.googleapis.com youtube.com *.youtube.com *.gstatic.com *.jsdelivr.net *.apple.com *.facebook.com *.mzstatic.com data:; img-src 'self' *.inholland.nl *.googletagmanager.com googleads.g.doubleclick.net *.presspage.com *.google-analytics.com *.youtube.com *.ytimg.com alb.reddit.com px.ads.linkedin.com www.google.com www.google.nl *.bing.com www.facebook.com data:; connect-src 'self' *.google-analytics.com *.hotjar.com *.visualstudio.com *.customsearch.ai *.doubleclick.net *.hotjar.io www.redditstatic.com *.snapchat.com analytics.pangle-ads.com analytics.tiktok.com px.ads.linkedin.com region1.analytics.google.com api.presspage.com bat.bing.com *.google.nl; style-src-elem 'self' 'unsafe-inline' content.presspage.com *.windows.net *.googleapis.com; font-src 'self' *.gstatic.com content.presspage.com; frame-src 'self' hr2day-5629.my.salesforce-sites.com *.youtube.com *.unibuddy.co *.google.com *.doubleclick.net *.snapchat.com platform.twitter.com www.facebook.com; frame-ancestors 'self'; report-uri https://cspreporter-inh.azurewebsites.net/api/CspReports 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: bpd.com.do detectca.easysol.net *.googleapis.com www.popularenlinea.com popularenlinea.com www.bpd.com.do *.baidu.com *.gstatic.com www.slant.co *.paypal.com cdn.honey.io www.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com kit.fontawesome.com connect.facebook.net cdn.polyfill.io code.jquery.com www.google-analytics.com ssl.google-analytics.com www.googleoptimize.com script.crazyegg.com cdn.syndication.twimg.com speedtest.cable.co.uk cdnjs.cloudflare.com maxcdn.bootstrapcdn.com widget.trustpilot.com s3.amazonaws.com cable.us4.list-manage.com admin.cable.co.uk services.xg4ken.com unpkg.com script.hotjar.com static.hotjar.com c5.adalyser.com plausible.io consent.cookiebot.com consentcdn.cookiebot.com localhost:3000; connect-src 'self' *.fontawesome.com api.addressy.com wss://ws.hotjar.com *.hotjar.com content.hotjar.io cable.us4.list-manage.com admin.cable.co.uk stats.g.doubleclick.net plausible.io localhost:3000; img-src 'self' data: *.cable.co.uk www.google.com www.googletagmanager.com www.google.co.uk www.google-analytics.com s1.2mdn.net ad.doubleclick.net stats.g.doubleclick.net gtrk.s3.amazonaws.com pbs.twimg.com code.jquery.com 19.xg4ken.com s3-eu-west-1.amazonaws.com pcf.tdscd.com c5.adalyser.com v2.crocdn.com 54tgglb8.tinifycdn.com imgsct.cookiebot.com; style-src 'self' 'unsafe-inline' code.jquery.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com admin.cable.co.uk pro.fontawesome.com localhost:3000; font-src 'self' *.fontawesome.com maxcdn.bootstrapcdn.com admin.cable.co.uk data: localhost:3000; object-src 'self' api.ookla.com fpdownload.adobe.com; frame-src 'self' widget.trustpilot.com vars.hotjar.com googleads.g.doubleclick.net consentcdn.cookiebot.com data:; child-src 'self' blob:; report-uri /csp-violation-report/ 1 object-src 'none';base-uri 'self';script-src 'nonce-rlEc6GP0nk-Fc5sZ5D50oQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-wB-6J5sAdxHwhVal7TCrbg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-ZcJEaxX3OSgORrumMynD-A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self'; block-all-mixed-content; script-src 'report-sample' 'unsafe-eval' 'unsafe-inline' 'self' https://tags.srv.stackadapt.com https://browser.sentry-cdn.com https://cdn.mxpnl.com https://cdn.segment.com https://optimizely.bluevine.com https://static.ads-twitter.com https://www.google-analytics.com https://www.youtube.com https://cdn.cookielaw.org; style-src 'report-sample' 'unsafe-inline' 'self' https://tags.srv.stackadapt.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://bluevinecorp.wpengine.com https://analytics.google.com https://bat.bing.com https://errors.client.optimizely.com https://logx.optimizely.com https://tags.srv.stackadapt.com https://pagestates-tracking.crazyegg.com https://tracking.crazyegg.com https://cdn.cookielaw.org https://www.google.com https://www.google.co.il https://adservice.google.com https://geolocation.onetrust.com https://api-js.mixpanel.com https://api.segment.io https://cdn.segment.com https://stats.g.doubleclick.net; font-src 'self' data:; frame-src 'self' https://www.youtube.com; img-src 'self' https://bluevinecorp.wpengine.com https://www.facebook.com https://bat.bing.com https://cdn.cookielaw.org https://www.google.com https://www.google.co.il data: https://d33wubrfki0l68.cloudfront.net https://www.bluevine.com https://www.google-analytics.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; report-uri https://o208526.ingest.sentry.io/api/4506949755535360/security/?sentry_key=f3d0369c5743e55b5ed8ace14b8766da&sentry_environment=prod-corp-new&sentry_release=beta; 1 default-src 'self';connect-src 'self' https://analytics.majestic.com https://analytics.majesticseo.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.analytics.google.com https://*.googletagmanager.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.majesticseo.com https://analytics.majestic.com https://info.majestic.com https://*.googletagmanager.com www.google-analytics.com https://www.googleadservices.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://platform.twitter.com/;style-src 'self' 'unsafe-inline';img-src 'self' data: https:;font-src 'none';object-src 'none';media-src 'none';frame-src www.openstreetmap.org www.youtube.com https://www.youtube-nocookie.com/ https://player.vimeo.com/ https://www.google.com/recaptcha/ https://platform.twitter.com/ https://player.captivate.fm/ https://syndication.twitter.com/;child-src www.openstreetmap.org www.youtube.com https://www.google.com/recaptcha/ https://platform.twitter.com/ https://syndication.twitter.com/;frame-ancestors https://docs.google.com https://*.googleusercontent.com;report-uri /csp/report 1 object-src 'none';base-uri 'self';script-src 'nonce-DheyEMlTDzb9xobhy-wX5g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=show&source%5Bapp%5D=ShopifyAppStore&source%5Bcontroller%5D=merchant%2Fapp_details&source%5Buuid%5D=9cff948f-4270-4be1-b839-3f97ccd53015-1711588329 1 default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.adobedtm.com *.amazon-adsystem.com *.appdemostore.com *.atdmt.com *.avocet.io *.blubrry.com *.clicktale.net *.craftyclicks.co.uk *.doubleclick.net *.everesttech.net *.facebook.com *.facebook.net *.fca.org.uk *.google.co.uk *.google.com *.googleadservices.com *.jwpcdn.com *.liveperson.net *.linkedin.com *.lpsnmedia.net *.neolane.net *.omguk.com *.omtrdc.net *.pinimg.com *.pinterest.com *.raptmedia.com *.rbos.com *.rbs.co.uk *.rbs.com *.rbsdigital.com *.supportcentre-rbs.co.uk *.snapchat.com *.userzoom.com *.youtube.com *.ytimg.com analytics.twitter.com api.swiftype.com dcs.demdex.net dpm.demdex.net fast.demdex.net fast.rbs.demdex.net jwpltx.com rbs.demdex.net sc-static.net search-rbs.co.uk *.qumucloud.com static.ads-twitter.com t.co www.brightedge.com;https://public.tableau.com; upgrade-insecure-requests; report-uri https://rbspersonal.report-uri.com/r/t/csp/reportOnly 1 block-all-mixed-content; report-uri https://tanp.report-uri.com/r/d/csp/reportOnly 1 block-all-mixed-content; default-src 'none'; base-uri 'self'; child-src mc.yandex.ru mc.yandex.com blob:; connect-src 'self' tomesto.ru api.tomesto.ru wss://api.tomesto.ru https://gcdn.tomesto.ru https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ru *.bugsnag.com mc.yandex.ru mc.yandex.by mc.yandex.com mc.yandex.md mc.yandex.kz suggestions.dadata.ru *.nr-data.net https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com ; font-src 'self' fonts.gstatic.com data:; form-action 'self'; img-src 'self' https: data: blob:; manifest-src 'self'; media-src 'self' tomesto.ru *.tomesto.ru; object-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' tomesto.ru *.tomesto.ru https://*.googletagmanager.com d2wy8f7a9ursnm.cloudfront.net mc.yandex.ru mc.yandex.com https://js-agent.newrelic.com *.nr-data.net 'nonce-86SckahRVbzQiv98dHtbyg=='; style-src 'self' 'unsafe-inline' tomesto.ru *.tomesto.ru fonts.googleapis.com; worker-src blob:; report-uri https://api.tomesto.ru/csp_report 1 default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-c06b72feb47046659d858997ab26d056' https://www.mylvhn.org 'self';img-src https://* 'self' blob: data:;style-src https://www.mylvhn.org 'self' 'unsafe-inline';form-action 'self';media-src https://* 'self'; 1 frame-ancestors 'self';block-all-mixed-content;default-src 'self';script-src 'self' 'report-sample' 'unsafe-inline' https://cdnjs.cloudflare.com https://cdn.polyfill.io https://cb-tsc.linz.at https://m.youtube.com https://stats.linz.at https://unpkg.com https://www.etermin.net https://www.youtube.com;style-src 'self' 'report-sample' 'unsafe-inline' cdnjs.cloudflare.com openlayers.org unpkg.com;object-src 'none';frame-src 'self' *.youtube.com www.etermin.net www.youtube-nocookie.com;child-src 'self' www.youtube.com;img-src 'self' data: *.wien.gv.at *.ytimg.com *.youtube.com cdnjs.cloudflare.com unpkg.com;font-src 'self' cdnjs.cloudflare.com cb-tsc.linz.at unpkg.com;connect-src 'self' *.linz.at cdnjs.cloudflare.com maps.wien.gv.at noembed.com;manifest-src 'self';base-uri 'self';form-action 'self';media-src 'self';prefetch-src 'self';worker-src 'self'; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.akamaihd.net *.gstatic.com *.bluecrossmn.com bam.nr-data.net *.qualtrics.com pnapi.invoca.net api.stellahealth.net unpkg.com s.gravatar.com api.iperceptions.com js-agent.newrelic.com solutions.invocacdn.com metrics.brightcove.com universal.iperceptions.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 default-src blob: 'self' ;script-src data: blob: 'self' 'unsafe-inline' 'unsafe-eval' *.r42tag.com https://admin.relay42.com analytics.interpolis.nl *.mopinion.com *.interpolis.nl az416426.vo.msecnd.net analytics.twitter.com www.google-analytics.com static.ads-twitter.com www.googleoptimize.com www.googletagmanager.com *.doubleclick.net *.googleadservices.com https://googleads.g.doubleclick.net opzeggen.nl www.opzeggen.nl cdn.harvest.graindata.com widget.greenonline.nl http://*.hotjar.com https://*.hotjar.com https://js.arcgis.com https://*.hotjar.io http://*.hotjar.io *.pingvp.com tpc.googlesyndication.com *.visualwebsiteoptimizer.com app.vwo.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com fast.fonts.net js.arcgis.com widget.greenonline.nl *.pingvp.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com;img-src data: 'self' *.pingvp.com *.google-analytics.com www.google.com https://t.co/i/adsct www.googletagmanager.com https://i.ytimg.com/ img.youtube.com services.arcgisonline.com server.arcgisonline.com www.google.nl interpolis.imgix.com js.arcgis.com fls.doubleclick.net interpolis.imgix.net https://script.hotjar.com https://analytics.twitter.com https://ad.doubleclick.net https://googleads.g.doubleclick.net *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com;font-src data: 'self' *.pingvp.com fonts.gstatic.com js.arcgis.com widget.greenonline.nl https://script.hotjar.com;connect-src 'self' *.pingvp.com *.mopinion.com *.interpolis.nl dc.services.visualstudio.com *.google-analytics.com https://www.opzeggen.nl interpolis.imgix.net controle.achmea.consentmonitor.nl https://*.hotjar.io wss://*.hotjar.com services.arcgisonline.com adservice.google.com geocode.arcgis.com https://ad.doubleclick.net *.visualwebsiteoptimizer.com app.vwo.com;media-src 'self' *.pingvp.com *.interpolis.nl;object-src 'self' *.pingvp.com;child-src 'self' blob: t.svtrd.com youtube-nocookie.com www.youtube-nocookie.com *.doubleclick.net *.hotjar.com e.interpolis.nl widgets.bnr.nl www.youtube.com art19.com tpc.googlesyndication.com app.vwo.com formulier.interpolis.nl;frame-ancestors 'self' www.youtube-nocookie.com youtube-nocookie.com *.doubleclick.net e.interpolis.nl https://vars.hotjar.com tpc.googlesyndication.com app.vwo.com *.visualwebsiteoptimizer.com;form-action 'self' t.svtrd.com https://transaction.acceptemail.com;manifest-src 'self' t.svtrd.com *.interpolis.nl broker.nxtid.nl;block-all-mixed-content;report-uri https://interpolis.ams.report-uri.com/r/t/csp/reportOnly; 1 child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://player.vimeo.com https://www.youtube.com https://www.zenaps.com https://ln-rules.rewardstyle.com https://*.akamaihd.net https://*.translate.naver.net https://recaptcha.net https://tr.snapchat.com https://www.shoplooks.com https://www.pinterest.com https://dekopay.preprod.k8s.dekopay.org https://pay.deko.finance https://gum.criteo.com blob: https://tr6.snapchat.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.googleapis.com https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://www.shoplooks.com https://ct.pinterest.com https://tr.snapchat.com https://*.contentsquare.net https://*.criteo.com https://analytics.tiktok.com https://www.mybag.com/e2/ds/relay https://horizon-api.www.mybag.com/graphql https://*.ingest.sentry.io https://s1.thcdn.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://m.mybag.com https://checkout.mybag.com https://www.mybag.com https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://remote.captcha.com https://seal.digicert.com https://ssl.bing.com https://ln-rules.rewardstyle.com https://*.baidu.com https://recaptcha.net https://*.akamaihd.net https://*.sciencebehindecommerce.com https://static.shoplooks.com https://slooks.top https://slooks.me https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://s.pinimg.com https://*.contentsquare.net https://app.contentsquare.com https://static.criteo.net https://*.criteo.com https://assets.dekopay.com https://analytics.tiktok.com https://*.ibytedtos.com https://tr.snapchat.com https://s1.thcdn.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.shoplooks.com https://static.shoplooks.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://s1.thcdn.com; upgrade-insecure-requests; report-to report-endpoint; 1 font-src fonts.gstatic.com use.typekit.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net * plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com unpkg.com commerce.adobedtm.com assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.fontawesome.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io p13n.adobe.io p13n-mr.adobe.io * plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com commerce.adobedtm.com commerce.adobedc.net *.snplow.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cl.avis-verifies.com *.googleapis.com *.gstatic.com tag.aticdn.net maxcdn.bootstrapcdn.com static.addtoany.com logs1412.xiti.com cdnjs.cloudflare.com www.googletagmanager.com cdn.cookielaw.org ws.facil-iti.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com https://fonts.gstatic.com cdn1.stamped.io stamped.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com maxcdn.bootstrapcdn.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.twitter.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com www.googletagmanager.com cdn.stamped.io static.addtoany.com *.cookiebot.com *.doubleclick.net consentcdn.cookiebot.com bat.bing.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net cdn1.stamped.io stamped.io *.google.com *.googletagmanager.com mageside.com flagpedia.net cdn.stamped.io www.ojrq.net *.clarity.ms *.bing.com *.cookiebot.com help.gardeningexpress.co.uk/ www.google.de www.google.co.uk bat.bing.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io chimpstatic.com downloads.mailchimp.com *.list-manage.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com cdn1.stamped.io stamped.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com connect.facebook.net *.googletagmanager.com *.googleadservices.com maps.googleapis.com cdn.stamped.io static.addtoany.com *.cookiebot.com *.clarity.ms bam.nr-data.net cdn.jsdelivr.net *.impactcdn.com *.newrelic.com consent.cookiebot.com ajax.googleapis.com bat.bing.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com cdn1.stamped.io stamped.io maxcdn.bootstrapcdn.com *.addtoany.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com cdn1.stamped.io stamped.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io https://gardeningexpress.us12.list-manage.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com cdn1.stamped.io stamped.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net http://dpm.demdex.net www.gstatic.com maps.googleapis.com cdn.stamped.io static.addtoany.com *.cookiebot.com *.clarity.ms bam.nr-data.net cdn.jsdelivr.net *.impactcdn.com pagead2.googlesyndication.com gardeningexpress.pxf.io *.doubleclick.net *.google.com bat.bing.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src bat.bing.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.demdex.net www.google.com www.google.co.uk www.inntopia.travel api.omappapi.com www.tremblant.ca v2.mtnfeed.com cams.mtnfeed.com analytics.google.com bat.bing.com *.clarity.ms session-replay.browser-intake-us3-datadoghq.com region1.analytics.google.com *.youtube-nocookie.com api.mapbox.com c4fyt.tremblant.ca api.trustyou.com *.doubleclick.net www.google.com.mx *.gstatic.com tremblantwebcams.com aws-cdn.inntopia.com *.facebook.com coupedumonde.tremblant.ca use.typekit.net engagefront.theweathernetwork.com events.mapbox.com www.youtube.com mtnpowder.com www.google.fr vicomap-cdn.resorts-interactive.com 65b80e0ba474e800088c0c12--heuristic-pare-aa03ec.netlify.app 65f36ba4407d71000885ad04--heuristic-pare-aa03ec.netlify.app cdn.inbenta.io www.google-analytics.com *.facebook.net golf.tremblant.ca www.pages08.net 655264f0813f72000819adf1--heuristic-pare-aa03ec.netlify.app assets.adobedtm.com rum.browser-intake-us3-datadoghq.com api-gcu1.inbenta.io *.omtrdc.net www.googletagmanager.com assets.pxlecdn.com p.typekit.net assets.pixlee.com streaming.tremblant.ca images.inntopia.com img.youtube.com cookies.alterramtnco.com adservice.google.com a.opmnstr.com *.everesttech.net www.google.ca www.sc.pages08.net dashboard.engagefront.com www.datadoghq-browser-agent.com photos.pixlee.co sdk.inbenta.io a.omappapi.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.googleapis.com https://www.google-analytics.com https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com *.google.com https://*.google.com *.googleusercontent.com https://*.ggpht.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://*.gstatic.com https://*.googleadservices.com http://s3.amazonaws.com https://snap.licdn.com https://connect.facebook.net www.facebook.com https://static.hotjar.com https://script.hotjar.com http://*.tiqcdn.com https://pageimprove.io https://*.linkedin.com https://partenamut.activehosted.com https://*.tealiumiq.com https://*.youtube.com https://*.decibelinsight.net https://wurfl.io https://bat.bing.com https://*.googlesyndication.com https://*.teads.tv https://www.clarity.ms/ https://dev.visualwebsiteoptimizer.com; style-src 'unsafe-inline' 'self' https://*.googleapis.com https://fonts.googleapis.com https://optimize.google.com https://unpkg.com https://script.hotjar.com https://static.hotjar.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.google.com *.googleusercontent.com https://*.google.be https://*.google-analytics.com https://googleads.g.doubleclick.net https://*.linkedin.com https://*.partenamut.be https://*.facebook.com https://dummyimage.com https://placehold.co https://www.googletagmanager.com http://www.w3.org/2000/svg https://*.tealiumiq.com https://s535jira.mutworld.be https://flagcdn.com https://script.hotjar.com https://static.hotjar.com https://bat.bing.com https://ad.doubleclick.net https://*.teads.tv https://dev.visualwebsiteoptimizer.com data:; frame-src 'self' *.google.com https://optimize.google.com https://vars.hotjar.com/ https://*.youtube.com https://*.partenamut.be https://cloud.cavai.com/ www.facebook.com https://idp.iamfas.belgium.be/ https://td.doubleclick.net/ https://fledge.teads.tv/; font-src 'self' https://fonts.gstatic.com https://script.hotjar.com; object-src 'self' data: 'unsafe-eval'; media-src 'self'; child-src 'self'; form-action 'self'; frame-ancestors 'self'; base-uri 'self'; navigate-to *; connect-src 'self' https://*.cloud.es.io https://*.googleapis.com *.google.com https://*.google.com https://*.google.com https://*.gstatic.com https://*.google-analytics.com https://*.facebook.com https://*.linkedin.oribi.io https://*.hotjar.io https://*.hotjar.com https://pageimprove.io https://*.tealiumiq.com https://*.decibelinsight.net wss://*.hotjar.com https://*.cloud.es.io https://bat.bing.com https://*.linkedin.com https://*.googlesyndication.com wss://*.decibelinsight.net https://wurfl.io https://*.g.doubleclick.net https://*.teads.tv https://*.clarity.ms/ https://dev.visualwebsiteoptimizer.com data: blob:; worker-src 'self' blob:; 1 default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://code.jquery.com/ui/ https://*.crisp.chat/ https://src.mastercard.com/srci/integration/components/; script-src 'self' 'unsafe-eval' 'nonce-mN2/FTuVTWqfT5gGrcOH3Q==' https://js.stripe.com/ https://g.stripe.com/ https://hosted.paysafe.com/request/ https://ajax.cloudflare.com https://cdnjs.cloudflare.com/ajax/libs/moment.js/ https://cdn.webrtc-experiment.com/DetectRTC.min.js https://code.jquery.com/ui/ https://*.crisp.chat/ https://maps.googleapis.com/maps/api/ https://www.google.com/recaptcha/api.js https://www.datadoghq-browser-agent.com/datadog-logs-us.js https://www.datadoghq-browser-agent.com/datadog-rum-us.js https://www.datadoghq-browser-agent.com/datadog-rum-v4.js https://www.google-analytics.com http://stats.pusher.com/timeline/v2/jsonp/ https://cdn.onesignal.com/ https://onesignal.com/api/v1/sync/ https://src.mastercard.com/ https://secure.checkout.visa.com/checkout-widget/resources/js/ https://qwww.aexp-static.com/akamai/remotecommerce/scripts/ https://webapp.src.discover.com/websdk/ https://content.discovercard.com/ https://js.verygoodvault.com/vgs-collect/ https://www.datadoghq-browser-agent.com/datadog-logs-v4.js; font-src 'self' https://fonts.gstatic.com https://client.crisp.chat/; img-src 'self' data: https://img.gotab.io/ https://static.gotab.io/ https://s3.amazonaws.com/gotabpublic/ https://s3.amazonaws.com/gotabpublic/ https://*.crisp.chat/ https://maps.gstatic.com/ https://maps.googleapis.com/maps/ https://www.google-analytics.com https://i.vimeocdn.com/video/ https://src.mastercard.com/srci/integration/ https://content.discovercard.com/ https://*.untappd.com/ https://checkoutshopper-live.adyen.com/checkoutshopper/images/ https://checkoutshopper-live-us.adyen.com/ https://*.googleapis.com https://gotabpublic.s3.amazonaws.com/; media-src 'self' data: https://s3.amazonaws.com/gotabpublic/ https://gotabpublic.s3.amazonaws.com/; frame-src 'self' https://js.stripe.com/ https://metabase.gotab.io/ https://www.google.com/ https://js.verygoodvault.com/vgs-collect/ https://content.discovercard.com/ https://src.mastercard.com/ https://srcdcf.americanexpress.com/ https://secure.checkout.visa.com/checkout-widget/ https://checkoutshopper-live.adyen.com/ https://checkoutshopper-live-us.adyen.com/; connect-src 'self' https://rum.gotab.io/ https://*.crisp.chat/ wss://client.relay.crisp.chat/ https://hosted.paysafe.com/request/api/ https://api.paysafe.com/request/api/ https://api.paysafe.com/request/api/v1/ https://checkoutshopper-live.adyen.com/checkoutshopper/ https://checkoutshopper-live-us.adyen.com/ https://*.logs.datadoghq.com/ https://*.browser-intake-datadoghq.com/ *.verygoodvault.com *.verygoodproxy.com https://maps.googleapis.com/maps/api/ https://cloud.handpoint.io/ ws://ws-mt1.pusher.com/app/ https://www.google-analytics.com https://vimeo.com/api/ https://vgs-collect-keeper.apps.verygood.systems/vgs https://*.mastercard.com/ https://*.aexp-static.com/ https://*.americanexpress.com/ https://*.visa.com/ https://*.staticv.me/ https://*.discover.com/ https://*.discovercard.com/ https://content.discovercard.com/ https://src.apis.discover.com/sdk/ https://www.google.com/maps/conversion/collect https://*.googleapis.com; worker-src 'self' blob: 1 object-src 'none';base-uri 'self';script-src 'nonce-HYWQu2DuU6LUkuNrevEgGw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: cdn.elev.io *.klarnacdn.net maxcdn.bootstrapcdn.com https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com 'self' connect.facebook.net graph.facebook.com business.facebook.com test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com cdn.consentmanager.net *.hotjar.com www.facebook.com https://www.googletagmanager.com/ *.klarna.com connect.facebook.net graph.facebook.com business.facebook.com test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net data: *.gstatic.com *.googleapis.com validate.fishpig.co.uk *.googletagmanager.com fonts.gstatic.com *.consentmanager.net t.ssl.ak.dynamic.tiles.virtualearth.net r.bing.com www.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.klarna.com *.klarnaevt.com *.klarnacdn.net connect.facebook.net graph.facebook.com business.facebook.com test.saferpay.com www.saferpay.com saferpay.com https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ jsd-widget.atlassian.com *.plugins.emarsys.net *.scarabresearch.com *.googletagmanager.com *.google-analytics.com *.googleoptimize.com *.consentmanager.net ecn.dev.virtualearth.net dev.virtualearth.net www.bing.com t.ssl.ak.dynamic.tiles.virtualearth.net connect.facebook.net *.hotjar.com cdn.elev.io messenger.dixa.io *.sovendus.com www.sovendus-benefits.com www.sovendus-campaign.com www.sovendus-connect.com www.sovendus-network.com www.zeitung-direkt.de http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.klarna.com *.klarnacdn.net *.klarnaservices.com www.facebook.com graph.facebook.com business.facebook.com test.saferpay.com www.saferpay.com saferpay.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googletagmanager.com *.bing.com css/light.theme.css *.klarnacdn.net maxcdn.bootstrapcdn.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com m2test.hagel-shop.de www.hagel-shop.de http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io *.googleapis.com jsd-widget.atlassian.com api-private.atlassian.com *.scarabresearch.com *.eservice.emarsys.net *.google-analytics.com stats.g.doubleclick.net maps.googleapis.com www.bing.com *.hotjar.com wss://wsp30.hotjar.com/ *.hotjar.io *.elev.io http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com test.saferpay.com www.saferpay.com saferpay.com *.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src test.saferpay.com www.saferpay.com saferpay.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 script-src 'strict-dynamic' 'unsafe-inline' https: 'nonce-3e755fdf11827afbe2d544be82094c33';object-src 'none';base-uri 'none';frame-src 'self' https://audio.patronite.pl https://paywall.imoje.pl https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://wchat.freshchat.com https://*.webpush.freshchat.com https://www.youtube.com https://youtube.com https://youtu.be https://www.youtube-nocookie.com https://youtube-nocookie.com https://www.facebook.com https://open.spotify.com/embed/ https://podcasters.spotify.com/pod/show/ https://td.doubleclick.net;report-uri https://o160244.ingest.sentry.io/api/1798165/security/?sentry_key=22e91a43970d40cdae6153ad3feb9951 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleadservices.com https://*.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.googleadservices.com https://*.youtube.com https://*.facebook.com https://*.facebook.net https://*.bbb.org https://*.adsrvr.org https://*.unpkg.com https://*.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://*.bbb.org; report-uri https://reports.csrtech.support/wp-json/api/v1/reports/; report-to default 1 object-src 'none';base-uri 'self';script-src 'nonce-QE6V0SwrWJSH7UestslN9Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-mlyr266eLPvVg7xUNP2v9w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: consent-api.service.consent.usercentrics.eu app.usercentrics.eu www.sonepar.com www.google.com *.linkedin.com api.usercentrics.eu uct.service.usercentrics.eu ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 object-src 'none'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://js-agent.newrelic.com cdnjs.cloudflare.com https://ws.sharethis.com mdbootstrap.com stackpath.bootstrapcdn.com; script-src-attr 'self' 'unsafe-inline'; style-src 'self' fonts.googleapis.com mdbootstrap.com stackpath.bootstrapcdn.com use.fontawesome.com; style-src-attr 'self'; frame-ancestors 'self' 1 object-src 'none';base-uri 'self';script-src 'nonce-_xn8DWbsg-kg57W5NtWSUQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-DXvsqwyURxP5ZkVpEedryA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 connect-src 'self' ws:; default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 1 default-src 'unsafe-inline' 'unsafe-eval' * data: blob: 1 default-src 'self' 'unsafe-inline'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src https: 'self' 'unsafe-inline'; 1 base-uri 'self';connect-src https://*.go-mpulse.net https://*.akstat.io 'self' https: *.sentry.io *.amplitude.com *.care.com *.carezen.net *.signalfx.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net font.google.com analytics.google.com tagmanager.google.com www.google.com https://*.hotjar.com https://vc.hotjar.io https://content.hotjar.io https://events.hotjar.io https://surveystats.hotjar.io wss://*.hotjar.com https://geolocation.onetrust.com;default-src 'self' wss://*.care.com *.care.com *.careapis.com *.carezen.net *.cdn-care.com care.com cdn-care.com www.gstatic.com www.google.com *.googlesyndication.com tags.tiqcdn.com tags-eu.tiqcdn.com tk.getwork.com tr.snapchat.com shareasale.com *.doubleclick.net apps.rokt.com bid.g.doubleclick.net tags.w55c.net *.linkedin.com www.pinterest.com carecom.sjv.io staging-pt.ispot.tv ct.pinterest.com;font-src 'self' data: https://www.care.com https://www.dev.carezen.net https://www.stg.carezen.net fonts.gstatic.com https://script.hotjar.com;frame-ancestors 'self';img-src data: blob: *;object-src 'none';script-src https://*.go-mpulse.net 'nonce-e9e2ff9a24ee287f402a70fe48949e31' 'self' *.akamaihd.net *.care.com *.careapis.com *.carezen.net *.cdn-care.com *.cloudfront.net *.googlesyndication.com *.sift.com *.monetate.net acsbapp.com analytics.tiktok.com apps.rokt.com bat.bing.com care.com cdn-care.com cdn.pdst.fm connect.facebook.net d.impactradius-event.com googleads.g.doubleclick.net maps.googleapis.com s.pinimg.com ssl.google-analytics.com tags-eu.tiqcdn.com tags.tiqcdn.com wss://*.care.com www.emjcd.com www.google-analytics.com www.google.com www.googleadservices.com *.googletagmanager.com www.gstatic.com tr.outbrain.com tags.w55c.net clarity.ms staging-pt.ispot.tv tracker.mnixdata.com *.mountain.com tagmanager.google.com s.go-mpulse.net collector-12308.tvsquared.com js.adsrvr.org https://static.hotjar.com https://script.hotjar.com https://cdn.cookielaw.org https://dev.visualwebsiteoptimizer.com 'nonce-d3fb4b2385e48e376d2c071bf85791e4' 'strict-dynamic';frame-src 'self' alchemy.veriff.com www.google.com recaptcha.google.com bid.g.doubleclick.net 12355078.fls.doubleclick.net s.go-mpulse.net carecom.sjv.io apps.rokt.com tr.snapchat.com 3239339.fls.doubleclick.net https://vars.hotjar.com insight.adsrvr.org https://www.youtube.com/ https://ots2-qa.learningcaregroup.com/ScheduleATour/ https://ots2.learningcaregroup.com/ScheduleATour/ td.doubleclick.net;style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.google.com https://static.hotjar.com https://script.hotjar.com https://cdn.cookielaw.org 'nonce-d3fb4b2385e48e376d2c071bf85791e4';style-src-attr 'self' 'unsafe-inline' tags.tiqcdn.com tags-eu.tiqcdn.com bat.bing.com;upgrade-insecure-requests;report-uri https://o466311.ingest.sentry.io/api/6004104/security/?sentry_key=2c284ff228ac4d0e8b8ad9ea17497eee&sentry_release=hp-vhp-mfe%401.253.0&sentry_environment=prod 1 object-src 'none';base-uri 'self';script-src 'nonce-qm2HqSDg_YAaz1KarLPT7w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 upgrade-insecure-requests; default-src 'self' https: data: wss: 'unsafe-inline' 'unsafe-eval'; 1 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; media-src https: http: rtsp: rtmp: data:; report-uri /csp-report 1 font-src fonts.gstatic.com use.typekit.net *.klarnacdn.net *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.klarna.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com td.doubleclick.net app.usercentrics.eu *.outtra.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://img.youtube.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: www.vaude.com vaude.localhost https://vaude.localhost/ www.google.de app.usercentrics.eu uct.service.usercentrics.eu data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.klarna.com *.klarnacdn.net *.klarnaservices.com s7.addthis.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.google.com *.gstatic.com analytics.vaude.com js-agent.newrelic.com vaude.matomo.cloud app.usercentrics.eu api.usercentrics.eu graphql.usercentrics.eu privacy-proxy.usercentrics.eu cdn.matomo.cloud cdn.scarabresearch.com static.scarabresearch.com webchannel-content.eservice.emarsys.net https://cdn.tailwindcss.com https://vaude.homepagerecruiter.de *.outtra.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.klarnacdn.net unsafe-inline *.googleapis.com *.gstatic.com *.outtra.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com t.elasticsuite.io *.google-analytics.com analytics.vaude.com bam.nr-data.net pagead2.googlesyndication.com vaude.matomo.cloud app.usercentrics.eu api.usercentrics.eu graphql.usercentrics.eu privacy-proxy.usercentrics.eu aggregator.service.usercentrics.eu consent-api.service.consent.usercentrics.eu cdn.matomo.cloud cdn.scarabresearch.com static.scarabresearch.com webchannel-content.eservice.emarsys.net *.outtra.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 base-uri 'self'; default-src 'self'; connect-src 'self' https://score.juicyscore.com https://www.google-analytics.com https://stats.g.doubleclick.net https://mc.yandex.ru https://stage.dev.digido.ph https://digido.ph https://static.site-chat.me wss://stage.dev.digido.ph wss://digido.ph data:; script-src 'sha256-yHhryBadFg4E9pHB0IbpY3AalkEKnUQPIhOtndp/ckE=' 'nonce-c53bCJk8TVMjjUe/n1kuHw==' 'self' 'self' https://score.juicyscore.com https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://apis.google.com https://static.cloudflareinsights.com https://connect.facebook.net https://www.facebook.com https://mc.yandex.ru https://yastatic.net https://cdn.jsdelivr.net https://static.site-chat.me; img-src 'self' https://www.googletagmanager.com https://www.google.ru https://www.google.com https://stats.g.doubleclick.net https://www.google-analytics.com https://digido.ph https://stage.dev.digido.ph https://www.facebook.com https://mc.yandex.ru https://mc.webvisor.org data:; font-src 'self' https://fonts.gstatic.com data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com; frame-src 'self' www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://www.facebook.com https://mc.yandex.ru blob:; form-action 'self' https://www.facebook.com; frame-ancestors 'none'; child-src blob: https://mc.yandex.ru; object-src 'none'; report-uri /prometheus-report 1 object-src 'none';base-uri 'self';script-src 'nonce-EEYAHRawKmcUzGOLOO7Vbw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: https://www.nominette.com https://demo.nominette.nl data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com 'self' 'unsafe-inline'; frame-ancestors *.gstatic.com https://www.nominette.com https://demo.nominette.nl 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com www.google.com *.hotjar.com *.hotjar.io *.weltpixel.com https://www.nominette.com https://demo.nominette.nl 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com maps.gstatic.com maps.googleapis.com 'self' data: *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.magentocommerce.com https://www.nominette.com https://demo.nominette.nl maps.google.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com maps.googleapis.com *.avada.io *.google.com www.gstatic.com *.gstatic.com *.googleapis.com *.newrelic.com *.nr-data.net *.hotjar.com *.hotjar.io *.retailrocket.net https://www.nominette.com https://demo.nominette.nl 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com maxcdn.bootstrapcdn.com *.googleapis.com *.gstatic.com *.retailrocket.net https://www.nominette.com https://demo.nominette.nl 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com https://get.geojs.io *.avada.io t.elasticsuite.io *.google-analytics.com *.googleapis.com *.nr-data.net *.g.doubleclick.net *.hotjar.com *.hotjar.io *.paypal.com *.retailrocket.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src * 'self' data: blob: 'unsafe-inline' 'unsafe-eval' 1 object-src 'none'; script-src 'nonce-aALwaYv_S2mNUr7CeBAGk7gB' 'strict-dynamic' http: https:; base-uri 'none'; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: ws.sharethis.com c.ltmsphrcl.net sync.sharethis.com *.googleapis.com *.ift.org.mx data.stbuttons.click cdn.jsdelivr.net cdnjs.cloudflare.com *.gstatic.com t.sharethis.com *.doubleclick.net bcp.crwdcntrl.net rum-collector-2.pingdom.net conocetuvelocidadift.dualstack.speedtestcustom.com www.google-analytics.com l.sharethis.com ; script-src 'unsafe-eval' 'unsafe-hashes' 'report-sample' ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 font-src *.googleapis.com *.gstatic.com data: 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com *.whisbi.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es tr.snapchat.com connect.facebook.net *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.google.com *.doubleclick.net *.facebook.com *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es tr.snapchat.com open.spotify.com *.facebook.net *.iadvize.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io camo.githubusercontent.com *.gstatic.com *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com tr.snapchat.com *.storyblok.com *.placeholder.com px.ads.linkedin.com *.whisbi.com t.co *.iadvize.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com js-agent.newrelic.com bam.nr-data.net script.crazyegg.com snap.licdn.com static.ads-twitter.com sc-static.net track.adform.net *.whisbi.com www.google.fr sdk.privacy-center.org *.adform.net analytics.twitter.com *.iadvize.com https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com *.whisbi.com *.iadvize.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es script.crazyegg.com bam.nr-data.net tracking.crazyegg.com *.whisbi.com *.iadvize.com wss://*.iadvize.com wss://*.twilio.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-D1ZvztQsOKPPfH_EC7bM4g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.clarity.ms www.google.de *.doubleclick.net *.facebook.net www.google.com *.gstatic.com static.zdassets.com www.google.com.ua region1.analytics.google.com analytics.google.com www.google.pl www.google-analytics.com www.googletagmanager.com adservice.google.com ekr.zdassets.com *.tiktok.com *.zendesk.com *.facebook.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 upgrade-insecure-requests; default-src 'self' data: 'unsafe-inline'; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.googletagmanager.com connect.facebook.net platform.twitter.com *.twimg.com platform.linkedin.com cdnjs.cloudflare.com s.ytimg.com; script-src-elem 'self' data: 'unsafe-inline' *.google-analytics.com *.googletagmanager.com *.googleapis.com translate.google.com; connect-src 'self' data: 'unsafe-inline' *.googleapis.com *.google-analytics.com *.googletagmanager.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com platform.twitter.com *.twimg.com cdnjs.cloudflare.com; img-src 'self' data: blob: mosaico.io *.google.com *.googleapis.com *.gstatic.com www.facebook.com *.twitter.com *.twimg.com yt3.ggpht.com i.ytimg.com *.mailchimp.com *.global.ssl.fastly.net labornotes.org labornotes.org; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com themes.googleusercontent.com; frame-src 'self' data: *.google.com www.facebook.com platform.twitter.com syndication.twitter.com www.youtube.com *.soundcloud.com *.vimeo.com; worker-src 'self' data: blob: platform.twitter.com www.facebook.com www.youtube.com cdn.gtranslate.net 1 script-src-attr 'unsafe-inline'; script-src 'strict-dynamic' 'unsafe-eval' 'nonce-4k9cJfQo79FUEgQsy6SjlA=='; img-src 'self' https: data:; default-src 'self' https: wss:; font-src 'self' https: data:; style-src 'self' https: 'unsafe-inline'; frame-ancestors 'none'; report-uri https://sentry.olc.cz/api/19/security/?sentry_key=58622d10e65d4510b8947a9e685d8e4f&sentry_environment=production&sentry_release=5.3.85 1 default-src 'self' *.devfolio.co data:; script-src 'self' *.devfolio.co 'unsafe-eval' 'unsafe-inline' https://cdn.segment.com/ https://maps.googleapis.com/ https://cdnjs.cloudflare.com/ https://cdn.jsdelivr.net/ https://cdnmd.global-cache.online/ https://static.cloudflareinsights.com/ https://www.youtube.com/ https://checkout.razorpay.com/ https://apis.google.com/ https://gstatic.com/ https://ssl.gstatic.com/ https://player.vimeo.com/ https://connect.facebook.net/ https://google.com/ https://accounts.google.com/gsi/client https://ssl.google-analytics.com/ https://translate.googleapis.com/ https://unpkg.com/ https://cdn.rudderlabs.com https://www.pagespeed-mod.com/ https://www.google-analytics.com/ https://www.gstatic.com/ http://www.google.com/ *.cloudfront.net/ https://polyfill.io/ https://sessions.bugsnag.com/ https://d2wy8f7a9ursnm.cloudfront.net/v7/bugsnag.min.js https://cdn.tokenproof.xyz/js/tokenproof-oa-widget-v1.0.js blob: ; connect-src 'self' *.devfolio.co https://sessions.bugsnag.com/ https://maps.googleapis.com/ https://api.segment.io/ https://cdn.segment.com/ https://autocomplete.clearbit.com/ wss://*.devfolio.co/ https://lh3.googleusercontent.com/ https://sentry.io/ https://vimeo.com/ wss://*.bridge.walletconnect.org/ https://mainnet.infura.io wss://mainnet.infura.io https://arbitrum-mainnet.infura.io wss://eth-mainnet.ws.alchemyapi.io/ https://eth-mainnet.alchemyapi.io/ https://arb-mainnet.g.alchemy.com/ wss://arb-mainnet.g.alchemy.com/ wss://www.walletlink.org/ https://api.wallet.coinbase.com https://dns.google.com/ https://api.giphy.com/ https://registry.walletconnect.org/ https://api.segment.io/ *.dataplane.rudderstack.com/ https://api.rudderlabs.com/ https://www.google-analytics.com/ https://api.trongrid.io/ https://sun.tronex.io/ https://devfolio-prod.s3.ap-south-1.amazonaws.com/ https://explorer-api.walletconnect.com/ wss://relay.walletconnect.com/ https://sockjs-us2.pusher.com/ https://api.rudderstack.com/ https://cloudflare-eth.com/ data:; style-src 'self' https://fonts.googleapis.com/ https://translate.googleapis.com/ 'unsafe-inline' data:; img-src 'self' * *.devfolio.co/ data: blob:; frame-src https://www.loom.com/ https://www.youtube.com/ https://m.youtube.com/ https://www.dailymotion.com/ https://vimeo.com/ https://api.razorpay.com/ https://accounts.google.com/ https://www.google.com/ https://player.vimeo.com/ https://loom.com/ https://razorpay.com/ *.razorpay.com/ https://mozbar.moz.com/; font-src 'self' https://fonts.gstatic.com/ https://devfolio-prod.s3.ap-south-1.amazonaws.com/ https://o91302.ingest.sentry.io/ https://mozbar.moz.com https://cdn.tokenproof.xyz/fonts/ data:; frame-ancestors 'self'; media-src 'self' *.devfolio.co/ *.githubusercontent.com/ https://www.youtube.com/ https://m.youtube.com/ https://youtu.be/ https://youtube.com/ https://cloudflare-ipfs.com/ data: blob:; report-uri https://o91302.ingest.sentry.io/api/1193563/security/?sentry_key=66b59c332abd4ee9902ba11631dc07c6 1 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://code.jquery.com https://dxp-au-search.funnelback.squiz.cloud https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://js-cdn.dynatrace.com https://cdn.curator.io https://www.google-analytics.com https://maps.googleapis.com https://zn07vrijtrevpzde2-endeavourenergy.siteintercept.qualtrics.com https://maps.gstatic.com https://siteintercept.qualtrics.com https://www.google.com https://eenop-cas-dt2.pegacloud.net; font-src 'self' https://cdn.curator.io https://fonts.gstatic.com; frame-src 'self' https://www.youtube.com https://player.vimeo.com https://eenop-cas-dt2.peagecloud.net https://eenop-cas-dt2.pegacloud.net; connect-src 'self' https://translate.googleapis.com https://www.google-analytics.com https://api.curator.io https://stats.g.doubleclick.net https://bf91264wjv.bf.dynatrace.com https://api.openweathermap.org https://maps.googleapis.com https://siteintercept.qualtrics.com; img-src 'self' https://translate.googleapis.com https://www.google-analytics.com www.google-analytics.com https://curator-assets.b-cdn.net https://maps.gstatic.com https://maps.googleapis.com https://siteintercept.qualtrics.com https://au1.qualtrics.com https://developers.google.com https://media.licdn.com data:; style-src 'self' 'unsafe-inline' https://unpkg.com/ https://cdnjs.cloudflare.com/ https://cdn.curator.io https://dxp-au-search.funnelback.squiz.cloud https://fonts.googleapis.com; base-uri 'self'; form-action 'self'; media-src 'self' https://curator-assets.b-cdn.net ; object-src 'none'; frame-ancestors 'self'; 1 default-src 'self'; child-src 'self' https://platform.twitter.com https://youtube.com; connect-src 'self' https://dap.digitalgov.gov https://*.doubleclick.net https://search.usa.gov https://translate.googleapis.com https://usda.libanswers.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; font-src 'self' https://cdn.app.cfigroup.com https://cdn.knightlab.com https://fonts.gstatic.com; frame-src 'self' https://publicdashboards.dl.usda.gov https://*.twitter.com https://usda.libanswers.com https://player.vimeo.com https://www.youtube.com; img-src 'self' data: https://cdnmon.cfigroup.com https://cdn.knightlab.com https://feed.informer.com https://fonts.gstatic.com https://search.usa.gov https://*.twitter.com https://*.ytimg.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; script-src 'self' 'unsafe-eval' https://ajax.googleapis.com https://cdn.jsdelivr.net/npm/jvectormap/ https://*.cfigroup.com https://dap.digitalgov.gov https://*.google-analytics.com https://www.nal.usda.gov https://platform.twitter.com https://search.usa.gov https://*.addthis.com https://www.googletagmanager.com https://www.youtube.com; script-src-attr 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.addthis.com https://ajax.googleapis.com https://cdn.knightlab.com https://cdn.jsdelivr.net https://*.cfigroup.com https://dap.digitalgov.gov https://feed.informer.com https://*.libanswers.com https://www.nal.usda.gov https://publicdashboards.dl.usda.gov https://search.usa.gov https://*.twitter.com https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://cdn.knightlab.com https://fonts.googleapis.com https://search.usa.gov; report-uri https://www.nal.usda.gov/csp-collector/index.php; 1 font-src fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com *.fontawesome.com data: use.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com *.nosto.com *.nos.to 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net youtube.com *.youtube-nocookie.com https://www.google.com/recaptcha/ www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com https://*.dpdconnect.nl cdn.dnky.co www.youtube.com *.hotjar.com *.google.com *.facebook.com *.trustpilot.com *.criteo.com *.freshchat.com *.instagram.com *.doubleclick.net s7.addthis.com s3.amazonaws.com pay.google.com *.publitas.com ct.pinterest.com *.weltpixel.com *.nosto.com *.nos.to *.multisafepay.com https://pay.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com validator.swagger.io t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.google.com *.google.com.ua *.google.nl *.google.be connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com *.gstatic.com www.linkedin.com linkedin.com googletagmanager.com gallery.mailchimp.com *.trustedshops.com www.facebook.com connect.facebook.net *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net www.e5mode.be *.nosto.com p.typekit.net cx.atdmt.com curator-assets.b-cdn.net *.doubleclick.net www.zenaps.com www.awin1.com *.googleadservices.com *.getsitecontrol.com cdn.e5mode.be e5-assets.s3.amazonaws.com cdn.e5.be bat.bing.com ct.pinterest.com *.nos.to *.multisafepay.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com https://*.dpdconnect.nl google.com www.google.com gstatic.com www.gstatic.com *.googletagmanager.com *.googleapis.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytics.com *.trustpilot.com *.newrelic.com *.nr-data.net cdn.jsdelivr.net www.googleoptimize.com www.clarity.ms *.datatrics.com *.criteo.net *.criteo.com *.youtube.com connect.nosto.com *.typekit.net *.getsitecontrol.com *.freshchat.com *.timify.com *.instagram.com *.curator.io www.dwin1.com *.doubleclick.net z.moatads.com v1.addthisedge.com m.addthis.com *.publitas.com s.pinimg.com bat.bing.com connect.getflowbox.com s7.addthis.com *.nosto.com *.nos.to *.avada.io *.multisafepay.com https://pay.google.com https://www.postcode-checkout.nl/api/international/v1/autocomplete/* https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net wchat.freshchat.com *.curator.io *.publitas.com *.nosto.com *.nos.to *.multisafepay.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com curator-assets.b-cdn.net e5-assets.s3.amazonaws.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobedc.net api.comapi.com www.google-analytics.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com wss://*.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.nr-data.net www.clarity.ms *.facebook.com *.datatrics.com *.curator.io www.google.com *.doubleclick.net connect.nosto.com maps.googleapis.com ct.pinterest.com e.clarity.ms connect.getflowbox.com 9mn3sm7015.execute-api.eu-west-1.amazonaws.com ekr.zdassets.com/ *.nosto.com *.nos.to https://get.geojs.io *.avada.io *.multisafepay.com https://www.postcode-checkout.nl/api/international/v1/autocomplete/* https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com 'self' *.gstatic.com 'self' data: *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ cdn.dnky.co webchat.dotdigital.com account.fetchify.com https://www.google.com/ js.mollie.com https://www.googletagmanager.com/ https://www.facebook.com https://www.e-shop-direct.com https://handel.ortlieb.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.facebook.com https://www.magezon.com https://www.mollie.com https://med-euw3c.squarelovin.com/ https://www.facebook.com https://cdn.ywxi.net https://maps.googleapis.com https://maps.gstatic.com https://www.e-shop-direct.com https://www.google-analytics.com https://www.google.com https://www.google.de www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.googletagmanager.com *.facebook.net *.google.com js.mollie.com 'report-sample' https://www.googletagmanager.com/gtm.js https://www.google.com/recaptcha/api.js https://*.cookiefirst.com/ https://chimpstatic.com/ https://squarelovin.com/squarelovin.js https://squarelovin.com/api/index/get-stream-media/ https://connect.facebook.net/signals/config/995641483818596 https://consent.cookiefirst.com/banner.js https://www.google-analytics.com/analytics.js https://www.google-analytics.com/plugins/ua/ecommerce.js https://cdn.klarna.com/1.0/code/client/all.js https://maps.googleapis.com/maps/api/js https://www.e-shop-direct.com/libs/js/jquery-3.1.1.min.js https://unpkg.com/web-vitals@0.2.2/dist/web-vitals.es5.umd.min.js js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com cc-cdn.com *.fontawesome.com 'report-sample' https://*.cookiefirst.com/ https://*.squarelovin.com/squarelovin.css https://med-cf-1.squarelovin.com https://www.e-shop-direct.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.google-analytics.com https://static.cookiefirst.com/ https://stats.g.doubleclick.net/ https://www.facebook.com/tr/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.adobedtm.com *.amazon-adsystem.com *.appdemostore.com *.atdmt.com *.avocet.io *.blubrry.com *.clicktale.net *.craftyclicks.co.uk *.chatcora.natwest.com *.doubleclick.net *.everesttech.net *.facebook.com *.facebook.net *.fca.org.uk *.google.co.uk *.google.com *.google.ie *.googleadservices.com *.jwpcdn.com *.liveperson.net *.linkedin.com *.lpsnmedia.net *.neolane.net *.omguk.com *.omtrdc.net *.pinimg.com *.pinterest.com *.snapchat.com *.ulsterbank.co.uk *.ulsterbank.com *.ulsterbankanytimebanking.co.uk *.userzoom.com *.youtube.com *.ytimg.com analytics.twitter.com api.swiftype.com dcs.demdex.net dpm.demdex.net fast.demdex.net fast.rbs.demdex.net jwpltx.com rbs.demdex.net sc-static.net static.ads-twitter.com t.co www.brightedge.com; upgrade-insecure-requests; block-all-mixed-content; report-uri https://ulsterbankni.report-uri.com/r/t/csp/reportOnly 1 object-src 'none';base-uri 'self';script-src 'nonce-FelQYNNN12Jbon2okOs7kw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: www.ender-informatics.ch; img-src 'self' data: data: secure.gravatar.com www.gravatar.com; worker-src 'self' ; frame-ancestors 'none' ; report-uri https://www.ender-informatics.ch?gdsih-csp-report; 1 object-src 'none';base-uri 'self';script-src 'nonce-yz5UtMbdEXVmu_E4PvZbkw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.acuityplatform.com challenges.cloudflare.com *.cloudfunctions.net *.configcat.com storage.googleapis.com cloudflare.hcaptcha.com cf-assets.hcaptcha.com *.kooth.com global.localizecdn.com *.segment.com *.segment.io *.sentry.io *.usefathom.com *.xenzonegroup.com wss://*.xenzonegroup.com; script-src-elem 'self' 'unsafe-inline' data: *.acuityplatform.com challenges.cloudflare.com storage.googleapis.com *.kooth.com global.localizecdn.com *.segment.com *.usefathom.com *.xenzonegroup.com www.googletagmanager.com; connect-src 'self' *.cloudfunctions.net *.configcat.com *.kooth.com global.localizecdn.com *.localizejs.com *.segment.com *.segment.io *.sentry.io *.usefathom.com *.xenzonegroup.com wss://*.xenzonegroup.com *.analytics.google.com; img-src * data:; media-src * data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src * data: chrome-extension: moz-extension: safari-web-extension:; frame-src 'self' vimeo.com *.vimeo.com challenges.cloudflare.com www.googletagmanager.com; object-src 'none'; report-uri https://o367623.ingest.sentry.io/api/5691169/security/?sentry_key=d228aa23f64c4234b0ed98ff46a429d3?sentry_environment=csp_header_in_test_environments_or_csp-report-only_header_in_live 1 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: 'unsafe-inline' 'unsafe-eval' data:; report-uri https://www0mansion0review0jp.report-uri.com/r/d/csp/reportOnly; 1 object-src 'none';base-uri 'self';script-src 'nonce-scLOVQZ9XmZveZg6MUMF' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'report-sample';report-uri https://csp.withgoogle.com/csp/scfe 1 report-uri https://logs-01.loggly.com/inputs/4e92d8a9-baa6-4559-82e2-05428d10fa7b/tag/csp; report-to default 1 default-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.facebook.com/csp/reporting/?minimize=0; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: localmonero.co *.gstatic.com a.localmonero.co ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net *.lytics.io *.customer.io www.googletagmanager.com www.googleoptimize.com maps.googleapis.com www.gstatic.com *.hotjar.com *.privacymanager.io *.onetrust.com polyfill.io *.bytedapm.com *.ttwstatic.com www.tiktok.com *.tiktokcdn-us.com *.pricespider.com *.swaven.com *.static-swaven.com edge.marker.io login.dotomi.com sc-static.net; report-uri https://o4504005838045184.ingest.sentry.io/api/4505410929033216/security/?sentry_key=14a5b105c2c7443983e52fe24209ded4 1 object-src 'none'; script-src 'self' cdnjs.cloudflare.com https://cdn.jsdelivr.net https://unpkg.com platform.twitter.com; script-src-attr 'self'; style-src 'self' fonts.googleapis.com https://unpkg.com; style-src-attr 'self'; frame-ancestors 'self' 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com.br www.googletagmanager.com *.licdn.com *.azulseguros.com.br *.onetrust.com www.google-analytics.com adservice.google.com *.addthis.com sdk.inbenta.io www.google.com vc.hotjar.io *.hotjar.com *.salesforceliveagent.com metrics.hotjar.io *.linkedin.com plugin.handtalk.me *.doubleclick.net region1.analytics.google.com s3-sa-east-1.amazonaws.com analytics.google.com *.gstatic.com *.googleapis.com *.facebook.net *.serving-sys.com cdn.inbenta.io *.facebook.com checkip.amazonaws.com use.typekit.net *.portoseguro.com.br unpkg.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 default-src 'self' https://*.lisboa.pt https://*.cm-lisboa.pt; img-src https: blob: data:; style-src 'self' 'unsafe-inline' https://ajax.googleapis.com https://*.readspeaker.com https://chatwidget.dashboard-visor.com https://cdnjs.cloudflare.com https://api.mapbox.com https://maxcdn.bootstrapcdn.com https://*.fontawesome.com/ https://*.googleapis.com https://*.jsdelivr.net; style-src-elem 'self' 'unsafe-inline' https://*.cloudflare.com https://*.dashboard-visor.com https://*.fontawesome.com https://*.kaspersky-labs.com https://*.readspeaker.com https://*.cloudflare.com https://*.dashboard-visor.com https://*.googleapis.com https://*.jsdelivr.net https://*.mapbox.com https://*.readspeaker.com https://*.bootstrapcdn.com https://*.fontawesome.com; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://*.dashboard-visor.com https://*.google-analytics.com https://*.googletagmanager.com https://*.jquery.com https://*.readspeaker.com https://*.googleapis.com https://code.jquery.com https://chatwidget.dashboard-visor.com https://*.readspeaker.com https://www.googletagmanager.com https://www.google-analytics.com https://cdnjs.com https://cdnjs.cloudflare.com https://api.mapbox.com https://npmcdn.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://www.youtube.com/ https://*.bol.pt https://*.google-analytics.com; script-src-elem 'self' 'unsafe-inline' https://*.bol.pt https://*.cdnjs.com https://*.dashboard-visor.com https://*.google-analytics.com https://*.googletagmanager.com https://*.jquery.com https://*.jscontent.net https://*.npmcdn.com https://*.readspeaker.com https://*.youtube.com https://*.bol.pt https://*.dashboard-visor.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.jquery.com https://*.pagespeed-mod.com https://*.readspeaker.com https://*.bootstrapcdn.com https://*.cdnjs.com https://*.cloudflare.com https://*.dashboard-visor.com https://*.fontawesome.com https://*.googleapis.com https://*.jsdelivr.net https://*.kaspersky-labs.com https://*.mapbox.com https://*.npmcdn.com https://*.readspeaker.com https://*.youtube.com; connect-src 'self' data: https://*.doubleclick.net https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://chatwidget.dashboard-visor.com wss://chatwidget.dashboard-visor.com https://services.arcgis.com https://*.mapbox.com https://*.googleapis.com/ https://*.readspeaker.com; frame-src 'self' https://*vimeo.com https://*.bol.pt https://*.city-platform.com https://*.cm-lisboa.pt https://*.googletagmanager.com https://*.knightlab.com https://*.lisboa.pt https://*.moz.com https://*.vimeo.com https://*.youtube-nocookie.com https://*.youtube.com; font-src 'self' https://*.cloudflare.com https://*.ss-cdn.com https://fonts.gstatic.com https://chatwidget.dashboard-visor.com https://*.fontawesome.com https://*.github.com https://*.typekit.net data:; media-src 'self' https://*.dashboard-visor.com data:; worker-src 'self' blob:; report-uri /fma/csp.php 1 default-src 'none';base-uri 'self';connect-src 'self' wss: *.hotjar.io *.hotjar.com www.google-analytics.com *.mapquestapi.com *.360-value.com *.mapquest.com *.mqcdn.com maps.googleapis.com *.donegalgroup.com *.hotjar.com *.google.com nautilustest.donegalgroup.com region1.google-analytics.com www.googletagmanager.com nautilusqa.donegalgroup.com *.google-analytics.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com *.360-value.com;frame-ancestors 'self' *.donegalgroup.com test-writepro.donegalgroup.com test-www.donegalgroup.com qa-www.donegalgroup.com donegalgroup.com;frame-src 'self' www.googletagmanager.com www.recaptcha.net www.google.com *.donegalgroup.com donegalinsurancegroup.applytojob.com gateway.zscalerthree.net;img-src 'self' data: www.google-analytics.com www.googletagmanager.com *.doubleclick.net *.donegalgroup.com *.mapquestapi.com http://*.mapquestapi.com a.tiles.mapquest.com *.360-value.com *.googleapis.com maps.gstatic.com play.google.com tools.applemediaservices.com *.honey.io cdn.honey.io;media-src 'self' signlearner.com ssl.gstatic.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com www.google.com www.google-analytics.com *.hotjar.com www.googleadservices.com www.gstatic.com www.recaptcha.net *.360-value.com *.mapquestapi.com maps.googleapis.com tools.applemediaservices.com *.googletagmanager.com *.google-analytics.com *.recaptcha.net static.hotjar.com;style-src 'self' 'unsafe-inline' data: fonts.googleapis.com *.googleapis.com *.honey.io cdn.honey.io;webrtc 'block';report-uri https://www.donegalgroup.com/csp-reporting.aspx 1 object-src 'none';base-uri 'self';script-src 'nonce-GEkXfmA4heBnwVkVgVwn8Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-878NyZnICZWnituaX58gGw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-GsOATd-tZaMGR3QRhz5BOw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 frame-ancestors 'self'; report-uri https://www.cairnspost.com.au/csp-reports 1 default-src 'self' *.ponycanyon.co.jp; font-src 'self' *.ponycanyon.co.jp fonts.gstatic.com data:; form-action 'self' *.ponycanyon.co.jp; worker-src 'self' blob: *.ponycanyon.co.jp cdnjs.cloudflare.com; connect-src 'self' *.ponycanyon.co.jp *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com www.google.co.jp; frame-src 'self' *.ponycanyon.co.jp www.youtube.com td.doubleclick.net www.googletagmanager.com open.spotify.com; img-src *; media-src 'self' blob: *.ponycanyon.co.jp; script-src 'self' 'unsafe-inline' *.ponycanyon.co.jp ajax.aspnetcdn.com cdn.jsdelivr.net cdnjs.cloudflare.com *.googletagmanager.com *.google.com www.google-analytics.com ad.jp.ap.valuecommerce.com; style-src 'self' 'unsafe-inline' *.ponycanyon.co.jp cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com tagmanager.google.com; report-uri https://csp-log.ponycanyon.co.jp/; 1 default-src 'self'; script-src 'self'; style-src 'self'; font-src 'self' data:; img-src 'self' data: https://mm.dimu.org/image/; style-src-elem 'self' 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://openseadragon.github.io https://cdn.polyfill.io http://ajax.googleapis.com/ajax/libs/jquery/; script-src-attr 'self' 'unsafe-inline'; connect-src 'self' https://api.dimu.org https://nkl.snl.no/api/; report-to main-endpoint; report-uri /api/CspReports/ReportAsync; 1 default-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://sentry.amazongames.com https://d13pe3bn1jpqwf.cloudfront.net; script-src 'nonce-564b984a23ee4cc4a9df59ad1c4cc508' https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://sentry.amazongames.com https://d13pe3bn1jpqwf.cloudfront.net; style-src 'self' 'nonce-564b984a23ee4cc4a9df59ad1c4cc508' https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://sentry.amazongames.com https://d13pe3bn1jpqwf.cloudfront.net; img-src 'self' data: https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://sentry.amazongames.com https://d13pe3bn1jpqwf.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://*.ytimg.com; media-src 'self' data: https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://sentry.amazongames.com https://d13pe3bn1jpqwf.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://www.youtube.com https://youtube.com https://*.googlevideo.com; frame-src https://www.youtube.com https://youtube.com https://*.googlevideo.com https://*.twimg.com https://player.twitch.tv/ https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://sentry.amazongames.com https://d13pe3bn1jpqwf.cloudfront.net; report-uri https://www.amazon.com/1/batch/2/OE/mid=ATVPDKIKX0DER:sid=131-7934636-9218939:rid=29180DF0BC624693B21A:sn=www.amazongames.com 1 object-src 'none';base-uri 'self';script-src 'nonce-ZlkGla_rxeuPLoPqvrgOng' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-FX5z316RFEmoUkxe14ubqw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-MMbCuJYr1Ub3aVreesDr5g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-42PUKJZEZy-AyHeiZnQKog' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-lkSUjzF02d3dvo3Ue5pjpw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-7uCH0idIQzzpss-QGQ4LLQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-IGio4Djinqdlu209jnz04g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-2ZW8-o1IAC5Yc0flneA7Gg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-8UITMz6BWdH0hM14IDuCsA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-ImlpqOjJM51hEc053tRbLA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-srjEZMWzEjG3Ao_OE6Fnnw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-lNKTPNknKEhhrQrp4X0J_g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-ODMi6RLsEOIwlQHHwlDwCw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-twLcBH9GrgcBFdDok_pTEQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-A9B6uEXfwcDCmn4dg-csyQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-Xnny7oj9Jo-PrJmGh9nMWg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-gY-RxWmdueO93Mp1QSIrbA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-odf2upqtYYmzDtExOr88Tw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-3_evQKDP9JVqYFKbJZkyqg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-TSk4Kkqu8W9T7ZwQDmM3Eg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-gUo4dasK2gTwwPVpRcLLlw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-MTaObCrLsA0lcyjMNY9GcA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-Gco89G1TH2VGEdu0LxvDzg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.fontawesome.com https://www.gstatic.com https://fonts.gstatic.com www.redwolfairsoft.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com www.redwolfairsoft.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com www.redwolfairsoft.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com www.google.com www.googletagmanager.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com https://www.google.com www.redwolfairsoft.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com validate.fishpig.co.uk www.redwolfairsoft.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ www.google.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com songbirdstag.cardinalcommerce.com *.avada.io https://www.google.com https://www.gstatic.com www.redwolfairsoft.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com www.redwolfairsoft.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.redwolfairsoft.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com thm.visa.com https://get.geojs.io *.avada.io www.redwolfairsoft.com 'self' 'unsafe-inline'; child-src www.redwolfairsoft.com http: https: blob: 'self' 'unsafe-inline'; default-src www.redwolfairsoft.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-04kVjejXPt1G9FcvIUn5mA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' data: https: 'unsafe-inline' http://*.omniupdate.com *.twimg.com http://img.youtube.com d.adroll.mgr.consensu.org s.dca0.com; script-src 'self' 'unsafe-inline' *.emu.edu *.adroll.com script.crazyegg.com www.googletagmanager.com www.youvisit.com *.google-analytics.com pi.pardot.com connect.facebook.net www.googleadservices.com googleads.g.doubleclick.net api.meritpages.com *.google.com *.googleapis.com *.addthis.com graph.facebook.com *.purechat.com *.purechatcdn.com *.ebscohost.com code.jquery.com 25livepub.collegenet.com widgets.pinterest.com platform.twitter.com instawidget.net *.twimg.com api.darksky.net assets.adobedtm.com embedr.flickr.com widgets.flickr.com s3.amazonaws.com d.adroll.mgr.consensu.org s.dca0.com; report-uri /is/csp/report/ 1 default-src 'self' https://cdn.monetnik.ru; style-src 'self' https://cdn.monetnik.ru 'unsafe-inline' https://yastatic.net https://fonts.googleapis.com https://*.mindbox.ru; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googleadservices.com https://cdn.monetnik.ru https://googleads.g.doubleclick.net https://www.google-analytics.com https://apis.google.com https://adspire.io/ https://track.adspire.io https://top-fwz1.mail.ru https://vk.com https://*.mindbox.ru https://yastatic.net https://www.googletagmanager.com https://mc.yandex.ru https://cdn.scarabresearch.com; connect-src 'self' https://cdn.monetnik.ru https://mc.yandex.com https://stats.g.doubleclick.net https://analytics.google.com https://www.google-analytics.com https://top-fwz1.mail.ru/ https://*.mindbox.ru https://vk.com https://mc.yandex.ru https://o446164.ingest.sentry.io https://recommender.scarabresearch.com; img-src https: data:; frame-src https://mc.yandex.com https://mc.yandex.ru https://blackfire.io https://content.adriver.ru https://www.youtube.com https://www.googletagmanager.com https://yandex.ru; worker-src blob:; font-src 'self' https://cdn.monetnik.ru fonts.gstatic.com; report-uri /external-event/log/csp/ 1 object-src 'none'; script-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://use.fontawesome.com mdbootstrap.com; script-src-attr 'self'; style-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com mdbootstrap.com use.fontawesome.com; style-src-attr 'self'; frame-ancestors 'self' 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.ca www.storygize.net js-agent.newrelic.com cms.analytics.yahoo.com translate.google.com exchange-match.mediaplex.com *.taboola.com *.outbrain.com *.casalemedia.com *.googleapis.com match.sharethrough.com pass.visitnj.org www.google.com simage2.pubmatic.com visitnj.org bam.nr-data.net idsync.live.streamtheworld.com raw.githack.com secure.quantserve.com *.rubiconproject.com *.lijit.com www.google-analytics.com in.getclicky.com starling.crowdriff.com secure.adnxs.com visitnj.matomo.cloud i.liadm.com t.sharethis.com *.gstatic.com *.cloudfront.net static.getclicky.com api.intentiq.com ups.analytics.yahoo.com serve.uberads.com crb.kargo.com analytics.google.com ib.adnxs.com bcp.crwdcntrl.net data.stbuttons.click *.doubleclick.net pixel-geo.prfct.co *.facebook.com l.sharethis.com tag.perfectaudience.com *.bluekai.com jelly.mdhv.io c.ltmsphrcl.net pixel.quantserve.com *.adsrvr.org ws.sharethis.com sync.intentiq.com acdn.adnxs.com arttrk.com sync.sharethis.com ps.eyeota.net sync.1rx.io prreqcroab.icu cas.cluep.com idsync.rlcdn.com cdn.matomo.cloud www.youtube.com px.adentifi.com ads.stickyadstv.com *.facebook.net *.openx.net *.dotomi.com eb2.3lift.com sync.bfmio.com region1.analytics.google.com tsdtocl.com partners.tremorhub.com koi-3qnmjgpx0o.marketingautomation.services platform-api.sharethis.com www.googletagmanager.com adservice.google.com rules.quantcount.com us.ck-ie.com maxcdn.bootstrapcdn.com bh.contextweb.com us-east.ads.audio.thisisdax.com *.tvsquared.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.hbl.com www.google.fr www.google.co.za www.google.co.uk adservice.google.com www.google.com *.gstatic.com region1.analytics.google.com cdnjs.cloudflare.com *.googleapis.com *.doubleclick.net *.facebook.net analytics.pangle-ads.com www.youtube.com *.tiktok.com www.google.com.qa www.visa.com *.facebook.com www.google.de www.google.com.pk *.linkedin.com www.google.ca clientcdn.pushengage.com www.google-analytics.com hbl.pushengage.com www.googletagmanager.com www.google.com.sa *.licdn.com www.google.com.bh *.googleadservices.com www.google.com.au www.google.com.bd www.google.com.om www.google.nl analytics.google.com hbl-rewards.peekaboo.guru www.google.ae hbl-web.peekaboo.guru ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.yotpo.com *.googleapis.com https://maxcdn.bootstrapcdn.com *.klevu.com *.ksearchnet.com https://www.gstatic.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com https://www.facebook.com/ *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com https://*.google.com *.doubleclick.net https://www.facebook.com/ account.fetchify.com *.yotpo.com https://youtu.be https://vars.hotjar.com/ https://c.paypal.com https://surveymonkey.com/ https://bam-cell.nr-data.net https://widget.trustpilot.com https://tst.kaptcha.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net 'self' data: https://*.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.yotpo.com *.gstatic.com *.google.co.uk https://www.googletagmanager.com https://www.tag4arm.com https://bat.bing.com https://services.postcodeanywhere.co.uk https://ct.pinterest.com https://b.stats.paypal.com https://dub.stats.paypal.com https://c.paypal.com https://secure.surveymonkey.com/ https://www.foliosociety.com https://staging.foliosociety.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.klevu.com *.ksearchnet.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.yotpo.com https://thefo11129.pcapredict.com https://polyfill.io https://api.usersnap.com https://js-agent.newrelic.com https://bam.nr-data.net https://bat.bing.com https://www.tag4arm.com https://*.gstatic.com https://services.postcodeanywhere.co.uk https://r1-1.trackedweb.net https://r1-t.trackedlink.net https://static.trackedweb.net https://s.pinimg.com https://static.hotjar.com https://js.braintreegateway.com https://c.paypal.com https://widget.surveymonkey.com/ https://bam-cell.nr-data.net https://static.cloudflareinsights.com https://www.gstatic.com https://widget.trustpilot.com https://paperplaneslive.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com js.klevu.com *.ksearchnet.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.ometria.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com cc-cdn.com *.yotpo.com https://maxcdn.bootstrapcdn.com https://services.postcodeanywhere.co.uk unsafe-inline assets.braintreegateway.com *.klevu.com *.ksearchnet.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.google-analytics.com *.facebook.com *.facebook.net api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.yotpo.com *.doubleclick.net https://services.postcodeanywhere.co.uk https://bam.nr-data.net https://r1.trackedweb.net https://ct.pinterest.com https://origin-analytics-sand.sandbox.braintree-api.com https://payments.sandbox.braintree-api.com https://bat.bing.com https://in.hotjar.com https://www.paypal.com https://www.tag4arm.com https://bam-cell.nr-data.net https://widget.trustpilot.com https://paperplaneslive.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.klevu.com *.ksearchnet.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com t.elasticsuite.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.ometria.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.braintreegateway.com *.paypal.com https://surveymonkey.com/ https://secure.surveymonkey.com/ *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.mogucdn.com https://*.mogucdn.com http://*.juangua.com https://*.juangua.com http://*.meilishuo.com https://*.meilishuo.com http://*.meilishuo.net https://*.meilishuo.net http://*.mogujie.com https://*.mogujie.com http://*.qq.com https://*.qq.com http://*.mogujie.org https://*.mogujie.org http://*.meili-inc.com https://*.meili-inc.com http://*.mogu.com https://*.mogu.com http://*.mogu-inc.com https://*.mogu-inc.com; report-uri http://sd.mogujie.com/index.php 1 child-src js.stripe.com *.rfihub.com www.facebook.com; connect-src 'self' https://dataplane.rum.us-east-1.amazonaws.com https://cognito-identity.us-east-1.amazonaws.com https://sts.us-east-1.amazonaws.com https://*.launchdarkly.com https://*.forter.com https://d3in1te4fdays6.cloudfront.net https://d1wix2gc2cgqis.cloudfront.net wss://cdn0.forter.com *.favorengineering.com *.pci-np.favor.dev *.favordelivery.com ct.pinterest.com stats.g.doubleclick.net www.google-analytics.com www.facebook.com api.askfavor.com; frame-src *.rfihub.com js.stripe.com bid.g.doubleclick.net www.facebook.com *.criteo.com *.criteo.net; img-src 'self' amplifypixel.outbrain.com *.favorengineering.com *.pci-np.favor.dev *.favordelivery.com cdn.askfavor.com ct.pinterest.com hexagon-analytics.com pinterest.adsymptotic.com stats.g.doubleclick.net tr.outbrain.com www.facebook.com www.google-analytics.com www.google.com googleads.g.doubleclick.net maps.googleapis.com maps.gstatic.com www.googletagmanager.com api.askfavor.com platform-lookaside.fbsbx.com *.criteo.net pingclock.net graph.facebook.com data:; script-src-elem 'self' 'unsafe-inline' https://client.rum.us-east-1.amazonaws.com *.pci.favor.dev *.favorengineering.com https://*.forter.com https://dkupaw9ae63a8.cloudfront.net ont.net wss://cdn0.forter.com *.pci-np.favor.dev *.rfihub.com *.rfihub.net amplify.outbrain.com cdn.siftscience.com www.google.com web.btncdn.com connect.facebook.net googleads.g.doubleclick.net js.stripe.com maps.googleapis.com s.pinimg.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com *.criteo.com *.criteo.net app.link cdn.branch.io; script-src 'self' 'unsafe-eval' https://client.rum.us-east-1.amazonaws.com https://*.forter.com https://dkupaw9ae63a8.cloudfront.net *.favorengineering.com *.pci.favor.dev *.pci-np.favor.dev cdn.siftscience.com js.stripe.com maps.googleapis.com www.google.com web.btncdn.com 'unsafe-inline' *.rfihub.com amplify.outbrain.com connect.facebook.net googleads.g.doubleclick.net s.pinimg.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com *.criteo.com *.criteo.net *.rfihub.net app.link; style-src-attr 'unsafe-inline' fonts.googleapis.com; style-src-elem 'unsafe-inline' cloud.typography.com web-assets.favordelivery.com 'self' fonts.googleapis.com; style-src 'unsafe-eval' 'unsafe-inline' cloud.typography.com 'self' web-assets.favordelivery.com fonts.googleapis.com; form-action www.facebook.com favordelivery.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.rfihub.com amplify.outbrain.com amplifypixel.outbrain.com *.favordelivery.com *.favorengineering.com *.pci-np.favor.dev bid.g.doubleclick.net cdn.askfavor.com cdn.siftscience.com cloud.typography.com connect.facebook.net ct.pinterest.com googleads.g.doubleclick.net hexagon-analytics.com js.stripe.com maps.googleapis.com s.pinimg.com tr.outbrain.com www.facebook.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com fonts.gstatic.com; font-src 'self' data: fonts.gstatic.com; manifest-src 'self'; script-src-attr 'unsafe-inline'; report-uri https://favor.report-uri.com/r/t/csp/wizard; worker-src blob: 1 default-src 'self' *.fls.doubleclick.net *.google-analytics.com *.overdrive.com bam.nr-data.net connect.facebook.net hello.myfonts.net stats.g.doubleclick.net tracking.crazyegg.com/clock; connect-src 'self' *.google-analytics.com analytics.google.com bam.nr-data.net hello.myfonts.net manager.us.smartlook.cloud script.crazyegg.com/pages/data-scripts/0023/8294.json stats.g.doubleclick.net tracking.crazyegg.com/clock www.facebook.com/tr/; script-src 'self' analytics.twitter.com apis.google.com/js/platform.js bam.nr-data.net connect.facebook.com connect.facebook.net js-agent.newrelic.com platform.twitter.com/js/ platform.twitter.com/widgets.js script.crazyegg.com servedbyadbutler.com/adserve/ servedbyadbutler.com/app.js static.ads-twitter.com web-sdk.smartlook.com www.google-analytics.com/analytics.js www.googletagmanager.com 'unsafe-eval' 'unsafe-inline'; script-src-elem 'self' analytics.twitter.com/i/adsct apis.google.com/ apis.google.com/_/scs/apps-static/_/js/ apis.google.com/js/platform.js bam.nr-data.net cdn.syndication.twimg.com/timeline/profile connect.facebook.net js-agent.newrelic.com/ platform.twitter.com/js/ platform.twitter.com/widgets.js script.crazyegg.com/pages/scripts/0023/8294.js script.crazyegg.com/pages/versioned/common-scripts/ servedbyadbutler.com/adserve/ servedbyadbutler.com/app.js static.ads-twitter.com/uwt.js web-sdk.smartlook.com www.google-analytics.com/analytics.js www.google-analytics.com/plugins/ua/ec.js www.google.com/recaptcha www.googletagmanager.com 'unsafe-inline'; style-src 'self' platform.twitter.com/css/ ton.twimg.com/tfw/css/ 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'nonce-LVSZ9rAOW28o8PeRUQ8GKuTMdW8=' platform.twitter.com/css/ ton.twimg.com/tfw/css/; img-src 'self' analytics.twitter.com/i/adsct data: images.contentreserve.com/ img1.od-cdn.com servedbyadbutler.com/getad.img/ syndication.twitter.com/ t.co/i/ www.facebook.com/tr/ www.google-analytics.com/collect www.google.com/ads/ www.googletagmanager.com/a www.googletagmanager.com/td; frame-src 'self' 9250847.fls.doubleclick.net accounts.google.com/ classroom.google.com platform.twitter.com/ syndication.twitter.com/ www.facebook.com/ www.gstatic.com/; worker-src blob:; object-src 'none'; report-uri https://odsecurity.report-uri.com/r/t/csp/reportOnly 1 frame-ancestors 'self'; report-uri https://www.geelongadvertiser.com.au/csp-reports 1 default-src 'none'; base-uri 'self'; child-src 'self' blob:; connect-src 'self' bam.nr-data.net links.services.disqus.com cdn.cookielaw.org api.segment.io *.mapbox.com *.mux.com analytics.google.com www.google-analytics.com geolocation.onetrust.com wss: *.wahooligan.com; font-src 'self' cdn.wahooligan.com fonts.gstatic.com moz-extension data:; form-action 'self' www.wahooligan.com *.wahoofitness.com wahoofitness.zendesk.com api.wahooligan.com *.wahooligan.com; frame-src 'self' disqus.com metabase.wahooligan.com www.youtube-nocookie.com js.stripe.com; img-src 'self' cdn.wahooligan.com www.wahoofitness.com links.services.disqus.com www.gstatic.com www.google-analytics.com data: blob:; media-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.wahooligan.com www.google-analytics.com api.tiles.mapbox.com code.jquery.com cdn.segment.com cdnjs.cloudflare.com js.stripe.com js-agent.newrelic.com bam.nr-data.net bam.nr-data.com assets.zendesk.com static.zdassets.com cdn.cookielaw.org c.disquscdn.com optanon.blob.core.windows.net www.gstatic.com data: *.wahooligan.com; script-src-elem 'self' 'unsafe-inline' cdn.wahooligan.com code.jquery.online code.jquery.com cdn.cookielaw.org cdn.segment.com bam.nr-data.com bam.nr-data.net www.googletagmanager.com js-agent.newrelic.com optanon.blob.core.windows.net assets.zendesk.com www.google-analytics.com api.tiles.mapbox.com cdnjs.cloudflare.com geolocation.onetrust.com www.gstatic.com js.stripe.com *.wahooligan.com; style-src 'self' 'unsafe-inline' fonts.gstatic.com cdn.cookielaw.org fonts.googleapis.com api.tiles.mapbox.com cdn.wahooligan.com c.disquscdn.com www.gstatic.com; style-src-elem 'self' 'unsafe-inline' cdn.wahooligan.com cdn.cookielaw.org assets.zendesk.com api.tiles.mapbox.com fonts.googleapis.com www.gstatic.com; report-uri https://www.wahooligan.com/csp_reports 1 font-src *.klevu.com *.ksearchnet.com https://fonts.gstatic.com *.fontawesome.com *.cloudflare.com *.klaviyo.com *.hotjar.com *.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cybersource.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.cybersource.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://maps.gstatic.com https://maps.googleapis.com https://maps.google.com http://maps.google.com *.online-metrix.net *.jotfor.ms *.jotform.com *.c3vault1.com *.storepoint.co https://res.cloudinary.com https://icons.storepoint-icons.com *.elfsight.com *.elfsightcdn.com *.commoninja.com *.cloudfront.net *.hotjar.com *.googleapis.com *.gstatic.com maps.gstatic.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com *.cardinalcommerce.com h.online-metrix.net *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://static.cloudflareinsights.com *.cloudflare.com *.lr-ingest.com *.ingest-lr.com *.jotform.com *.jotfor.ms *.storepoint.co *.elfsight.com *.commoninja.com *.cloudfront.net *.hotjar.com *.googleapis.com maps.googleapis.com cdn.ampproject.org www.gstatic.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com unsafe-inline assets.braintreegateway.com https://fonts.googleapis.com *.jotfor.ms *.storepoint.co *.fontawesome.com *.cloudflare.com *.elfsight.com *.commoninja.com *.klaviyo.com *.hotjar.com *.googleapis.com www.gstatic.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.cardinalcommerce.com h.online-metrix.net *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com https://maps.googleapis.com *.doubleclick.net https://bcp.crwdcntrl.net *.lr-ingest.com *.ingest-lr.com *.jotform.com https://api.jotform.com *.storepoint.co *.elfsight.com *.commoninja.com *.klaviyo.com *.hotjar.com *.automaticffl.com *.googleapis.com cdn.ampproject.org www.googleapis.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-qaN0K0x1pKdWsbEplFjzRA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' ; base-uri 'self' ; object-src 'none' ; style-src 'self' 'unsafe-inline' cdn.plyr.io https://fonts.googleapis.com https://devcomapbotpilot-test.azurewebsites.net/ https://chatbotapp-stage.azurewebsites.net/ https://intelibot-prod.azurewebsites.net/ ; script-src 'strict-dynamic' 'nonce-RLppMHTN1KljKrLD1hBGeCobsotbYGJm' 'self' 'unsafe-inline' 'unsafe-eval' https://js.monitor.azure.com https://admin.dev.comap-control.bluehosting.cz https://chatbotapp-stage.azurewebsites.net/ https://devcomapbotpilot-test.azurewebsites.net/ https://intelibot-prod.azurewebsites.net/ ; font-src 'self' https://fonts.gstatic.com/ ; connect-src 'self' https://*.logic.azure.com/ https://devcomapbotpilot-test.azurewebsites.net https://chatbotapp-stage.azurewebsites.net/ https://intelibot-prod.azurewebsites.net/ https://devcomapcognitiveservices-test.azurewebsites.net https://intelisearch-stage.azurewebsites.net https://intelisearch.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.in.applicationinsights.azure.com/ wss://localhost:44377 ws://localhost:50602 noembed.com cdn.plyr.io ; img-src * 'self' data: ; media-src 'self' *.comap-control.com/ https://comapkenticouat6527.blob.core.windows.net ; frame-src https://www.thinglink.com youtube-nocookie.com www.youtube-nocookie.com youtube.com www.youtube.com vimeo.com www.vimeo.com https://www.google.com/ ; frame-ancestors https://admin.dev.comap-control.bluehosting.cz/ 1 object-src 'none';base-uri 'self';script-src 'nonce-vN8dZ_xzM9_ZoKe5Twvtrg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.useinsider.com *.gstatic.com https://d22j4fzzszoii2.cloudfront.net https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.useinsider.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.useinsider.com *.avis-verifies.com *.criteo.com *.criteo.net *.doubleclick.net *.facebook.com *.servedby.flashtalking.com http://servedby.flashtalking.com https://servedby.flashtalking.com *.salecycle.com/ https://www.googletagmanager.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org *.360yield.com *.3lift.com *.abtasty.com *.adform.net *.adnxs.com *.useinsider.com *.avis-verifies.com *.bidswitch.net *.bing.com *.casalemedia.com *.clarity.ms *.criteo.com *.criteo.net *.doubleclick.net *.emxdgt.com *.exelator.com *.facebook.com *.google.fr *.googleapis.com *.gstatic.com *.rlcdn.com *.ivitrack.com *.klarna.com *.media.net *.mediavine.com *.mmtro.com https://mmtro.com http://mmtro.com *.omnitagjs.com *.outbrain.com *.palaisdesthes.com *.pubmatic.com *.rubiconproject.com *.sharethrough.com *.smaato.net *.smartadserver.com *.stickyadstv.com *.taboola.com *.teads.tv *.weborama.fr *.yahoo.com *.yieldlab.net *.yieldmo.com *.zebestof.com *.zdassets.com *.adscale.de *.id5-sync.com https://id5-sync.com *.liadm.com *.smartclip.net *.tremorhub.com *.krxd.net *.thebrighttag.com *.amazon-adsystem.com *.contentsquare.net *.privacy-center.org *.postrelease.com *.sc-trc.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com polyfill.io *.abtasty.com *.avtm.fr *.amazon-adsystem.com *.useinsider.com *.bing.com *.capadresse.com ws2.capadresse.com:7455 ws2.capadresse.com:7456 *.clarity.ms *.criteo.com *.criteo.net *.doubleclick.net *.effiliation.com *.facebook.net *.googleapis.com *.mmtro.com http://mmtro.com https://mmtro.com *.newrelic.com *.nr-data.net *.privacy-center.org *.static-sb.com *.tradedoubler.com *.target2sell.com *.zdassets.com *.mouseflow.com *.servedby.flashtalking.com http://servedby.flashtalking.com https://servedby.flashtalking.com *.secure.adnxs.com/ http://secure.adnxs.com/ https://secure.adnxs.com/ *.tag.zebestof.com http://tag.zebestof.com https://tag.zebestof.com *.contentsquare.com *.contentsquare.net *.thank-you.io *.tiktok.com *.palaisdesthes.com *.optimalpeople.fr https://d16fk4ms6rqz1v.cloudfront.net *.dwin1.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ palais-des-thes.my.join-stories.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.useinsider.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.abtasty.com *.useinsider.com *.clarity.ms *.analytics.google.com *.googleapis.com *.googlesyndication.com *.nr-data.net *.palaisdesthes.com *.privacy-center.org *.social-sb.com *.target2sell.com *.zendesk.com *.zopim.com wss://widget-mediator.zopim.com *.mouseflow.com *.zdassets.com *.contentsquare.net *.thank-you.io *.tiktok.com *.zebestof.com *.doubleclick.net *.google.com *.optimalpeople.fr *.criteo.com *.salecycle.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ www.googleapis.com api.parcellab.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src cdn.jsdelivr.net fonts.gstatic.com *.fontawesome.com data: fonts.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: secure-gateway.hipay-tpp.com *.hipay.com gum.criteo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com www.google.fr cm.g.doubleclick.net/ maps.gstatic.com axeptio.imgix.net s.thebrighttag.com openstreetmap.org maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.jsdelivr.net www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com s.pinimg.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com secure-gateway.hipay-tpp.com *.hipay.com mpsnare.iesnare.com static.axept.io www.google.fr maps.googleapis.com widget.trustpilot.com dynamic.criteo.com sslwidget.criteo.com *.zippopotam.us cdn.scalapay.com b2c-cdn.scalapay.com maps.gstatic.com fonts.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.jsdelivr.net fonts.googleapis.com *.hipay.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com data: mpsnare.iesnare.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.getalma.eu www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.hipay.com wss://mpsnare.iesnare.com client.axept.io api.axept.io region1.google-analytics.com sslwidget.criteo.com maps.googleapis.com stats.g.doubleclick.net bam.nr-data.net *.zippopotam.us 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/sre_google 1 default-src 'none'; connect-src 'self' embedr.flickr.com chat-us.libanswers.com resources.bepress.com playback.bepressaws.com cascade2.libchat.com visitor2.constantcontact.com distillery.wistia.com api-iam.intercom.io wss://nexus-websocket-a.intercom.io yoast.com listgrowth.ctctcdn.com www.facebook.com stats.g.doubleclick.net *.google-analytics.com analytics.google.com *.analytics.google.com; font-src 'self' data: cdn.jsdelivr.net fonts.gstatic.com static.juicer.io fonts.bunny.net; frame-src 'self' imsa.libanswers.com accounts.google.com admin.helperhelper.com community.imsa.edu v2.libanswers.com docs.google.com calendar.google.com www.youtube.com www.google.com www.facebook.com bbox.blackbaudhosting.com assets.bepress.com; img-src 'self' connect.facebook.net www.gstatic.com live.staticflickr.com www.googletagmanager.com previews.dropbox.com www.google-analytics.com www.imsa.edu s.w.org ps.w.org theeventscalendar.com fast.wistia.com data: embedwistia-a.akamaihd.net cdnjs.cloudflare.com www.paypalobjects.com ajax.googleapis.com onpointplugins.com secure.gravatar.com cdn.datatables.net www.facebook.com bbox.blackbaudhosting.com cdn.weglot.com; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' assets.bepress.com blackfacts.com imsa.libanswers.com community.imsa.edu pi.pardot.com cdn.jsdelivr.net widget.intercom.io js.intercomcdn.com fast.wistia.com ajax.googleapis.com www.google.com www.gstatic.com cdnjs.cloudflare.com static.ctctcdn.com connect.facebook.net www.facebook.com assets.juicer.io bbox.blackbaudhosting.com bbox.blackbaudhosting.com cdn.datatables.net connect.facebook.net www.google-analytics.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' www.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com static.ctctcdn.com ajax.googleapis.com assets.juicer.io bbox.blackbaudhosting.com cdn.datatables.net; script-src-elem 'self' 'unsafe-inline' imsa.libanswers.com ajax.googleapis.com assets.bepress.com connect.facebook.net www.gstatic.com www.google.com cdnjs.cloudflare.com static.ctctcdn.com www.google-analytics.com cdn.datatables.net www.googletagmanager.com embedr.flickr.com widgets.flickr.com; style-src-elem 'self' 'unsafe-inline' static.ctctcdn.com fonts.googleapis.com ajax.googleapis.com cdn.datatables.net www.gstatic.com; media-src 'self' blob: ; worker-src 'self' blob: ; report-uri https://app.imsa.edu/connect/csp/report 1 object-src 'none';base-uri 'self';script-src 'nonce-H2wx0P8qG_D53TD8iRQrUw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-i5mldzdSK0V3sudjEuer3Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: analytics.google.com *.facebook.net www.google.co.jp *.googleapis.com www.google.com.sg www.youtube.com *.doubleclick.net www.google.com.my *.gstatic.com www.google.com www.googletagmanager.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: secure.trailfinders.com *.everesttech.net media.gadventures.com *.twitter.com wss://www.trailfinders.com *.googleapis.com vc.hotjar.io images-api.intrepidgroup.travel www.trailfinders.com unpkg.com *.cloudinary.com b.tile.openstreetmap.org cdn.trailfinders.com assets.adobedtm.com *.omtrdc.net widgety-assets.s3.amazonaws.com cdn.jsdelivr.net www.google-analytics.com *.doubleclick.net *.hotjar.com *.b-cdn.net code.jquery.com webimages.trailfinders.com widget.trustpilot.com newassets.hcaptcha.com *.gstatic.com icm.aexp-static.com inxmail.trailfinders.com cdnjs.cloudflare.com *.facebook.net use.fontawesome.com c.tile.openstreetmap.org region1.google-analytics.com aframe.io *.demdex.net applepay.cdn-apple.com analytics.google.com *.googleadservices.com www.googletagmanager.com api.hostedimages.co.uk mailimages.trailfinders.com a.tile.openstreetmap.org vjs.zencdn.net images.trailfinders.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 default-src 'self' *.kanker.nl kanker.nl cdn1.readspeaker.com trengo.s3.eu-central-1.amazonaws.com *.infogram.com *.flourish.studio www.youtube.com www.youtube-nocookie.com;; script-src 'self' www.google-analytics.com *.widget.trengo.eu www.googletagmanager.com *.kanker.nl *.infogram.com *.flourish.studio dev.visualwebsiteoptimizer.com;; object-src 'none'; style-src unsafe-inline; frame-src 'self' verwijsgids.kanker.nl;; font-src fonts.gstatic.com; cdnjs.cloudfare.com; maxcdn.bootstrapcdn.com; fonts.googleapis.com;; report-uri https://kankernl.report-uri.com/r/d/csp/reportOnly 1 font-src https://*.gstatic.com fonts.gstatic.com *.googleapis.com *.gstatic.com *.cloudflare.com *.twitter.com *.typekit.net *.yotpo.com re.avekshaa-eam.com *.dynamicyield.com plausible.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.twitter.com re.avekshaa-eam.com *.dynamicyield.com plausible.io *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com www.google.com *.twitter.com re.avekshaa-eam.com *.dynamicyield.com plausible.io www.xtento.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://*.gstatic.com *.googleapis.com *.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.cloudflare.com *.googleadservices.com *.google-analytics.com *.yotpo.com yotpo-stool.s3.amazonaws.com *.doubleclick.net *.google.com maps.gstatic.com *.postcodeanywhere.co.uk *.flixfacts.com *.flixcar.com *.flix360.com *.flixgvid.flix360.io re.avekshaa-eam.com *.dynamicyield.com plausible.io www.xtento.com cdn.xtento.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com polyfill.io cdn.ampproject.org raw.githubusercontent.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com *.gstatic.com chimpstatic.com downloads.mailchimp.com *.list-manage.com widget.freshworks.com m2epro.freshdesk.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.yotpo.com js-agent.newrelic.com *.googletagmanager.com *.doubleclick.net maps.googleapis.com *.hotjar.com *.postcodeanywhere.co.uk *.pcapredict.com *.flixfacts.com *.flixcar.com *.flix360.com *.flixgvid.flix360.io re.avekshaa-eam.com *.dynamicyield.com plausible.io www.xtento.com cdn.xtento.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com/ fonts.googleapis.com downloads.mailchimp.com widget.freshworks.com m2epro.freshdesk.com 'self' data: *.cloudflare.com *.googleapis.com *.twitter.com *.gstatic.com *.typekit.net getfirebug.com *.google.com *.yotpo.com *.postcodeanywhere.co.uk *.flixgvid.flix360.io *.flixcar.com *.flix360.com re.avekshaa-eam.com *.dynamicyield.com plausible.io unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.adyen.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io cdn.ampproject.org *.googleapis.com widget.freshworks.com m2epro.freshdesk.com *.cloudflare.com *.twitter.com *.paypal.com *.yotpo.com stats.g.doubleclick.net *.postcodeanywhere.co.uk re.avekshaa-eam.com *.dynamicyield.com plausible.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 script-src 'nonce-NGUlfqbFLbKWX2MU280Whw' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: pci-connect.squareup.com my.hellobar.com *.algolia.net *.facebook.com connect.squareup.com api.mapbox.com www.google.ca *.googleapis.com *.gstatic.com cdn.jsdelivr.net api2.heartlandportico.com *.doubleclick.net *.igodigital.com api-v1.us-east-1.prod.passportlabs.cc api.heartlandportico.com pay.google.com www.google.com *.cloudfront.net www.googletagmanager.com adservice.google.com www.google-analytics.com api.parkwhiz.com static.spplus.com cdnjs.cloudflare.com google.com *.facebook.net maxcdn.bootstrapcdn.com vc.hotjar.io web.squarecdn.com hn.inspectlet.com *.hotjar.com *.googleadservices.com cdn.inspectlet.com a.tiles.mapbox.com pro.ip-api.com analytics.google.com browser-update.org b.tiles.mapbox.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 default-src 'self' https:; img-src 'self' https: assets.braintreegateway.com checkout.paypal.com bam.nr-data.net staging.shirtspace.com *.googletagmanager.com data:; font-src 'self' *.typekit.net d2tic578h94r8u.cloudfront.net *.gstatic.com *.googleapis.com *.acsbapp.com data:; object-src 'none'; script-src 'self' 'unsafe-eval' *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.googleadservices.com *.g.doubleclick.net *.googlecommerce.com *.newrelic.com bam.nr-data.net *.braintreegateway.com www.paypalobjects.com *.paypal.com c.paypal.com widget.trustpilot.com connect.facebook.net graph.facebook.com bat.bing.com s.yimg.com sp.analytics.yahoo.com *.pinterest.com *.pinimg.com device.maxmind.com *.typekit.net cdn.jsdelivr.net *.honeybadger.io *.freshchat.com *.ckeditor.com io.clickguard.com acsbapp.com sc-static.net api.ipify.org cdnjs.cloudflare.com *.easysize.me *.klaviyo.com unleash.shirtspace.com unpkg.com d2tic578h94r8u.cloudfront.net 'nonce-vyE5Zgbn3IeQDTaNyQTvJg=='; style-src 'self' d2tic578h94r8u.cloudfront.net *.googleapis.com *.typekit.net *.typeform.com *.freshchat.com *.ckeditor.com cdnjs.cloudflare.com *.easysize.me *.klaviyo.com 'unsafe-inline'; child-src 'self' assets.braintreegateway.com c.paypal.com; frame-src 'self' assets.braintreegateway.com *.paypal.com widget.trustpilot.com www.facebook.com *.g.doubleclick.net *.google.com *.googletagmanager.com *.pinterest.com www.youtube.com *.freshchat.com *.acsbapp.com accessibe.com player.vimeo.com tr.snapchat.com tpc.googlesyndication.com vars.hotjar.com/ *.easysize.me *.typeform.com; connect-src 'self' *.braintreegateway.com 'unsafe-inline' *.google-analytics.com *.g.doubleclick.net *.google.com *.braintree-api.com *.paypal.com *.pinterest.com *.mmapiws.com widget.trustpilot.com *.typekit.net www.facebook.com s.yimg.com http://localhost:3035 ws://localhost:3035 *.acsbapp.com io.clickguard.com bam.nr-data.net *.klaviyo.com *.easysize.me unleash.shirtspace.com d2tic578h94r8u.cloudfront.net 1 font-src https://www.gstatic.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com api.bazaarvoice.com stg.api.bazaarvoice.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com flagpedia.net https://t.teads.tv https://p.teads.tv data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.google.com *.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com maps.googleapis.com https://global.sunbrella.com https://cdn.b0e8.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://cookie-cdn.cookiepro.com https://geolocation.onetrust.com https://t.teads.tv https://p.teads.tv 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com display.ugc.bazaarvoice.com https://static.klaviyo.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com thm.visa.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com www.gstatic.com maps.googleapis.com https://global.sunbrella.com https://cdn.b0e8.com https://js-agent.newrelic.com https://cdnjs.cloudflare.com https://cookie-cdn.cookiepro.com https://geolocation.onetrust.com https://t.teads.tv https://p.teads.tv 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-inline' ajax.googleapis.com cdn.vidyard.com euc-widget.freshworks.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com play.vidyard.com www.google-analytics.com www.googletagmanager.com; script-src 'self' 'unsafe-inline' ajax.googleapis.com euc-widget.freshworks.com www.google-analytics.com www.googletagmanager.com 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' ajax.googleapis.com euc-widget.freshworks.com www.d-hosting.nl www.google-analytics.com www.googletagmanager.com; script-src-attr 'unsafe-inline'; style-src 'self' euc-widget.freshworks.com fonts.googleapis.com maxcdn.bootstrapcdn.com 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' euc-widget.freshworks.com fonts.googleapis.com maxcdn.bootstrapcdn.com www.d-hosting.nl; style-src-attr 'unsafe-inline'; img-src 'self' www.d-hosting.nl www.google-analytics.com www.gstatic.com www.googletagmanager.com; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com; connect-src 'self' euc-widget.freshworks.com www.google-analytics.com; frame-src 'self' www.googletagmanager.com; frame-ancestors 'self'; form-action 'self'; report-uri https://07d95ef832b8e7e3fcc49a07cb322378.report-uri.com/r/d/csp/wizard 1 default-src 'self'; base-uri 'self'; font-src 'self' https: data:; img-src 'self' data: https:; object-src 'none'; style-src 'self' https: 'unsafe-inline'; connect-src 'self' https:; manifest-src https://s3.amazonaws.com/galore-assets/manifest.json; frame-src 'self' https://js.stripe.com https://www.recaptcha.net/ https://www.facebook.com/ https://bid.g.doubleclick.net; frame-ancestors 'self' https://www.care.com/ https://getgalore.com/; script-src 'self' https: 'unsafe-inline' http://cdn.mxpnl.com/libs/mixpanel-2.2.min.js http://connect.facebook.net/en_US/sdk.js https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/en_US/sdk.js; upgrade-insecure-requests; report-uri https://o466311.ingest.sentry.io/api/6004104/security/?sentry_key=2c284ff228ac4d0e8b8ad9ea17497eee&sentry_release=galore-mfe@v18.133.0&sentry_environment=prod 1 default-src 'self' *.tillamook.com tillamook.com stackpath.bootstrapcdn.com; img-src 'self' data: *.ctfassets.net ctfassets.net *.cookielaw.org cookielaw.org https://www.google.com/ads/ https://www.google-analytics.com/ https://www.facebook.com/ https://c.lytics.io/c/b5c7317d218cb2a0ef160219694b5a9e; media-src 'self' *.ctfassets.net ctfassets.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' destinilocators.com https://connect.facebook.net/ *.hotjar.com hotjar.com *.klaviyo.com klaviyo.com *.cookielaw.org cookielaw.org https://polyfill.io/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://givebutter.com/ https://destinilocators.com/ https://www.googleoptimize.com/ https://xola.com/checkout.js https://cdnjs.cloudflare.com/ajax/libs/iframe-resizer/2.8.10/iframeResizer.min.js https://cdn.polyfill.io/v3/polyfill.min.js https://cdnjs.cloudflare.com/ajax/libs/easyXDM/2.4.20/easyXDM.min.js https://botcdn.xola.com/client https://c.lytics.io/; style-src 'self' 'unsafe-inline' *.typekit.net typekit.net api.tiles.mapbox.com www.exploretock.com https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css https://fonts.googleapis.com/css; style-src-elem 'self' 'unsafe-inline' *.typekit.net c.lytics.io; font-src 'self' *.tillamook.com tillamook.com *.typekit.net typekit.net www.exploretock.com stackpath.bootstrapcdn.com; connect-src 'self' wss: *.tillamook.com tillamook.com *.tillamaps.com tillamaps.com *.hotjar.com hotjar.com *.klaviyo.com klaviyo.com *.doubleclick.net doubleclick.net *.ingest.sentry.io *.ctfassets.net ctfassets.net *.mapbox.com mapbox.com *.algolianet.com *.algolia.net *.onetrust.com onetrust.com *.cookielaw.org cookielaw.org analytics.google.com https://preview.contentful.com/ https://www.google-analytics.com/ https://vitals.vercel-insights.com/ https://cdn.contentful.com/ https://analytics.google.com/ https://d2k6913brarspg.cloudfront.net/; frame-src 'self' https://vars.hotjar.com https://www.facebook.com/ https://www.google.com/ https://www.youtube.com https://destinilocators.com/; frame-ancestors https://app.contentful.com; report-uri https://16x3230g.uriports.com/reports/report; report-to default 1 base-uri 'self'; connect-src 'self' https://*.google.com https://ada.matomo.cloud https://boards-api.greenhouse.io https://images.prismic.io https://o43253.ingest.sentry.io https://pagead2.googlesyndication.com https://www.gstatic.com https://bat.bing.com https://*.clarity.ms; default-src 'self'; font-src 'self'; form-action 'none'; frame-ancestors 'none'; frame-src https://*.enterprise.ada.com https://boards.greenhouse.io https://insight.adsrvr.org https://td.doubleclick.net https://tpc.googlesyndication.com https://www.youtube-nocookie.com; img-src 'self' data: https://ada.matomo.cloud https://adahealth.cdn.prismic.io https://assets.ada.com https://connect.facebook.net https://googleads.g.doubleclick.net https://images.prismic.io https://prismic-io.s3.amazonaws.com https://www.facebook.com https://pagead2.googlesyndication.com https://adservice.google.com https://www.google.com https://www.googletagmanager.com https://bat.bing.com https://*.clarity.ms; manifest-src 'self'; media-src 'self' https://adahealth.cdn.prismic.io; script-src 'self' 'unsafe-inline' https://*.matomo.cloud https://boards.greenhouse.io https://connect.facebook.net https://googleads.g.doubleclick.net https://js.adsrvr.org https://tpc.googlesyndication.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.youtube.com https://bat.bing.com https://www.clarity.ms; style-src 'self' 'unsafe-inline'; 1 default-src 'self'; img-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 1 object-src 'none';base-uri 'self';script-src 'nonce-E8-aWQmfNeTzKmbaiNNoMg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-9XaiPg3xjZ-0QS1nzCHWMQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-efHleZ5w9JOVuFFu-DJrgg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com https://static.klaviyo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.doubleclick.net *.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * js.stripe.com *.hotjar.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net 'self' data: *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com bat.bing.com *.google.co.uk *.googleadservices.com *.google-analytics.com *.magentocommerce.com *.widgets.magentocommerce.com *.paypalobjects.com *.postcodeanywhere.co.uk www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.google.com *.google.bg *.googletagmanager.com connect.facebook.net *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com js-agent.newrelic.com bam.nr-data.net *.pcapredict.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://static.klaviyo.com unsafe-inline assets.braintreegateway.com services.postcodeanywhere.co.uk *.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.magento-datasolutions.com *.magento-ds.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-fa0cbcf2ea7342158252ae7777aa8d32' https://epic.mycenturahealth.org 'self';img-src https://* 'self' blob: data:;style-src https://epic.mycenturahealth.org 'self' 'unsafe-inline';form-action 'self';media-src https://* 'self'; 1 default-src 'self'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=RhPCoz5NPRTXCHc1_lZBxQghGnDgB1TNPMUlRC_bqmc-1711589862-1.0.1.1-tQtGBEJKTz2y.1i23_E7_D95UWP6pL0acPp49c4Rrm4bT.sPO0.YYcD3w6eMQ.UNsJZraQhj5hSnKkb1mWc2daZ6Aba34LM0k8BzvM_HsEyJgBLAbKJjLa5JiuYRcwyF8n9DqIrJ3JFg4JvE_Eimk32Wiq4OzIttPam2UTg01edyO6Powc.2s5qEIiiGc5jWvJWLNMDsavQzSMXQMNq8Gw; report-to cf-ymrldfowreuhjjfa 1 default-src 'self'; font-src 'self' data: https://cdn.rawgit.com https://fonts.gstatic.com https://ka-p.fontawesome.com https://pro.fontawesome.com https://www.erblearn.org https://fonts.typekit.net https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://cdn.jsdelivr.net; img-src * data:; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://cdn.datatables.net https://cdn.erblearn.org https://cdn.jsdelivr.net https://code.jquery.com/jquery-3.5.1.min.js https://kit.fontawesome.com/8e16178960.js https://cdn.jsdelivr.net https://kit.fontawesome.com/3a3e8d3071.js https://www.googletagmanager.com/gtag/js https://use.fontawesome.com/cdc1a032d4.js http://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/4rwLQsl5N_ccppoTAwwwMrEN/recaptcha__en.js https://kendo.cdn.telerik.com/2021.3.1109/js/jszip.min.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://connect.facebook.net; style-src 'unsafe-inline' 'self' https://cdn.datatables.net https://cdn.erblearn.org https://cdn.rawgit.com https://fonts.googleapis.com https://pro.fontawesome.com https://fonts.typekit.net https://use.fontawesome.com https://kendo.cdn.telerik.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com/ https://fast.fonts.net https://code.jquery.com; frame-src https://www.facebook.com https://player.vimeo.com; connect-src 'unsafe-inline' 'self' https://ka-p.fontawesome.com https://worldtimeapi.org https://www.google-analytics.com https://stats.g.doubleclick.net; 1 default-src 'self' undefined *.google-analytics.com r.lr-ingest.io cdn.lr-ingest.io data: blob:; base-uri 'self' undefined *.celigo.com pondsonline.ca; script-src 'self' nonce-b2ac07c473e5a69ef2ace40c1ec85a41 'unsafe-eval' 'unsafe-inline' data.pendo.io cdn.pendo.io app.pendo.io https://d2c59yixfx38rj.cloudfront.net r.lr-ingest.io cdn.lr-in-prod.com cdn.lr-ingest.io secure.gravatar.com static.zdassets.com widget-mediator.zopim.com www.pagespeed-mod.com connect.facebook.net *.adroll.com snap.licdn.com pendo-io-static.storage.googleapis.com *.googletagmanager.com tagmanager.google.com *.google-analytics.com; connect-src 'self' undefined ekr.zdassets.com celigosuccess.zendesk.com wss://widget-mediator.zopim.com r.lr-ingest.io r.lr-in-prod.com integrator-files.s3.amazonaws.com data.pendo.io www.celigo.com zendesk-eu.my.sentry.io cdn.linkedin.oribi.io d2c59yixfx38rj.cloudfront.net d2iiunr5ws5ch1.cloudfront.net meter.activemetering.com www.bugherd.com snap.licdn.com sessions.bugsnag.com cdn.linkedin.oribi.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.com.ar *.google.hu *.google.be *.google.de *.google.mu *.google.com.eg *.google.com *.google.com.au *.google.ca *.google.com.co *.google.co.in *.google.co.jp *.google.com.na *.google.com.sa *.google.co.uk *.google.com.ph *.google.com.hk *.google.com.mx *.google.co.kr *.google.com.uy *.google.com.ua *.google.se *.google.co.ma *.google.co.il *.google.ie *.google.nl *; style-src 'self' 'unsafe-inline' undefined cdnjs.cloudflare.com tagmanager.google.com fonts.googleapis.com cdn.pendo.io; object-src 'self' 'none'; font-src 'self' *.celigo.com undefined at.alicdn.com cdn.jsdelivr.net d2iiunr5ws5ch1.cloudfront.net www.bugherd.com fonts.gstatic.com data:; img-src data: 'self' data.pendo.io cdn.pendo.io undefined secure.gravatar.com www.gravatar.com i0.wp.com *.celigo.com s3-us-west-2.amazonaws.com connectorimages.s3-us-west-2.amazonaws.com *.s3.amazonaws.com v2uploads.zopim.io v2assets.zopim.io *.oktacdn.com *.zdassets.com docs.aws.amazon.com app.pendo.io d2iiunr5ws5ch1.cloudfront.net www.bugherd.com www.facebook.com *.adroll.com px.ads.linkedin.com storage.googleapis.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google.com.ar *.google.hu *.google.be *.google.de *.google.mu *.google.com.eg *.google.com *.google.com.au *.google.ca *.google.com.co *.google.co.in *.google.co.jp *.google.com.na *.google.com.sa *.google.co.uk *.google.com.ph *.google.com.hk *.google.com.mx *.google.co.kr *.google.com.uy *.google.com.ua *.google.se *.google.co.ma *.google.co.il *.google.ie *.google.nl *; worker-src 'self' data: http: blob:; frame-src 'self' portal.productboard.com *.celigo.com app.pendo.io; media-src 'self' static.zdassets.com ssl.gstatic.com 1 default-src https: 'self' 'unsafe-inline'; 1 default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-6c8be1182ae942738e7483a2b593ba46' https://www.essentiamychart.org 'self';img-src https://* 'self' blob: data:;style-src https://www.essentiamychart.org 'self' 'unsafe-inline';form-action 'self';media-src https://* 'self'; 1 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: chrome-extension:; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; report-uri /csp-report 1 font-src fonts.gstatic.com use.typekit.net maxcdn.bootstrapcdn.com *.amazonaws.com *.bglobale.com *.global-e.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.herroom.com *.hisroom.com herroom.com hisroom.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.hisroom.com *.herroom.com *.borderfree.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com www.google.com www.googletagmanager.com www.youtube.com *.hotjar.com *.bounceexchange.com *.hisroom.com *.herroom.com *.cloudfront.net *.facebook.com *.criteo.com *.criteo.net *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net *.weltpixel.com *.bglobale.com *.global-e.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com *.google-analytics.com p.typekit.net t.paypal.com www.paypal.com *.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io assets.herroom.net *.brandlock.io *.herroom.com media.herroom.com media.hisroom.com *.scene7.com *.google.com *.google.pl *.googletagmanager.com *.google.com.pk *.doubleclick.net *.googleapis.com *.googleadservices.com tags.w55c.net tracking.searchmarketing.com alb.reddit.com pixel.tapad.com match.adsrvr.org *.pinterest.com facebook.com *.cdnwidget.com *.clarity.ms *.bing.com t.co *.cloudfront.net *.facebook.com *.criteo.com *.yahoo.com *.krxd.net *.twitter.com *.stickyadstv.com/ *.pubmatic.com *.google.nl *.bidswitch.net *.adnxs.com *.media.net *.rubiconproject.com *.sharethrough.com *.smartadserver.com *.taboola.com *.3lift.com *.adform.net *.omnitagjs.com *.casalemedia.com *.360yield.com *.ivitrack.com *.mediavine.com *.outbrain.com *.tremorhub.com *.yieldlab.net *.yieldmo.com *.thebrighttag.com *.monetate.net *.klaviyo.com *.paypal.com *.ojrq.net *.bglobale.com *.global-e.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ www.google.com *.magento-ds.com www.googletagmanager.com *.newrelic.com bam.nr-data.net herroom.needle.com *.borderfree.com *.klaviyo.com *.herroom.com tag.wknd.ai bat.bing.com *.hotjar.com *.facebook.net cdn.attn.tv *.pinimg.com googleads.g.doubleclick.net *.bounceexchange.com *.clarity.ms upsellit.com *.yieldify.com *.ads-twitter.com *.twitter.com *.criteo.com *.cloudfront.net *.monetate.net *.impactcdn.com *.google.com *.noibu.com *.googleapis.com *.brandlock.io *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net *.bglobale.com *.global-e.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com analytics.google.com unpkg.com *.maxmind.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.borderfree.com *.typekit.net *.klaviyo.com *.bglobale.com *.global-e.com https://static.klaviyo.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.sentry.io *.herroom.com *.hisroom.com bam.nr-data.net *.scene7.com *.klaviyo.com *.google.com *.googleapis.com *.google.pl stats.g.doubleclick.net *.pinterest.com *.cdnbasket.net *.hotjar.com *.cdnwidget.com *.clarity.ms *.facebook.com *.facebook.net *.klavio.com *.sjv.io *.monetate.net *.sbx.borderfree.com *.borderfree.com *.ampcid.google.com.pk *.noibu.com wss://input.noibu.com *.pxf.io *.bing.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.chase.hostedpaymentservice.net *.chase-var.hostedpaymentservice.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.google-analytics.com analytics.google.com *.mmapiws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.facebook.net *.gstatic.com static.mobilemonkey.com www.google.com api.userway.org *.googleapis.com *.siteimproveanalytics.io analytics.google.com *.facebook.com *.omtrdc.net www.googletagmanager.com assets.adobedtm.com www.recaptcha.net www.google.com.pr *.1firstbank.com siteimproveanalytics.com *.everesttech.net adservice.google.com *.demdex.net 1firstbank.io *.doubleclick.net cdn.userway.org cdn77.api.userway.org ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 upgrade-insecure-requests ; default-src 'self' stat.joomlapolis.com https: data 'data' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' stat.joomlapolis.com *.stripe.com *.stripe.network translate.google.com translate.googleapis.com www.googletagmanager.comi www.google-analytics.com connect.facebook.net blob data 'blob' 'data' ; script-src-elem 'self' 'unsafe-inline' 'eval' stat.joomlapolis.com *.stripe.com *.stripe.network translate.google.com translate.googleapis.com www.google-analytics.com gc.kis.v2.scr.kaspersky-labs.com me.kis.v2.scr.kaspersky-labs.com *.kaspersky-labs.com www.pagespeed-mod.com connect.facebook.net ; style-src 'self' 'unsafe-inline' translate.google.com translate.googleapis.com ; style-src-elem 'self' 'unsafe-inline' translate.googleapis.com fonts.googleapis.com gc.kis.v2.scr.kaspersky-labs.com me.kis.v2.scr.kaspersky-labs.com *.kaspersky-labs.com pwm-image.trendmicro.com adblockers.opera-mini.net ; img-src 'self' data: www.joomlapolis.com stat.joomlapolis.com forge.joomlapolis.com *.stripe.com *.stripe.network *.ytimg.com www.gstatic.com www.google.com translate.google.com translate.googleapis.com www.google.com/images yastatic.net i.imgur.com servimg.com tinypic.com www.google-analytics.com www.googleadservices.com www.facebook.com img391.imageshack.us blob data 'blob' 'data' ; frame-src 'self' *.stripe.com *.stripe.network www.youtube.com www.youtube-nocookie.com www.slideshare.net mozbar.moz.com div.show pwm-image.trendmicro.com ; font-src 'self' data: fonts.gstatic.com use.typekit.net *.avast.com chrome-extension github.com/google/fonts/blob chrome-extension ; connect-src *.joomlapolis.com ; report-uri /report-csp-jp-c.php ; 1 object-src 'none';base-uri 'self';script-src 'nonce-vmumyvIMLygowObmwLH83A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-ndkVIZmKLN7nq5q0RXf98A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com.bo www.google.com.sv www.google.com.ec www.google.com.co *.tiktok.com www.google.com.py cdn.jsdelivr.net *.bazaarvoice.com region1.analytics.google.com www.google.es tags.tiqcdn.com cdnjs.cloudflare.com epson.com.mx cdnssl.clicktale.net cdn.cs.1worldsync.com www.google.com.do www.youtube.com www.google.com.ar www.google.com.pa www.google-analytics.com *.facebook.com *.epson.com *.doubleclick.net app.qualified.com *.goepson.com *.dotomi.com c.clicktale.net js.qualified.com *.googleadservices.com www.googletagmanager.com www.google.com srm.bf.contentsquare.net *.googleapis.com www.google.hn analytics.google.com q-aus1.clicktale.net *.omtrdc.net www.google.co.cr www.google.com.mx *.gstatic.com www.google.com.gt bam.nr-data.net www.google.com.pe *.linkedin.com ws.cs.1worldsync.com *.facebook.net wss://ws.qualified.com www.google.com.cu s3-us-west-2.amazonaws.com epson.com fast.fonts.net img.youtube.com k-aus1.clicktale.net adservice.google.com *.licdn.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 font-src *.resultspage.com *.convertexperiments.com *.onetrust.com fonts.gstatic.com use.typekit.net data: *.gstatic.com *.resultsdemo.com *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src *.hotjar.com *.qualaroo.com *.doubleclick.net *.youtube.be *.google.com *.cardinalcommerce.com *.sagepay.com *.adobe.com *.braintreegateway.com *.facebook.com *.vimeo.com *.authorize.net *.convertexperiments.com fast.amc.demdex.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.demdex.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src *.resultspage.com *.resultsdemo.com *.google.com *.bing.com *.google.com.ua *.google.com.uk *.google.co.uk *.cloudfront.net *.googleadservices.com *.google-analytics.com *.paypal.com *.feefo.com *.postcodeanywhere.com *.doubleclick.net *.clarity.ms *.convertexperiments.com *.pinterest.com *.onetrust.com *.contentsquare.net *.puzzel.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.petdrugsonline.co.uk *.googletagmanager.com *.tracking.audio.thisisdax.com *.amazonaws.com *.thisisdax.com *.postcodeanywhere.co.uk *.sagepay.co.uk *.opayo.co.uk *.squarespace.com *.squarespace-cdn.com *.facebook.com *.sli-spark.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.postcodeanywhere.co.uk *.convertexperiments.com *.hivecloud.net *.rmp.rakuten.com *.bing.com *.resultspage.com *.dwin1.com *.g.doubleclick.net *.qualaroo.com *.hotjar.com *.googleadservices.com *.google-analytics.com *.paypal.com *.resultsdemo.com *.feefo.com *.facebook.com *.postcodeanywhere.com *.doubleclick.net *.google.com *.clarity.ms *.cloudfront.net *.convert.com *.scarabresearch.com *.emarsys.net *.pinimg.com *.cloudflare.com *.impactcdn.com *.pinterest.com *.puzzel.com *.onetrust.com *.contentsquare.net unpkg.com *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com www.paypalobjects.com js.braintreegateway.com www.paypal.com assets.adobedtm.com commerce.adobe.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com www.googletagmanager.com *.google.com *.resultsstage.com *.gstatic.com *.sli-spark.com *.pcapredict.com *.facebook.net *.newrelic.com *.nr-data.net assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.resultspage.com *.convertexperiments.com *.feefo.com *.onetrust.com *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com data: *.petdrugsonline.co.uk *.googletagmanager.com *.googleapis.com *.resultsstage.com *.postcodeanywhere.co.uk *.resultsdemo.com *.fontawesome.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.petdrugsonline.co.uk 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src *.postcodeanywhere.co.uk *.hotjar.com *.facebook.com *.doubleclick.net *.azurewebsites.net *.googleadservices.com *.google-analytics.com *.paypal.com *.resultsdemo.com *.resultspage.com *.feefo.com *.postcodeanywhere.com *.hotjar.io *.clarity.ms *.cloudfront.net *.convertexperiments.com *.scarabresearch.com *.emarsys.net *.pinterest.com wss://ws.hotjar.com bat.bing.com *.google.co.uk *.puzzel.com *.onetrust.com *.contentsquare.net dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net qa-api.magedevteam.com *.dycdn.net wss://am.freshrelevance.com *.freshrelevance.com *.nr-data.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com *.addressy.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com https://analytics.google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-5pzZfqMn7SMDRn0GB0E42w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' https://www.hutton.ac.uk/; script-src 'self' https://www.hutton.ac.uk/ *.twitter.com *.google.com *.google-analytics.com *.recaptcha.net *.googletagmanager.com *.google-analytics.com; img-src *; 1 base-uri 'none'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-OOa6njVc+0ee60duNOBfTw==' 1 object-src 'none';base-uri 'self';script-src 'nonce-EgrsDoect3_1jnSg8o13JA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.klevu.com *.ksearchnet.com *.bootstrapcdn.com *.gstatic.com *.klarnacdn.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.nosto.com *.nos.to 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com testorderhistory.tomdixon.net:* orderhistory.tomdixon.net:* 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com www.google.com *.cookiebot.com *.nosto.com *.nos.to testorderhistory.tomdixon.net:* orderhistory.tomdixon.net:* www.xtento.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.adyen.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.youtube.com sumo.com *.sumo.com *.flbx.io *.tomdixon.net *.tomdixontrade.net *.google.co.uk *.googleadservices.com https://www.google.co.uk/* *.cloudfront.net *.getflowbox.com *.nosto.com *.nos.to www.xtento.com cdn.xtento.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com *.getflowbox.com chimpstatic.com *.pcapredict.com *.sumome.com *.sumo.com *.cookiebot.com *.postcodeanywhere.co.uk *.googletagmanager.com *.facebook.com reddit.com *.bufferapp.com *.pinterest.com *.google.com *.gstatic.com *.googleapis.com *.klarnaservices.com *.nosto.com *.nos.to www.xtento.com cdn.xtento.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.bootstrapcdn.com *.postcodeanywhere.co.uk *.googleapis.com *.klarnaservices.com *.klarnacdn.net *.fontawesome.com *.nosto.com *.nos.to tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com sumo.com *.postcodeanywhere.co.uk *.google.com *.sumo.com *.amazonaws.com *.demdex.net *.doubleclick.net *.getflowbox.com *.klarnaservices.com *.nosto.com *.nos.to https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/tv_google 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.doubleclick.net cookies.alterramtnco.com cdn.cookielaw.org www.youtube.com camstreamer.com www.winterparkresort.com lifts-and-trails.netlify.app *.demdex.net p.typekit.net my.matterport.com images.inntopia.com www.google.com *.clarity.ms *.bidr.io *.tiktok.com ib.adnxs.com *.adsrvr.org www.sc.pages08.net edge.adobedc.net adservice.google.com assets.adobedtm.com www.datadoghq-browser-agent.com mtnpowder.com vimeo.com sdk.inbenta.io v4.mtnfeed.com i.vimeocdn.com cdn.sanity.io events.mapbox.com *.facebook.com rum.browser-intake-us3-datadoghq.com cams.mtnfeed.com *.omtrdc.net cdn.inbenta.io pippio.com images.letsway.com www.pages08.net px0.pbbl.co idsync.rlcdn.com *.onetrust.com aws-cdn.inntopia.com kit.fontawesome.com www.inntopia.travel www.googletagmanager.com *.gstatic.com session-replay.browser-intake-us3-datadoghq.com analytics.google.com api.trustyou.com api.mapbox.com ka-p.fontawesome.com *.everesttech.net api.letsway.com use.typekit.net bat.bing.com secure.adnxs.com *.agkn.com *.sojern.com api-gcu1.inbenta.io *.youtube-nocookie.com *.facebook.net *.vimeo.com apolloprogram.io *.adform.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 script-src https: 'strict-dynamic' 'report-sample' 'nonce-cRn3fbiZoejmA+gt2H/bCT2qw8UbmWwLyK6OC2B3k5U='; base-uri 'self';report-to csp-endpoint 1 default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-4ebf9f934a3d4a51bf8fa07539f3be1d' https://www.viewmychart.com 'self';img-src https://* 'self' blob: data:;style-src https://www.viewmychart.com 'self' 'unsafe-inline';form-action 'self';media-src https://* 'self'; 1 img-src https://higherlogicdownload.s3.amazonaws.com/NACE/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NACE/ https://img.youtube.com/vi/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/NACE/ https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ fonts.googleapis.com https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NACE/ https://higherlogicdownload.s3.amazonaws.com/NACE/ https://higherlogiclongterm.s3.amazonaws.com/NACE/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ higherlogiccloudfront.s3.amazonaws.com fonts.googleapis.com https://higherlogicdownload.s3.amazonaws.com/NACE/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NACE/ 'self' https://higherlogiclongterm.s3.amazonaws.com/NACE/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; media-src https://higherlogiclongterm.s3.amazonaws.com/NACE/ https://higherlogicdownload.s3.amazonaws.com/NACE/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NACE/ https://higherlogicstream.s3.amazonaws.com/NACE/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/NACE/ https://higherlogicdownload.s3.amazonaws.com/NACE/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d132x6oi8ychic.cloudfront.net cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NACE/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; script-src-elem https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d3uf7shreuzboy.cloudfront.net/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; worker-src 'self'; frame-src https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; default-src 'self'; base-uri 'self'; connect-src 'self' hl-managedservices.informz.net; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 1 connect-src https://api.segment.io https://cdn.segment.com https://stats.g.doubleclick.net https://www.google-analytics.com 'self' https://api.ipstack.com https://geoip-js.com https://*.launchdarkly.com https://*.guide.jamfnow.com https://api.feedback.us.pendo.io https://sentry.pub.jamf.build https://api.services.jamfnow.com https://services-api.services.jamfnow.com https://jamfsw.okta.com/.well-known/openid-configuration https://jamfsw.okta.com/oauth2/v1/token; img-src https://*.google-analytics.com https://ssl.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.as https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bi https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cat https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.ck https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.vi https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.hz https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sb https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tj https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vc https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.ie https://www.google.im https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.ki https://www.google.kz https://www.google.la https://www.google.li https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.ms https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.nr https://www.google.nu https://www.google.pk https://www.google.pl https://www.google.pn https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.sh https://www.google.si https://www.google.sk https://www.google.sm https://www.google.sn https://www.google.so https://www.google.sr https://www.google.st https://www.google.td https://www.google.tg https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.tt https://www.google.vg https://www.google.vu https://www.google.ws 'self' data: https://*.guide.jamfnow.com https://app.pendo.io https://*.jamfnow.com https://*.services.jamfnow.com https://jamfnow-customapps.s3.amazonaws.com; script-src https://cdn.segment.com https://www.google-analytics.com https://www.googletagmanager.com 'self' https://geoip-js.com/js/apis/geoip2/v2.1/geoip2.js https://*.salesforceliveagent.com https://*.guide.jamfnow.com https://cdn.jsdelivr.net/npm/confetti-js@0.0.15/dist/index.min.js https://www.youtube.com; base-uri 'self'; default-src 'self' https:; font-src 'self'; style-src 'self' https://*.guide.jamfnow.com 'unsafe-inline'; report-uri https://sentry.pub.jamf.build/api/266/security/?sentry_key=69c661b6de484d0285748b2206db8711&sentry_environment=production; 1 default-src 'report-sample' 'self'; script-src 'report-sample' 'self' cdn.polyfill.io secure.quantserve.com www.youtube.com 'unsafe-inline' app.contentsquare.com t.contentsquare.net acdn.adnxs.com ads-engagement.presage.io bat.bing.com cdn.taboola.com connect.facebook.net pixel.mathtag.com s.yimg.com tag.mtrcs.samba.tv vxml4.plavxml.com www.google-analytics.com www.googletagmanager.com *.doubleclick.net rules.quantcount.com www.googleadservices.com/pagead/ 'unsafe-inline' 'unsafe-eval' *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com deploytealium.com tags.tiqcdn.com *.tealiumiq.com *.taboola.com; style-src 'report-sample' 'self' data: 'unsafe-inline' fonts.googleapis.com www.google.com/cse/ 'unsafe-inline'; img-src 'self' data: static.nib.com.au *.ctfassets.net *.contentsquare.net www.googletagmanager.com cm.g.doubleclick.net *.g.doubleclick.net m.g.doubleclick.net *.doubleclick.net ext-inv-cdn.presage.io ib.adnxs.com images.ctfassets.net pixel.mtrcs.samba.tv pixel.zprk.io sp.analytics.yahoo.com *.contentsquare.net www.google.com.au/pagead/ www.google.com/ads/ pixel.quantserve.com cm.g.doubleclick.net pixel.mathtag.com www.facebook.com maps.googleapis.com bat.bing.com www.google-analytics.com ads-engagement.presage.io www.google.com/cse/ maps.gstatic.com prreqcroab.icu www.google.com.au/ads/ www.google.com/pagead/ www.google.com.hk/pagead/ www.google.co.in sync.intentiq.com https://app.optimizely.com https://cdn.optimizely.com ads-engagement.presage.io trc.taboola.com static.nib.com.au nib-prod-public-au-static-assets.s3-ap-southeast-2.amazonaws.com; connect-src 'self' api-gateway.nib.com.au *.contentsquare.net trc.taboola.com www.google-analytics.com s.yimg.com *.doubleclick.net www.googleanalytics.com adservice.google.com bat.bing.com/actionp/ maps.gstatic.com aps.googleapis.com pixel.mtrcs.samba.tv www.google.com/pagead/ api.intentiq.com pixel.mathtag.com *.googlesyndication.com *.optimizely.com *.cdn-pci.optimizely.com *.ingest.sentry.io *.tealiumiq.com deploytealium.com api.rollbar.com *.taboola.com nib-prod-contact-amazon-connect-attachments-ap-southeast-2.s3.ap-southeast-2.amazonaws.com id.nib.com.au; font-src 'self' data: fonts.gstatic.com static.nib.com.au 'unsafe-inline' data: https://fonts.gstatic.com https://static.nib.com.au; object-src www.youtube.com *.fls.doubleclick.net; media-src 'self'; frame-src www.youtube.com *.fls.doubleclick.net td.doubleclick.net pixel.mathtag.com www.facebook.com tsdtocl.com *.cdn-pci.optimizely.com; worker-src 'self' blob:; child-src 'self' blob:; form-action 'self' www.facebook.com; frame-ancestors 'none'; report-uri https://api-gateway.nib.com.au/csp-report-uri/v1/report/report-only; 1 default-src https: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.allesedv.at/mixedContentReporting.php 1 default-src 'self' *.google-analytics.com *.jsdelivr.net *.gstatic.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.googletagmanager.com *.google-analytics.com *.jsdelivr.net https://www.googletagmanager.com/ns.html *.cookielaw.org *.fontawesome.com *.licdn.com *.ads-twitter.com *.facebook.net https://www.google.com/recaptcha/api.js; style-src 'unsafe-inline' 'self' *.jsdelivr.net; img-src 'self' *.google-analytics.com *.facebook.com *.linkedin.com *.blob.core.windows.net *.azureedge.net *.cookielaw.org *.google.com *.google.co.in analytics.twitter.com t.co px.ads.linkedin.com px.ads.linkedin.com.x cdn.incyte.com data: *.googletagmanager.com *.opendns.com *.media-cache.woxo.tech; media-src 'self' *.google-analytics.com *.blob.core.windows.net *.azureedge.net; frame-src *.youtube.com *.google.com *.googletagmanager.com incyte.hrmdirect.com *.facebook.com *.facebook.net; frame-ancestors 'self'; child-src *.youtube.com *.google.com *.googletagmanager.com incyte.hrmdirect.com; font-src 'self' data: https://cdn.jsdelivr.net https://fonts.gstatic.com; connect-src *; report-uri /report-csp-violation 1 object-src 'none';base-uri 'self';script-src 'nonce-fei8grKWUv9FV2f4FK-zqA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-2Ue6Tfn9Ub_JOdbUdQ81EQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.googleapis.com https://www.gstatic.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com *.bootstrapcdn.com *.stamped.io foursixty.com *.zipmoney.com.au font.static.useinsider.com *.pinterest.com *.cloudfront.net *.livechatinc.com static.zip.co https://fonts.gstatic.com maxcdn.bootstrapcdn.com *.yotpo.com https://cdn.livechatinc.com/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com https://plumrocket.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk https://www.google.com *.doubleclick.net www.facebook.com *.affirm.com *.affirm.ca https://plumrocket.com *.livechatinc.com *.paypal.com *.kaptcha.com beaconlighting.api.useinsider.com *.addthis.com *.addthisedge.com *.pinterest.com *.cloudfront.net *.scarabresearch.com www.xtento.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * photos.pixlee.co https://accounts.google.com *.yotpo.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com https://www.affirm.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.afterpay.com https://site-assets.afterpay.com/ *.googleapis.com *.gstatic.com 'self' data: *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.affirm.com *.affirm.ca *.beaconlighting.com.au *.trackjs.com *.cdninstagram.com *.zipmoney.com.au *.magentosite.cloud *.stamped.io *.scarabresearch.com *.paypal.com *.api.useinsider.com *.pinterest.com *.cloudfront.net *.livechatinc.com blob: static.zip.co www.xtento.com cdn.xtento.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.pixlee.com *.yotpo.com t.zip.co static.zipmoney.com.au https://web1.acsbapp.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://api.addressfinder.io https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net polyfill.io *.googleapis.com https://www.gstatic.com https://www.google.com *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.affirm.com *.affirm.ca s7.addthis.com iguana2.com *.stamped.io *.zipmoney.com.au foursixty.com *.trackjs.com *.bootstrapcdn.com *.livechatinc.com beaconlighting.api.useinsider.com *.addthis.com *.addthisedge.com z.moatads.com *.api.useinsider.com *.pinterest.com *.cloudfront.net *.scarabresearch.com static.zip.co www.xtento.com cdn.xtento.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.plugins.emarsys.net connect.facebook.net graph.facebook.com business.facebook.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.pxlecdn.com *.pixlee.com https://accounts.google.com *.yotpo.com static.zipmoney.com.au zip.co https://cdn1.affirm.com/js/v2/affirm.js https://acsbapp.com/ https://trx-cdn.zip.co/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://api.addressfinder.io static.afterpay.com/ *.squarecdn.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com *.bootstrapcdn.com *.stamped.io foursixty.com *.api.useinsider.com *.pinterest.com *.cloudfront.net *.livechatinc.com *.scarabresearch.com static.zip.co downloads.mailchimp.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com https://accounts.google.com https://www.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com https://api.addressfinder.io static.afterpay.com static.sandbox.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.clearpay.co.uk *.algolia.net *.algolia.com *.algolianet.com *.googleapis.com *.google-analytics.com www.facebook.com *.facebook.net *.google.com *.affirm.com *.affirm.ca ekr.zdassets.com/ *.bootstrapcdn.com *.zipmoney.com.au foursixty.com *.foursixty.com *.labs.au.edge.zip.co *.trackjs.com stamped.io *.livechatinc.com *.api.useinsider.com carrier.useinsider.com *.doubleclick.net *.pinterest.com *.cloudfront.net *.scarabresearch.com static.zip.co *.eservice.emarsys.net connect.facebook.net graph.facebook.com business.facebook.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com https://inbound-analytics.pixlee.com https://accounts.google.com *.yotpo.com https://cdn.acsbapp.com/ https://trx.zip.co/z/t https://www.affirm.com/ https://tracker.affirm.com/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://www.affirm.com/ 'self' 'unsafe-inline'; 1 connect-src 'self' https://status.netservicesgroup.com https://www.google-analytics.com; default-src 'self' http://www.techadvisory.org https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://helpdesk.netservicesgroup.com:80; img-src 'self' http://www.internettrafficreport.com https://csi.gstatic.com https://maps.googleapis.com https://maps.gstatic.com http://www.techadvisory.org https://www.netservicesgroup.com http://graphs.ntppool.net http://www.pool.ntp.org https://www.google-analytics.com https://secure.trust-provider.com http://www.trustlogo.com/; child-src https://helpdesk.netservicesgroup.com http://openspeedtest.com https://urldefense.proofpoint.com https://quickclick.com; style-src 'self' https://www.netservicesgroup.com https://status.netservicesgroup.com 'sha256-zL+zKXgt2515GaHwEfkV8QPRfZZcGr/ibUw4EJ3V13s=' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://secure.trust-provider.com 'sha256-ES2uzHuEQM4whrqb1S+eihZ+mxiQTgCzn2AsyOHbX88=' 'sha256-rvExcqXg6slhViMilpJKfslIcSuTwNcaJTyiU0PTfEc=' https://secure.comodo.com; script-src 'self' https://secure.trust-provider.com http://www.trustlogo.com https://cdnjs.cloudflare.com https://maps.googleapis.com https://www.netservicesgroup.com https://ajax.googleapis.com https://oss.maxcdn.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://status.netservicesgroup.com https://secure.comodo.com 'sha256-YG4fTNWYCHAm4AVC2mnK8Tj09alaJWJTk+LJy+5kHho=' 'sha256-ES2uzHuEQM4whrqb1S+eihZ+mxiQTgCzn2AsyOHbX88=' 'sha256-rvExcqXg6slhViMilpJKfslIcSuTwNcaJTyiU0PTfEc=' 'sha256-/LNrhX3k9yooaUcjJ9wGqDoSJEFQEozZc8jtdbq+lMg=' 'sha256-ahfvWH65y6WEYvXXrsReZDD9l5f9wMFjeLjl+8hkRIg=' 'sha256-rvExcqXg6slhViMilpJKfslIcSuTwNcaJTyiU0PTfEc='; font-src 'self' https://www.netservicesgroup.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; report-uri https://www.netservicesgroup.com/csp.php 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: analytics.google.com push.esputnik.com booking.flyarystan.com flyarystan.com www.google.kz www.google.co.uz www.google.co.in www.google-analytics.com api2.amplitude.com *.facebook.com cdnjs.cloudflare.com www.google.ge www.google.com www.google.az mc.yandex.ru pics.esputnik.com cdn.jsdelivr.net kzr-ports.hosting.aero livechat.infobip.com cdn-cookieyes.com www.google.com.tr log.cookieyes.com www.google.ru mc.yandex.com www.google.de momentjs.com adservice.google.com www.google.kg *.doubleclick.net mc.yandex.kz cdn.amplitude.com *.gstatic.com code.jquery.com www.youtube.com directory.cookieyes.com esputnik.com api.infobip.com *.googlesyndication.com www.googletagmanager.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 default-src *; script-src 'self' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https: data: blob:; img-src 'self' https: data:; connect-src *; font-src 'self' https: data:; media-src 'self' https: data:; report-uri *; child-src *; form-action * *.simplesat.io; frame-ancestors *; object-src *; frame-src *; worker-src *; manifest-src *; navigate-to *; base-uri * 1 default-src 'self'; script-src *; script-src-elem *; script-src-attr *; style-src 'self'; style-src-elem 'self'; style-src-attr 'self'; img-src *; font-src *; connect-src *; media-src *; object-src 'none'; prefetch-src *; child-src *; frame-src *; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri https://www.styria.com https://stage.styria.com; manifest-src 'self'; report-uri https://cspreport.smd-digital.at 1 default-src https:; script-src 'report-sample' 'self' 'nonce-c8d187338bb8fc6a2b1e9f26b0d51b7b' 'sha256-Uar6/o6bHxLbvYdSPaAi9aPBl0o2QLBH4YZtTV7Yh9U=' *.forcloudcdn.com *.forter.com analytics.tiktok.com analytics.twitter.com app.link cdn.branch.io connect.facebook.net dkupaw9ae63a8.cloudfront.net googleads.g.doubleclick.net maps.googleapis.com sc-static.net static.ads-twitter.com tools.luckyorange.com tr.snapchat.com websdk.appsflyer.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.youtube.com; style-src 'self' 'unsafe-inline' *.forcloudcdn.com fonts.googleapis.com; connect-src https: wss:; img-src data: https:; font-src data: https:; frame-src 'self' bid.g.doubleclick.net bytedance: fordeal: sslocal: tr.snapchat.com tr6.snapchat.com www.facebook.com www.youtube.com; object-src 'none'; child-src 'self' blob:; base-uri 'none'; report-uri https://dot-hub-x.fordeal.com/api/csp-reports?who=client_customer&app=fordeal 1 report-uri /csp_report;base-uri 'self';default-src 'self' blob: data: js.intercomcdn.com intercom.help *.intercom.io intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net fonts.gstatic.com *.hotjar.com www.facebook.com bid.g.doubleclick.net googleads.g.doubleclick.net https://*.googlesyndication.com *.fontawesome.com www.google.com assets.nflxext.com accounts.google.com *.googleapis.com https://dev-ipg.icards.eu https://api2.amplitude.com/2/httpapi;object-src 'self' blob: neterra.tv *.neterra.tv;style-src 'self' 'unsafe-inline' https://googleads.g.doubleclick.net fonts.googleapis.com https://tagmanager.google.com https://fonts.googleapis.com ia.media-imdb.com https://api2.amplitude.com/2/httpapi;img-src 'self' blob: https://*.neterra.tv http://*.neterra.tv data: www.google.com www.google.bg www.googletagmanager.com www.google-analytics.com *.googlesyndication.com *.g.doubleclick.net www.facebook.com *.sumo.com *.intercomcdn.com static.intercomassets.com uploads.intercomusercontent.com *.intercom.io *.intercom-attachments-5.com *.intercom-attachments-6.com *.geotrust.com *.intercom-attachments-9.com ssl.gstatic.com www.gstatic.com ia.media-imdb.com connect.facebook.net https://api2.amplitude.com/2/httpapi;connect-src 'self' neterra.tv payments.neterra.tv elk-stats.neterra.tv 127.0.0.1:8999 staging.neterra.tv www.google-analytics.com analytics.google.com *.googlesyndication.com http://sumo.com *.sumo.com *.hotjar.com www.google.bg www.google.com stats.g.doubleclick.net *.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io uploads.intercomcdn.com uploads.intercomusercontent.com *.neterra.tv:443 www.facebook.com *.fontawesome.com csi.gstatic.com fundingchoicesmessages.google.com securepubads.g.doubleclick.net https://dev-ipg.icards.eu https://api2.amplitude.com/2/httpapi;script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' *.geotrust.com www.geotrust.com www.gstatic.com ia.media-imdb.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net *.googlesyndication.com p.media-imdb.com *.facebook.com *.facebook.net *.sumo.com *.hotjar.com *.intercom.io js.intercomcdn.com https://www.googletagmanager.com https://adservice.google.bg https://adservice.google.com https://www.googletagservices.com *.fontawesome.com appleid.cdn-apple.com apis.google.com partner.googleadservices.com www.google.com securepubads.g.doubleclick.net fundingchoicesmessages.google.com *.googleapis.com *.google.com *.2mdn.net https://dev-ipg.icards.eu https://api2.amplitude.com/2/httpapi;form-action 'self' https://neterra.tv www.facebook.com epay.bg www.epay.bg demo.epay.bg https://dev-ipg.icards.eu https://api2.amplitude.com/2/httpapi;media-src 'self' *.neterra.tv neterra.tv *.googlevideo.com *.googleapis.com https://api2.amplitude.com/2/httpapi 1 script-src 'nonce-tqd06i0F5QB9ZyESIwqAbA==' 'strict-dynamic' https: 'unsafe-inline' 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=UELS4b0KSYWm42aVXCSWhghxK7Zc2_UGTnANBzcFH3Mm_YhmbHD7aBdf4c0tURljRu3x&policy_id=9&user_id=&request_id=e748fd78-db84-4aa0-a939-e5b2ee54a15a; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1 object-src 'none';base-uri 'self';script-src 'nonce-_Xh3I6dly-FUMHf9p3EBhQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-XXdRgokNdPjgOEJ33Rdxuw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.racetrac.com *.adsrvr.org *.googleapis.com analytics.google.com bat.bing.com sc-static.net px.adentifi.com *.azureedge.net *.gstatic.com appleid.cdn-apple.com *.facebook.com *.doubleclick.net *.hotjar.com assets.onestore.ms tags.srv.stackadapt.com *.onetrust.com ssl.kaptcha.com www.google-analytics.com *.facebook.net *.googlesyndication.com www.google.com *.cloudinary.com www.googletagmanager.com cdn.cookielaw.org vc.hotjar.io adservice.google.com ds.reson8.com cdn.resonate.com *.snapchat.com *.googleadservices.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com t.co www.lowi.es *.googleapis.com ikaue-xpa-gateway-79cv1gog.wm.gateway.dev st-eu.dynamicyield.com www.google.com.co region1.google-analytics.com *.tiktok.com cdn.cookielaw.org *.ads-twitter.com analytics.google.com bat.bing.com statics.lowi.es region1.analytics.google.com livechat-static-vf-es.brandembassy.com www.google.es www.google.co.ve *.demdex.net cdn-eu.dynamicyield.com bp.lowi.es api.ipify.org www.google.com.mx *.gstatic.com metrics.hotjar.io statics.pro.env.lowi.es *.facebook.com cdn.co-buying.com *.doubleclick.net *.hotjar.com www.google.com.pe statics.des.lowi.es s3-eu-west-1.amazonaws.com *.onetrust.com www.google-analytics.com www.googletagmanager.com *.amazon-adsystem.com track.adform.net *.facebook.net t.womtp.com analytics.pangle-ads.com channels-assets-vf-es-prepro.brandembassy.com server.seadform.net vc.hotjar.io www.google.co.ma *.r.appspot.com *.twitter.com adservice.google.com content.hotjar.io www.google.ie ws.walmeric.com *.adform.net www.confianzaonline.es async-px-eu.dynamicyield.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 font-src *.googleapis.com *.gstatic.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.google.com.br *.pinterest.com *.fontawesome.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.facebook.com *.pagar.me *.pinterest.com *.netsgroup.com *.sibs.pt *.seglan.com *.secureacs.com *.rsa3dsauth.com *.apata.io *.cardinalcommerce.com *.santander.com.br *.bradesco.com.br *.bradesco *.stone.com.br *.nubank.com.br *.itau.com.br *.bb.com.br *.caixa.gov.br *.inter.co *.bancointer.com.br *.c6bank.com.br *.bancobmg.com.br *.safra.com.br *.sicoob.com.br *.banrisul.com.br *.banrisul.b.br *.banorte.com *.xpi.com.br *.btgpactual.com *.btgpactualdigital.com *.mercadopago.com.br *.mercadopago.com *.picpay.com *.amedigital.com *.neon.tech *.neon.com.br *.wise.com *.revolut.com *.sandbox.3dsecure.io https://shopline.itau.com.br 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.twitter.com *.hotjar.com *.doubleclick.net *.google.com.br *.facebook.com *.pagar.me *.pinterest.com *.google.com *.netsgroup.com *.sibs.pt *.seglan.com *.secureacs.com *.rsa3dsauth.com *.apata.io *.cardinalcommerce.com *.santander.com.br *.bradesco.com.br *.bradesco *.stone.com.br *.nubank.com.br *.itau.com.br *.bb.com.br *.caixa.gov.br *.inter.co *.bancointer.com.br *.c6bank.com.br *.bancobmg.com.br *.safra.com.br *.sicoob.com.br *.banrisul.com.br *.banrisul.b.br *.banorte.com *.xpi.com.br *.btgpactual.com *.btgpactualdigital.com *.mercadopago.com.br *.mercadopago.com *.picpay.com *.amedigital.com *.neon.tech *.neon.com.br *.wise.com *.revolut.com *.sandbox.3dsecure.io *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.essentia.com.br *.noorskin.com.br *.essentialnutrition.com.br *.google.com *.google.com.br *.facebook.net *.facebook.com *.googletagmanager.com *.cloudfront.net *.clearsale.com.br *.pagar.me *.doubleclick.net *.pinterest.com *.siteblindado.com *.essentialnutrition.com.br/conteudos https://essentialnutrition-upload-files.s3.amazonaws.com cdn.mundipagg.com api.pagar.me ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com *.cloudflare.com *.twitter.com *.google-analytics.com *.google.com *.google.com.br *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.clearsale.com.br *.pushpushgo.com *.facebook.net *.facebook.com *.app-us1.com *.doubleclick.net *.hotjar.com *.pagar.me https://trackcmp.net *.pinimg.com *.goadopt.io https://essentiagroup.activehosted.com https://code.jquery.com https://essentialnutrition.com.br http://viacep.com.br https://static.zdassets.com 3ds2.pagar.me 3ds2-sdx.pagar.me *.avada.io *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bootstrapcdn.com *.jsdelivr.net *.cloudfront.net *.pinterest.com *.essentiagroup.activehosted.com https://unpkg.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google.com *.google.com.br *.doubleclick.net *.hotjar.com *.hotjar.io *.youtube.com *.pagar.me wss://ws31.hotjar.com/api/v2/client/ws wss://ws24.hotjar.com/api/v2/client/ws *.goadopt.io *.pinterest.com *.siteblindado.com wss://wsp21.hotjar.com https://essentialnutrition.com.br/conteudos/wp-json/ http://viacep.com.br *.nutrition.test https://ekr.zdassets.com api.mundipagg.com api.pagar.me https://get.geojs.io *.avada.io http://api.itaushopline.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-d23h6CZgnuE7geuaiEAX5g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' affil.eshop-rychle.cz exponea-api.eshop-rychle.cz www.youtube.com www.google.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net; font-src 'self' fonts.gstatic.com; img-src 'self' www.facebook.com www.google.com www.google.cz *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net c.seznam.cz www.seznam.cz; script-src 'self' 'unsafe-inline' 'unsafe-eval' affil.eshop-rychle.cz connect.facebook.net www.google.com *.google-analytics.com *.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com c.imedia.cz www.seznam.cz exponea-api.eshop-rychle.cz cdn.cookie-script.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com 1 object-src 'none';base-uri 'self';script-src 'nonce-1dtALUIo-Xom24mUOtEc1w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 frame-ancestors 'self'; form-action 'self' https://boatsonline.yachthub.com https://www.facebook.com; report-uri https://www.boatsonline.com.au/ajax/csp-report.php; 1 font-src fonts.gstatic.com fonts.googleapis.com *.checkout.vficloud.net *.vficloud.net *.amazonaws.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.sfdcstatic.com *.script.hotjar.com 'self' data: *.cloudfront.net use.fontawesome.com *.bootstrapcdn.com https://script.hotjar.com *.klevu.com *.ksearchnet.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com www.facebook.com *.swellrewards.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.checkout.vficloud.net *.vficloud.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.checkout.vficloud.net *.vficloud.net *.weltpixel.com *.twitter.com *.google.com https://service.force.com/ https://vars.hotjar.com/ https://www.chasepaymentechhostedpay-var.com/ https://www.chasepaymentechhostedpay.com/ https://directory.scouting.org/ http://directory.scouting.org/ www.facebook.com googleads.g.doubleclick.net *.braintreegateway.com/ *.kaptcha.com/ *.paypal.com/ www.youtube.com media.boyslife.org *.swellrewards.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com *.cloudflare.com *.klarna.com *.googleadservices.com *.paypal.com *.twitter.com *.twimg.com *.lightemporium.com *.yotpo.com *.mediafiles.scoutshop.org *.ytimg.com *.widgets.magentocommerce.com https://mediafiles.scoutshop.org/ https://www.facebook.com *.google.com *.scoutshop.org *.google.co.in *.googletagmanager.com 89086.global.siteimproveanalytics.io script.hotjar.com *.clarity.ms *.cloudfront.net *.swellrewards.com *.amazonaws.com https://forms.smsbump.com *.google.lv https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com www.xtento.com cdn.xtento.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.chasepaymentechhostedpay-var.com *.chasepaymentechhostedpay.com *.my.salesforce.com *.lightning.force.com *.secure.force.com *.checkout.vficloud.net *.vficloud.net static.klaviyo.com static-tracking.klaviyo.com *.cloudflare.com *.twitter.com *.google-analytics.com *.google.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.service.force.com *.cdn.nextopia.net *.nextopiasoftware.com *.salesforceliveagent.com *.code.jquery.com https://service.force.com http://code.jquery.com/jquery-migrate-1.4.1.min.js https://cdn.nextopia.net/nxt-app/fca482e10d6c3e13d7748571d09f15d2.js *.googletagmanager.com https://stats.g.doubleclick.net/ *.gtm.js *.googleoptimize.com *.newrelic.com/ siteimproveanalytics.com *.paypal.com/ script.crazyegg.com *.clarity.ms *.ecomm-nav.com *.hotjar.io *.hotjar.com bam-cell.nr-data.net *.nr-data.net *.facebook.net *.swellrewards.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com *.kaptcha.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.secure.force.com *.klaviyo.com *.cloudflare.com *.googleapis.com *.google.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://service.force.com *.nextopia.net *.swellrewards.com *.bootstrapcdn.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com unsafe-inline assets.braintreegateway.com tagmanager.google.com *.yotpo.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.mediafiles.scoutshop.org https://mediafiles.scoutshop.org/Media/video_scouttalk_sbsa_1920x1080.mp4 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com cdn.ampproject.org *.secure.force.com *.checkout.vficloud.net *.vficloud.net *.nr-data.net *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.socialannex.com *.analytics.js *.google-analytics.com *.stats.g.doubleclick.net https://stats.g.doubleclick.net https://script.hotjar.com/modules.901d255c60be478c0407.js https://fast.a.klaviyo.com *.klaviyo.com wss://ws20.hotjar.com *.braintree-api.com *.braintreegateway.com/ *.crazyegg.com *.clarity.ms *.hotjar.io *.hotjar.com *.facebook.com wss: *.swellrewards.com https://metrics.scoutshop.org https://retailpp.scoutshop.org widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.kaptcha.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src static.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-0bc1fccc48ff434a9e42abfc0ff418ad' https://www.mylghealth.org/mychart 'self';img-src https://* 'self' blob: data:;style-src https://www.mylghealth.org/mychart 'self' 'unsafe-inline';form-action 'self';media-src https://* 'self'; 1 worker-src blob:; font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com *.hotjar.com *.reviews.io 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.twitter.com *.facebook.com *.ometria.com 'self' https: 'self' 'unsafe-inline'; frame-ancestors *.widget.reviews.co.uk https://widget.reviews.co.uk *.reviews.co.uk https://www.pingdom.com http://www.pingdom.com https://www.reviews.io https://www.reviews.co.uk *.pingdom.com *.wed2b.co.uk *.doubleclick.net *.ladesk.com *.fls.doubleclick.net 'self' https: 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com https://secure5.arcot.com/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://widget.reviews.co.uk *.twitter.com *.hotjar.com *.fls.doubleclick.net *.ladesk.com *.typeform.com *.facebook.com *.reviews.co.uk *.braintreegateway.com https://a.pgtb.me https://tpc.googlesyndication.com/ *.pinterest.com *.google.com https://checkoutshopper-live.adyen.com *.adyen.com https://secure4.arcot.com/ *.arcot.com https://3ds-secure.cardcomplete.com/ https://ecclients.btrl.ro/ http://bofp.erstebank.hu/ http://www.clicksafe.lloydstsb.com/ https://pay.activa-card.com/ https://3dsecure-1.wirecard.com/ https://3dsecure-2.wirecard.com/ https://acssv.otpbank.hu/ https://acs.sia.eu/ https://idcheck.acs.touchtechpayments.com/ https://sicher-bezahlen.sparkasse.at/ https://www.securesuite.co.uk/ http://bred.wlp-acs.com/ http://bnpp-3ds.wlp-acs.com/ https://www.youtube.com/ *.cookiebot.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com 'self' data: *.lightemporium.com *.usercentrics.eu *.google.co.uk *.google.com *.facebook.com *.g.doubleclick.net *.pinterest.com *.maps.gstatic.com *.googleapis.com https://trk.ometria.com/ *.adalyser.com *.postcodeanywhere.co.uk *.googletagmanager.com https://c.contentsquare.net https://l.contentsquare.net *.reviews.io *.fls.doubleclick.net *.google.cz *.google.be *.google.nl *.google.de *.google.fr *.google.es *.google.gr *.reviews.co.uk *.instagram.com *.google.com.sg *.google.co.id 'self' https: *.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.adyen.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googletagmanager.com *.hotjar.com *.adnxs.com *.facebook.net *.ladesk.com *.adalyser.com *.g.doubleclick.net *.hotjar.io *.pinterest.com *.reviews.co.uk *.maps.googleapis.com https://maps.googleapis.com http://cdn.ometria.com https://cdn.ometria.com https://cdn.polyfill.io/ *.google.com *.pcapredict.com *.postcodeanywhere.co.uk *.ccdc02.com https://cdn.noibu.com/collect.js https://t.contentsquare.net https://d1m2uzvk8r2fcn.cloudfront.net/ https://d2xcq4qphg1ge9.cloudfront.net/ https://tpc.googlesyndication.com/ *.tiktok.com *.pinimg.com https://form.jotform.com https://tags.srv.stackadapt.com *.cookiebot.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.postcodeanywhere.co.uk *.reviews.io data: *.jotfor.ms/ *.stackadapt.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://cdn.wed2b.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.hotjar.com *.hotjar.io *.reviews.co.uk https://widget.reviews.co.uk https://www.pingdom.com https://api.reviews.co.uk *.google-analytics.com https://stats.g.doubleclick.net http://www.googletagmanager.com/ *.facebook.com *.braintree-api.com *.braintreegateway.com *.postcodeanywhere.co.uk *.cdn.noibu.com *.input.noibu.com/ wss://input.noibu.com/ https://input.noibu.com/pv https://input.noibu.com/metrics *.contentsquare.net/ https://api.reviews.io *.google.com *.instagram.com *.googleapis.com *.tiktok.com *.pinterest.com 'self' https: https://www.google-analytics.com 'self' 'unsafe-inline'; child-src blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.wed2b.com/csp-violations.php; report-to report-endpoint; 1 default-src 'none'; script-src 'unsafe-eval' 'self' 'unsafe-inline' 'sha256-Pe5Y4eCVWENJ4/Dqtek4RNDRdkI7SBJ/Mz9iTDLwjiA=' *.usercentrics.eu/ *.usercentrics.com/ https://maps.googleapis.com https://app.usercentrics.eu https://js.hsforms.net https://js.hs-banner.com https://js.hs-analytics.net https://js.usemessages.com https://js.hs-scripts.com https://apps.elfsight.com https://static.elfsight.com https://forms.hsforms.com/ https://static.businessbike.de/; script-src-elem 'self' 'unsafe-inline' secure.adnxs.com/ *.facebook.net/ *.ads-twitter.com/ *.youtube.com/ *.gstatic.com/ *.google-analytics.com/ *.google.com/ https://snap.licdn.com/ https://px.ads.linkedin.com/ *.linkedin.com/ *.clarity.ms https://a.clarity.ms/ https://i.clarity.ms/ https://j.clarity.ms/ https://c.clarity.ms/ https://bat.bing.com/ 'sha256-4Fgc+rmY2CWIS/Iu4eOBLSwEVHSJHQwRQA8QsAcoaMA=' 'sha256-QoPdnbMd1dyknqCfvI971xGxlajhOMS54r7tclyRsNk=' 'sha256-UMWfmReBIoR8be6oLQoUUzfsjUbjHmPU5X5Oa2xB2bw=' 'sha256-rTWylbtfP2tlUZy1UTVC+e8VaJ8myvtf3jfO6kzET6I=' 'sha256-Pe5Y4eCVWENJ4/Dqtek4RNDRdkI7SBJ/Mz9iTDLwjiA=' 'sha256-rs6KClOKD5uekeoTJFtkA1CY/JzoQHftoDxKSxUfinM=' https://www.googletagmanager.com blob: https://forms.hsforms.com/ https://js.hsforms.net/ https://js.hs-scripts.com/ https://apps.elfsight.com/ https://app.usercentrics.eu/ https://static.businessbike.de/ https://js.hs-analytics.net/ https://js.usemessages.com/ https://js.hs-banner.com/ https://static.elfsight.com/ https://maps.googleapis.com/ https://maps.googleapis.com/maps/api/mapsjs/ 'sha256-rwMOiOeVICH7/Cjy5SkreID3OOi5HTrit357k22hUDQ=' 'sha256-LPE1FjPoSbFVAFRURZZRaYmFd2oy1AXZ0z0OVQ6bI6k='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; img-src 'self' https://* *.google.com/ *.google.de/ *.google-analytics.com/ *.hsforms.com/ *.usercentrics.eu/ *.usercentrics.com/ *.businessbike.de/ *.bing.com/ *.linkedin.com/ *.clarity.ms/ https://c.bing.com/ https://px.ads.linkedin.com/ https://c.clarity.ms/ https://bat.bing.com/ www.googletagmanager.com https://static.businessbike.de/ https://app.usercentrics.eu https://track.hubspot.com https://images.ctfassets.net https://i.ytimg.com https://maps.gstatic.com/ https://maps.googleapis.com/maps/ data:; font-src 'self' https://fonts.gstatic.com/ data:; connect-src 'self' cdn.linkedin.oribi.io/ *.doubleclick.net/ *.google-analytics.com/ *.usercentrics.eu/ *.clarity.ms/ *.hsforms.com/ https://api.hubspot.com https://apps.elfsight.com https://service-reviews-ultimate.elfsight.com/ https://hubspot-forms-static-embed.s3.amazonaws.com/ https://maps.googleapis.com/ https://portal.businessbike.de/ https://api.usercentrics.eu; media-src 'self' https://videos.ctfassets.net; object-src 'none'; frame-src 'self' *.facebook.com/ *.google.com/ *.usercentrics.eu/ *.usercentrics.com/ *.hsforms.com/ https://app.hubspot.com https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com; worker-src 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; manifest-src 'self'; 1 report-uri https://cchome.adobe.io/csp/v1/collect?api_key=CCHomeWeb1; connect-src 'self' * data: *.onetrust.com blob: data:; img-src * data: blob: about:; frame-src *; media-src *; default-src https: blob:; style-src 'self' * data: 'unsafe-inline' 'unsafe-eval' *.adobeccstatic.com *.adobe.com *.clicktale.com about: blob:; script-src 'self' * data: 'unsafe-inline' 'unsafe-eval' *.adobedtm.com *.adobelogin.com *.adobeprojectm.com *.newrelic.com *.nr-data.net *.adobeccstatic.com *.typekit.com *.adobe.com adobe.com *.uservoice.com *.typekit.net *.evidon.com *.demandbase.com *.ccmui.adobe.com *.clicktale.net *.clicktale.com *.everestjs.net *.everesttech.net tags.srv.stackadapt.com *.onetrust.com *.cookielaw.org *.vimeo.com *.youtube.com *.ytimg.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://snap.licdn.com/li.lms-analytics/insight.beta.min.js *.bing.com *.ads-twitter.com *.twitter.com *.facebook.net *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.tiktok.com about: blob:; font-src data: *.typekit.net *; frame-ancestors 'self' file://* *.instructure.com *.blackboard.com *.adobe.com zeonchatclient-va6.cloud.adobe.io 1 object-src 'none'; script-src 'self' https://analytics.clickdimensions.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; script-src-attr 'self'; style-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 1 font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.woodpeck.com fonts.gstatic.com cdn.materialdesignicons.com mediacdn.espssl.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com vars.hotjar.com www.paypalobjects.com *.g.doubleclick.net *.vimeo.com www.youtube-nocookie.com *.listrak.com secure.windriverfinancialgateway.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com *.facebook.com flagpedia.net https://redchamps.com maps.gstatic.com *.woodpeck.com *.bm23.com *.g.doubleclick.net www.google.ae www.google.am www.google.com.ar www.google.at www.google.com.au www.google.az www.google.be www.google.com.bh www.google.com.br www.google.com.bs www.google.by www.google.ca www.google.ch www.google.cl www.google.com.co www.google.co.cr www.google.com.cy www.google.cz www.google.de www.google.dk www.google.com.do www.google.ee www.google.es www.google.fi www.google.fr www.google.gy www.google.com.hk www.google.hr www.google.hu www.google.gr www.google.co.id www.google.ie www.google.co.il www.google.co.in www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.com.lb www.google.lk www.google.lu www.google.lv www.google.co.kr www.google.com.kw www.google.kz www.google.mk www.google.mn www.google.mw www.google.com.mx www.google.com.my www.google.com.ng www.google.nl www.google.no www.google.co.nz www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.pk www.google.pl www.google.com.pr www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.com.sa www.google.se www.google.com.sg www.google.si www.google.sk www.google.com.sv www.google.co.th www.google.com.tr www.google.com.tw www.google.com.ua www.google.co.uk www.google.com.uy www.google.co.za translate.google.com www.facebook.com mediacdn.espssl.com *.listrakbi.com code.jquery.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googletagmanager.com *.facebook.net *.avada.io maps.googleapis.com *.woodpeck.com *.hotjar.com *.g.doubleclick.net browser-update.org www.google.com *.algolia.net *.algolianet.com connect.facebook.net *.listrak.com *.listrakbi.com code.jquery.com secure.windriverfinancialgateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com *.woodpeck.com *.googleapis.com translate.google.com cdn.materialdesignicons.com secure.windriverfinancialgateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolianet.com *.insights.algolia.io *.googleapis.com *.google-analytics.com https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com *.woodpeck.com *.hotjar.com *.hotjar.io secure.windriverfinancialgateway.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://woodpeck.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1 default-src 'self' https://*.clarity.ms; form-action 'self'; frame-ancestors 'none'; frame-src *.youtube.com secure.luton.gov.uk assets.nhs.uk https://*.one.network https://www.googletagmanager.com *.hotjar.com *.hotjar.io; font-src 'self' data: fonts.gstatic.com *.hotjar.com *.hotjar.io www.googletagmanager.com emea3.recruitmentplatform.com; img-src 'self' data: www.luton.gov.uk secure.luton.gov.uk www.googletagmanager.com www.cqc.org.uk www.google-analytics.com *.gstatic.com *.hotjar.com *.hotjar.io https://*.clarity.ms https://c.bing.com https://translate.google.com emea3.recruitmentplatform.com https://static.lumessetalentlink.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' cc.cdn.civiccomputing.com code.jquery.com portal.v7.roadworks.org www.googletagmanager.com www.google-analytics.com www.cqc.org.uk *.hotjar.com *.hotjar.io https://*.clarity.ms https://c.bing.com https://connect.facebook.net emea3.recruitmentplatform.com; style-src 'unsafe-inline' 'self' fonts.googleapis.com www.cqc.org.uk emea3.recruitmentplatform.com; connect-src 'self' apikeys.civiccomputing.com *.google-analytics.com *.hotjar.com *.hotjar.io wss://*.hotjar.com https://*.clarity.ms emea3.recruitmentplatform.com *.tb.lumesse.com; object-src 'none'; report-uri https://349104827b8b658b4e1be80ecb2de25d.report-uri.com/r/d/csp/reportOnly 1 default-src *; img-src https:; frame-src 'none' 1 object-src 'none';base-uri 'self';script-src 'nonce-Mr7j_AtzC0goVcLqIDyB4Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 worker-src blob:; sandbox *.425.degree *.425degree.com 425degree.com www.425degree.com https://www.facebook.com *.facebook.com *.facebook.net *.tiktok.com; font-src *.cloudflare.com *.425degree.com *.fontawesome.com *.typekit.net *.trustedshops.com fonts.gstatic.com *.kxcdn.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action https://www.facebook.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com *.doubleclick.net *.infogram.com *.facebook.com *.googleadservices.com *.googlesyndication.com https://www.google.co.th *.kasikornbank.com *.googletagmanager.com *.pinterest.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.google.com *.addthis.com connect.facebook.net graph.facebook.com business.facebook.com https://plumrocket.com https://accounts.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google.com 'self' 'unsafe-inline'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com *.cloudflare.com https://cdn.klarna.com *.425degree.com *.425.degree https://www.trustmarkthai.com/ https://t.co https://www.google.co.th *.doubleclick.net *.facebook.com *.pinterest.com https://www.googletagmanager.com/ *.googleadservices.com *.paypal.com *.vimeocdn.com https://s.ytimg.com *.usercentrics.eu *.clarity.ms www.clarity.ms *.bing.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com i.ytimg.com *.youtube.com validator.swagger.io *.cdninstagram.com *.kxcdn.com *.twitter.com *.googleapis.com *.google.com *.gstatic.com *.fbcdn.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com *.cloudflare.com https://www.trustmarkthai.com/ https://chimpstatic.com/ *.twitter.com *.ads-twitter.com *.425.degree *.425degree.com https://googleads.g.doubleclick.net *.infogram.com *.facebook.com *.newrelic.com *.nr-data.net *.pinimg.com www.google-analytics.com *.googlesyndication.com *.trustedshops.com *.usercentrics.eu *.tiktok.com *.fullstory.com *.clarity.ms www.clarity.ms *.bing.com www.googleadservices.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com *.google.com *.gstatic.com cdn.ampproject.org connect.facebook.net googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.kasikornbank.com www.facebook.com graph.facebook.com business.facebook.com twitter.com https://accounts.google.com https://www.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.425degree.com *.fontawesome.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.googleapis.com *.google.com *.kxcdn.com *.gstatic.com downloads.mailchimp.com maxcdn.bootstrapcdn.com https://accounts.google.com https://www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.425.degree *.425degree.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.cloudflare.com *.pinterest.com *.paypal.com *.tiktok.com *.fullstory.com *.clarity.ms www.clarity.ms *.bing.com https://www.trustmarkthai.com/ https://t.co *.425.degree *.nr-data.net www.facebook.com www.google-analytics.com *.doubleclick.net www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com connect.facebook.net graph.facebook.com business.facebook.com https://accounts.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1 object-src 'none';base-uri 'self';script-src 'nonce-XRQ02AaBqKvlpBDnL0djUw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' data: *.hotjar.com *.hotjar.io *.googleusercontent.com *.appdynamics.com *.tiktok.com *.cloud.google.com *.fontawesome.com https://lc.golfbreaks.com https://alpha-lc.golfbreaks.com *.contentsquare.net *.cloudflarestream.com *.gstatic.com *.jsdelivr.net https://www.clarity.ms https://c.bing.com https://*.clarity.ms; img-src 'self' data: https: *.googletagmanager.com https://*.fullstory.com *.sleeknote.com *.cloudflarestream.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://flagcdn.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' optimize.google.com http://*.webtrends-optimize.com https://*.webtrends-optimize.com fonts.googleapis.com *.golfbreaks.com *.sleeknote.com *.feefo.com *.fontawesome.com *.jsdelivr.net; script-src 'self' 'self' data: 'unsafe-inline' 'unsafe-eval' https://*.webtrends-optimize.workers.dev https://lc.golfbreaks.com https://alpha-lc.golfbreaks.com https://api.feefo.com http://register.feefo.com wss://lc.golfbreaks.com wss://alpha-lc.golfbreaks.com optimize.google.com plausible.golfbreaks.com *.appdynamics.com *.tiktok.com *.pw.adn.cloud *.tealiumiq.com plausible.io *.trustpilot.com *.fontawesome.com *.sleeknote.com *.contentsquare.net *.newrelic.com *.contentstack.com https://*.fullstory.com *.google-analytics.com *.gstatic.com *.doubleclick.net *.googleapis.com *.videodelivery.net *.googleadservices.com *.quantummetric.com *.analytics.yahoo.com *.googletagmanager.com *.salesforceliveagent.com *.facebook.net *.jsdelivr.net *.bing.com http://*.hotjar.com https://*.hotjar.com http://*.webtrends-optimize.com https://*.webtrends-optimize.com http://*.hotjar.io https://*.hotjar.io *.tiqcdn.com https://visitor-service-eu-central-1.tealiumiq.com *.yimg.com *.golfbreaks.com bam.eu01.nr-data.net google.com polyfill.io https://c.bing.com https://*.clarity.ms https://unpkg.com/date-time-format-timezone@latest/build/browserified/date-time-format-timezone-complete-min.js https://cdnjs.cloudflare.com/ajax/libs/socket.io/3.0.4/socket.io.min.js; connect-src 'self' *.feefo.com *.bing.com *.pw.adn.cloud plausible.golfbreaks.com https://region1.analytics.google.com https://www.google.com/pagead/landing https://www.google.com/pagead/landing* *.eum-appdynamics.com *.cloudflarestream.com *.tiktok.com https://lc.golfbreaks.com https://alpha-lc.golfbreaks.com wss://lc.golfbreaks.com wss://alpha-lc.golfbreaks.com *.cloudflare.com data: cloudflare.com plausible.io *.tealiumiq.com https://collect.golfbreaks.com https://*.fullstory.com *.quantummetric.com https://google.com/pagead/form-data/1063337128 https://google.com/ccm/form-data/1063337128 https://cdn.jsdelivr.net/npm/@mdi/font@latest/css/materialdesignicons.min.css https://fonts.googleapis.com/css https://fonts.googleapis.com/css* http://*.webtrends-optimize.com https://*.webtrends-optimize.com *.sleeknote.com *.google-analytics.com *.googleusercontent.com *.salesforceliveagent.com images.contentstack.io *.contentsquare.net *.yimg.com *.facebook.com https://maps.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/* http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com *.fontawesome.com *.doubleclick.net accounts.google.com sentry.io videodelivery.net bam.eu01.nr-data.net https://*.clarity.ms https://cdnjs.cloudflare.com/ajax/libs/socket.io/3.0.4/socket.io.min.js; font-src 'self' data: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io *.fontawesome.com *.jsdelivr.net *.gstatic.com; frame-src 'self' *.doubleclick.net *.autoeurope.com *.trustpilot.com *.doubleclick.net *.cloudflarestream.com *.wufoo.com *.sleeknote.com optimize.google.com *.videodelivery.net https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io *.facebook.com *.tealiumiq.com *.centinelapistag.cardinalcommerce.com https://cdnjs.cloudflare.com/ajax/libs/socket.io/3.0.4/socket.io.min.js; child-src 'self' blob: *; media-src 'self' blob: *.google.com https://storage.googleapis.com/golfbreaks_public/ videodelivery.net *.googleusercontent.com *.cloudflarestream.com; form-action 'self' golfbreaks.secure.force.com *.facebook.com *.tealiumiq.com *.cs110.force.com *.salesforceliveagent.com; frame-ancestors 'self'; object-src 'self'; report-uri https://o246236.ingest.sentry.io/api/1470514/security/?sentry_key=aaa779434b65427fa3608b8938255828 1 font-src *.gstatic.com data: *.googleapis.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com https://cdnjs.cloudflare.com applepay.cdn-apple.com *.survicate.com https://github.com https://use.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com *.monetico-services.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.google.com *.doubleclick.net *.facebook.com *.monetico-services.com api.payplug.com secure.payplug.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cdninstagram.com *.google.fr data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.gstatic.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://cdnjs.cloudflare.com api.payplug.com applepay.cdn-apple.com https://cdn.payplug.com/js/integrated-payment/ survey.survicate.com sdk.privacy-center.org cdn.mouseflow.com *.clarity.ms 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://static.klaviyo.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.survicate.com *.typekit.net *.klaviyo.com *.clarity.ms 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.monetico-services.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://o2.mouseflow.com *.clarity.ms 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.sagepay.com use.typekit.net sagepay.com *.fontawesome.com *.global-e.com *.trustpilot.com *.bglobale.com *.postcodeanywhere.co.uk *.vimeocdn.com *.amazonaws.com *.appspot.com *.inov-8.com *.klarnaservices.com *.system.gnatta.com gnattawatchtower.blob.core.windows.net maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.sagepay.com *.facebook.com *.system.gnatta.com gnattawatchtower.blob.core.windows.net *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.google.com *.doubleclick.net *.facebook.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.sagepay.com *.hotjar.com *.hotjar.io *.typekit.net *.global-e.com *.trustpilot.com *.bglobale.com *.postcodeanywhere.co.uk *.vimeocdn.com *.amazonaws.com *.appspot.com *.inov-8.com *.criteo.com *.paypalobjects.com *.tend.io *.klarnaservices.com *.system.gnatta.com gnattawatchtower.blob.core.windows.net *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.wesupply.xyz *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.paypal.com *.sagepay.com ebizmarts-website.s3.amazonaws.com *.inov-8.com *.media.net *.teads.ty *.tremorhub.com *.dmxleo.com *.bluekai.com *.google.co.uk p.typekit.net *.cloudfront.net *.googleadservices.com *.google-analytics.com *.magentocommerce.com *.paypalobjects.com *.global-e.com *.trustpilot.com *.bglobale.com *.postcodeanywhere.co.uk *.amazonaws.com *.appspot.com *.simpli.fi *.criteo.com *.adnxs.com *.yahoo.com *.advertising.com *.yieldmo.com *.taboola.com *.bidswitch.net *.microad.jp *.stickyadstv.com *.rubiconproject.com *.mediavine.com *.bing.com *.omnitagjs.com *.mgid.com *.casalemedia.com *.openx.net *.tapad.com *.teads.tv *.outbrain.com *.dable.io *.3lift.com *.addthis.com *.smartadserver.com *.ad-stir.com *.smaato.net *.360yield.com *.pubmatic.com *.adtdp.com *.sharethrough.com *.revcontent.com *.meba.kr *.liadm.com *.rlcdn.com id5-sync.com *.postrelease.com *.turn.com *.thebrighttag.com *.nr-data.net *.klarnaservices.com *.klarna.com *.klarnacdn.net *.clmbtech.com *.krxd.net *.agkn.com *.mediawallahscript.com *.emxdgt.com *.system.gnatta.com gnattawatchtower.blob.core.windows.net https://maps.gstatic.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.sagepay.com *.nr-data.net *.pcapredict.com *.flixfacts.com *.loadbee.com *.isitetv.com use.typekit.net *.reevoo.com *.postcodeanywhere.co.uk *.hotjar.com *.fontawesome.com *.chimpstatic.com *.paypal.com *.cardinalcommerce.com *.braintreegateway.com *.yotpo.com *.global-e.com *.trustpilot.com *.bglobale.com *.amazonaws.com *.appspot.com *.inov-8.com *.tend.io *.criteo.com *.criteo.net *.dwin.1 *.dwin1.com *.dwin.com *.newrelic.com *.jsdelivr.net *.klarnaservices.com *.haircubed.com *.system.gnatta.com gnattawatchtower.blob.core.windows.net *.avada.io https://maps.googleapis.com maps.googleapis.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com cdn.dnky.co webchat.dotdigital.com *.sagepay.com *.pcapredict.com *.flixfacts.com *.loadbee.com *.isitetv.com *.typekit.net *.global-e.com *.trustpilot.com *.bglobale.com *.postcodeanywhere.co.uk *.vimeocdn.com *.amazonaws.com *.appspot.com 'self' data: *.inov-8.com *.klarnaservices.com *.klarna.com *.klarnacdn.net *.jsdelivr.net *.system.gnatta.com gnattawatchtower.blob.core.windows.net *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.s3.eu-west-2.amazonaws.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.paypal.com *.sagepay.com wss://ws3.hotjar.com/ *.hotjar.com *.reevoo.com *.global-e.com *.trustpilot.com *.bglobale.com *.postcodeanywhere.co.uk *.vimeocdn.com *.amazonaws.com *.appspot.com *.inov-8.com *.tend.io tend.io *.hotjar.io *.doubleclick.net *.nr-data.net *.klarnaservices.com *.system.gnatta.com gnattawatchtower.blob.core.windows.net https://get.geojs.io *.avada.io https://maps.googleapis.com www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 base-uri 'self';child-src 'none';connect-src 'self' https://*.polymarket.com wss://*.polymarket.com https://clob.polymarket.com wss://clob.polymarket.com https://*.walletconnect.com wss://*.walletconnect.com wss://*.walletconnect.org https://*.amplitude.com https://*.alchemy.com https://*.alchemyapi.io https://*.socket.tech https://api.goldsky.com https://api.goldsky.io https://assets.vercel.com https://vercel.live https://vercel.com https://vitals.vercel-insights.com https://auth.magic.link https://*.magic.link https://*.intercom.io wss://*.intercom.io https://polymarket-upload.s3.us-east-2.amazonaws.com https://*.polymarket.io https://*.coinbase.com https://va.vercel-scripts.com https://*.vercel-scripts.com https://va.vercel-scripts.com/v1/script.debug.js wss://ws.hotjar.com https://metrics.hotjar.io https://content.hotjar.io https://api.iconify.design https://*.google-analytics.com https://js.intercomcdn.com https://api-iam.intercom.io https://*.hotjar.com https://*.facebook.com https://*.facebook.net https://*.googletagmanager.com https://*.redditstatic.com https://*.reddit.com wss://*.pusher.com https://*.pusher.com https://polygon-rpc.com https://api.simplesvg.com/bx.json https://ib.adnxs.com https://d.adroll.com https://s.adroll.com https://acdn.adnxs.com https://api.unisvg.com wss://relay.walletconnect.org https://browser-intake-datadoghq.eu;default-src 'self';font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://fonts.intercomcdn.com https://vercel.live;form-action 'self';frame-ancestors 'self' https://auth.magic.link https://vercel.live;frame-src 'self' https://*.walletconnect.com https://*.walletconnect.org https://*.magic.link https://global.transak.com https://vercel.live;img-src 'self' data: https://polymarket-upload.s3.us-east-2.amazonaws.com https://assets.vercel.com https://*.walletconnect.com https://alb.reddit.com https://ib.adnxs.com https://www.facebook.com https://vercel.com;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' https://*.intercom.io https://*.hotjar.com https://*.googletagmanager.com www.googletagmanager.com https://js.intercomcdn.com https://www.redditstatic.com https://acdn.adnxs.com https://connect.facebook.net https://s.adroll.com https://d.adroll.com https://static.hotjar.com https://widget.intercom.io https://va.vercel-scripts.com https://vercel.live https://*.magic.link;style-src 'self' 'unsafe-inline';worker-src 'self' blob:;script-src-elem 'self' https://*.intercom.io https://*.hotjar.com https://*.googletagmanager.com www.googletagmanager.com https://js.intercomcdn.com https://www.redditstatic.com https://acdn.adnxs.com https://connect.facebook.net https://s.adroll.com https://d.adroll.com https://static.hotjar.com https://widget.intercom.io https://va.vercel-scripts.com https://vercel.live https://*.magic.link 'sha256-FZPlDlMTeqDORmlYE10RC9clHRS4T0hmr3qmUImTEgM=' 'sha256-LpaSOWbberseWm9imoaC+ysCWgKfj1BqQTvkK+3f49U=' 'sha256-VeMw0YWTQ3B/16lvulSWfWmvFDJ6h/Dh0ZlaDcC6Xsg=' 'sha256-v0BM73yv/5GaSIfLVBRC5helX8lhanqdp82VUN86fqY=' 'sha256-HmKQJyc9Oo37hDkYVR0w9K4eR1aaxe18l9d9v+MsRGM=';style-src-elem 'self' 'unsafe-inline' https://vercel.live;upgrade-insecure-requests true;report-to https://polymarket.uriports.com/reports/report;report-uri https://polymarket.uriports.com/reports/report; 1 font-src *.fontawesome.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.versapay.com *.paynup.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.versapay.com *.paynup.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.twitter.com *.paynup.com *.versapay.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.amazonaws.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.versapay.com *.paynup.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.ads-twitter.com *.pinimg.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.versapay.com *.paynup.com *.datadoghq.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.versapay.com *.paynup.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.pinterest.com *.googleapis.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.versapay.com *.paynup.com *.datadoghq.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://127.0.0.1/magento_os/; report-to report-endpoint; 1 script-src https: 'strict-dynamic' 'report-sample' 'nonce-QLJfwTOBvLO0ywvEBOM5fIiPkpMcJKgAMw2PrA1ihUs='; base-uri 'self';report-to csp-endpoint 1 script-src 'self' cdn.jsdelivr.net https://cdn.jsdelivr.net; script-src-attr 'self'; script-src-elem 'self' https://siteimproveanalytics.com https://js-agent.newrelic.com https://bam.nr-data.net cdn.jsdelivr.net https://cdn.jsdelivr.net; style-src 'self' https://cdn.jsdelivr.net https://fonts.googleapis.com; style-src-attr 'self'; frame-ancestors 'self' 1 default-src https:; connect-src https: wss:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob:; style-src 'unsafe-inline' https:; report-uri https://www.check24.net/csp-violation-ezmd9dpdxv7nb0ecejb9/ 1 script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=h3Y5BefFwvIDQcx9QnRmbjaNjDwCmF0CbA.QNhT9SLI-1711588204-1.0.1.1-JzvYYAsi1IVg98.t6Hj6DL6ot2QIp9PiRaAxbfJ81AhvmImDOnbyiQun._8BJSF0z757KlgToedBS3v7bYMMnHLN8DoXuAwDdOmidU.5jSxOMuzrfIsStT3YALRq8PS71KIkF2.exRY0So2zcokMVuFI.L9rY0sMzufnPrRFZQo; report-to cf-csp-endpoint 1 default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=show&source%5Bapp%5D=ShopifyAppStore&source%5Bcontroller%5D=merchant%2Fapp_details&source%5Buuid%5D=ec87705d-3651-4343-b0b6-e156b14eee72-1711588315 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: myhealthrecord.com cdn.pendo.io *.googleapis.com www.google.com cdn.honey.io api.myhealthrecord.com js-agent.newrelic.com bam.nr-data.net myhealthrecord.com:9999 data.pendo.io *.gstatic.com code.jquery.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 frame-ancestors 'none'; default-src 'self'; script-src 'self' 'unsafe-inline'; img-src 'self' static.sprintdatacenter.pl rapiddc.pl; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com; form-action 'self'; 1 default-src 'self'; style-src 'self'; script-src 'self' 1 object-src 'none';base-uri 'self';script-src 'nonce-82Fa7_lcdeLdgLN5JJRNQQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.googleapis.com https://www.gstatic.com https://cdnjs.cloudflare.com/ajax/libs/ *.fonts.googleapis.com *.fonts.gstatic.com https://cdn.livechatinc.com *.usablenet.com *.usgoldbureau.com *.yotpo.com data: https://cdn.jsdelivr.net/npm/ *.udev1a.net https://fonts.gstatic.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.portfolio-tracker-live.appspot.com https://s3.amazonaws.com/media.usgoldbureau.com/ *.bing.com *.bulliongoldprices.com https://cdnjs.cloudflare.com/ajax/libs/ *.criteo.com *.facebook.com *.fiztrade.com *.ggpht.com https://www.google.com/js/th/9RqR_46y14lOLTgsoa1biLhp441rUfLtAxLiebZ8deA.js *.google-analytics.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.livechatinc.com *.newrelic.com *.paypal.com *.paypalobjects.com *.riskified.com *.securetrust.com *.ubembed.com *.unbounce.com *.usablenet.com *.yotpo.com *.youtube.com *.ytimg.com *.criteo.net *.doubleclick.net *.facebook.net https://cdn.jsdelivr.net/npm/ *.nr-data.net *.online-metrix.net *.udev1a.net *.insight.adsrvr.org *.match.adsrvr.org https://pym.nprapps.org 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com https://s3.amazonaws.com/media.usgoldbureau.com/ *.portfolio-tracker-live.appspot.com https://portfolio-tracker-dev.appspot.com *.bing.com *.bulliongoldprices.com https://cdnjs.cloudflare.com/ajax/libs/ *.crazyegg.com *.criteo.com *.facebook.com *.fiztrade.com *.ggpht.com https://www.google.com/js/th/9RqR_46y14lOLTgsoa1biLhp441rUfLtAxLiebZ8deA.js *.google-analytics.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.livechatinc.com *.newrelic.com *.paypal.com *.paypalobjects.com *.riskified.com *.securetrust.com *.ubembed.com *.unbounce.com *.usablenet.com *.yotpo.com *.ytimg.com *.insight.adsrvr.org *.match.adsrvr.org *.criteo.net *.doubleclick.net *.facebook.net https://pym.nprapps.org https://cdn.jsdelivr.net/npm/ *.nr-data.net *.online-metrix.net *.udev1a.net https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.googleapis.com https://*.gstatic.com https://ad.360yield.com https://eb2.3lift.com https://e.dlx.addthis.com https://ib.adnxs.com https://secure.adnxs.com https://aa.agkn.com https://s3.amazonaws.com/media.usgoldbureau.com/ *.portfolio-tracker-live.appspot.com *.bing.com https://tags.bluekai.com *.bulliongoldprices.com https://r.casalemedia.com https://ade.clmbtech.com https://cdnjs.cloudflare.com/ajax/libs/ *.crazyegg.com *.criteo.com https://login.dotomi.com https://e1.emxdgt.com *.facebook.com *.fiztrade.com *.ggpht.com https://www.google.com/ads/ga-audiences https://www.google.com/pagead/1p-conversion/1037092911/ https://www.google.com/pagead/1p-conversion/961433705/ https://www.google.com/pagead/1p-user-list/1037092911/ https://www.google.com/pagead/1p-user-list/961433705/ *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com https://*.hsforms.com https://track.hubspot.com https://matching.ivitrack.com https://*.liadm.com *.livechatinc.com https://exchange.mediavine.com https://partner.mediawallahscript.com *.newrelic.com https://visitor.omnitagjs.com https://sync.outbrain.com *.paypal.com *.paypalobjects.com https://pippio.com https://jadserve.postrelease.com https://simage2.pubmatic.com https://trends.revcontent.com *.riskified.com https://idsync.rlcdn.com https://pixel.rubiconproject.com *.securetrust.com https://match.sharethrough.com https://rtb-csync.smartadserver.com https://tg.socdm.com https://ads.stickyadstv.com https://sync-t1.taboola.com https://pixel.tapad.com https://tapestry.tapad.com https://criteo-partners.tremorhub.com *.ubembed.com *.unbounce.com *.usablenet.com *.usgoldbureau.com https://ups.analytics.yahoo.com https://sync-criteo.ads.yieldmo.com *.yotpo.com *.ytimg.com https://www.google.de https://ad.tpmn.co.kr https://x.bidswitch.net *.d9hhrg4mnvzow.cloudfront.net *.criteo.net *.demdex.net *.doubleclick.net *.facebook.net https://cdn.jsdelivr.net/npm/ https://contextual.media.net *.nr-data.net *.online-metrix.net https://s.ad.smaato.net *.udev1a.net *.insight.adsrvr.org https://insight.adsrvr.org/track/evnt/ *.match.adsrvr.org https://match.adsrvr.org/track/cmb/generic https://match.adsrvr.org/track/cmf/generic https://criteo-sync.teads.tv https://*.google.com https://*.googleapis.com https://*.googleusercontent.com store.paradoxlabs.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com https://*.gstatic.com https://s3.amazonaws.com/media.usgoldbureau.com/ *.portfolio-tracker-live.appspot.com *.bing.com *.bulliongoldprices.com https://cdnjs.cloudflare.com/ajax/libs/ *.crazyegg.com *.criteo.com https://imgs.cdn-btsg.com *.fiztrade.com *.facebook.com *.ggpht.com https://www.google.com/js/th/9RqR_46y14lOLTgsoa1biLhp441rUfLtAxLiebZ8deA.js *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com https://js.hs-banner.com https://js.hs-scripts.com https://solutions.invocacdn.com *.kaptcha.com *.livechatinc.com *.paypal.com *.paypalobjects.com *.riskified.com https://beacon.riskified.com https://c.riskified.com *.securetrust.com *.ubembed.com *.unbounce.com *.usablenet.com *.usgoldbureau.com *.yotpo.com *.ytimg.com *.criteo.net *.doubleclick.net *.facebook.net https://js.hs-analytics.net https://js.hsadspixel.net https://js.hscollectedforms.net https://js.hsforms.net https://js.hsleadflows.net https://pnapi.invoca.net https://cdn.jsdelivr.net/npm/ *.online-metrix.net *.udev1a.net *.insight.adsrvr.org *.match.adsrvr.org https://pym.nprapps.org https://*.google.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.authorize.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://s3.amazonaws.com/media.usgoldbureau.com/ *.portfolio-tracker-live.appspot.com *.bing.com *.bulliongoldprices.com https://cdnjs.cloudflare.com/ajax/libs/ *.crazyegg.com *.criteo.com *.facebook.com *.fiztrade.com *.ggpht.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.livechatinc.com *.newrelic.com *.paypal.com *.paypalobjects.com *.riskified.com *.securetrust.com *.ubembed.com *.unbounce.com *.usablenet.com *.usgoldbureau.com *.yotpo.com *.youtube.com *.ytimg.com *.criteo.net *.doubleclick.net *.facebook.net https://cdn.jsdelivr.net/npm/ *.online-metrix.net *.nr-data.net *.udev1a.net https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.usablenet.com *.usgoldbureau.com *.youtube.com *.ytimg.com *.udev1a.net 'self' 'unsafe-inline'; manifest-src *.usgoldbureau.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.googleapis.com *.portfolio-tracker-live.appspot.com https://s3.amazonaws.com/media.usgoldbureau.com/ *.bing.com *.bulliongoldprices.com https://cdnjs.cloudflare.com/ajax/libs/ *.crazyegg.com *.criteo.com *.facebook.com *.fiztrade.com *.ggpht.com https://analytics.google.com https://www.google.com/js/th/9RqR_46y14lOLTgsoa1biLhp441rUfLtAxLiebZ8deA.js *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com https://*.hsforms.com https://api.hubapi.com https://forms.hubspot.com *.kaptcha.com *.livechatinc.com *.paypal.com *.paypalobjects.com *.riskified.com https://beacon.riskified.com https://c.riskified.com *.securetrust.com *.ubembed.com *.unbounce.com *.usablenet.com *.usgoldbureau.com *.yotpo.com *.youtube.com *.ytimg.com *.criteo.net *.doubleclick.net *.facebook.net https://forms.hscollectedforms.net https://cdn.jsdelivr.net/npm/ *.online-metrix.net https://com-usgoldbureau-dev1.mini.snplow.net/d620e/wc0 *.udev1a.net *.insight.adsrvr.org *.match.adsrvr.org https://pym.nprapps.org wss: https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.authorize.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.gstatic.com data: *.hotjar.com *.hotjar.io *.cloudfront.net data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.punchout2go.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com esqa.moneris.com www3.moneris.com *.dotdigital-pages.com *.dotdigital.com *.punchout2go.com data: e.bmr.co *.fls.doubleclick.net *.cloudfront.net *.hotjar.com *.hotjar.io insight.adsrvr.org www.facebook.net www.facebook.com *.google.ca *.moneris.com *.issuu.com notifications.wisepops.com wisepops.net https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.googleapis.com *.gstatic.com *.google.com *.googleusercontent.com *.trackedlink.net 'self' blob: data: www.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com maps.gstatic.com maps.googleapis.com www.bmr.ca *.hotjar.com *.hotjar.io *.cloudfront.net insight.adsrvr.org www.facebook.net www.facebook.com *.paypalobjects.com adserve.atedra.com cdn.wisepops.com tracking.wisepops.com dx4nr741tfc02.cloudfront.net wisp-production-storage.s3.amazonaws.com cdn.wisepops.net *.flippenterprise.net *.wishabi.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com *.google.com *.ggpht.com *.googleusercontent.com esqa.moneris.com www3.moneris.com polyfill.io *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal *.punchout2go.com data: e.bmr.co js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net *.g.doubleclick.net *.googletagmanager.com ssl.google-analytics.com www.google.com maps.googleapis.com s.yimg.com *.hotjar.com *.hotjar.io *.cloudfront.net r2-t.trackedlink.net connect.facebook.net connect.facebook.com www.gstatic.com z.moatads.com cdn.wisepops.com loader.wisepops.com app.getwisp.co wisepops.net cdn.wisepops.net plausible.io *.wishabi.com *.flippenterprise.net *.flipp.com *.flippback.com 'self' blob: https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.punchout2go.com www.gstatic.com *.hotjar.com *.hotjar.io *.cloudfront.net *.flippenterprise.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.googleapis.com *.gstatic.com *.google.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com bam.nr-data.net bam-cell.nr-data.net *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.hotjar.com *.hotjar.io s.yimg.com insights.algolia.io maps.googleapis.com www.facebook.com ct.pinterest.com activity.wisepops.com popup.wisepops.com tracking.wisepops.com app.getwisp.co wisepops.net plausible.io *.flippenterprise.net *.flippback.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /csp-report.php; report-to report-endpoint; 1 font-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://d1fxy698ilbz6u.cloudfront.net https://d3e26335nux8ic.cloudfront.net; img-src 'self' data: https://landia-logos.s3.amazonaws.com https://www.google-analytics.com https://www.facebook.com https://www.google.com https://www.google.cz https://d1fxy698ilbz6u.cloudfront.net https://d3e26335nux8ic.cloudfront.net https://twemoji.maxcdn.com https://cdn.jsdelivr.net; frame-src 'self' https://platform.twitter.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.amplitude.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://platform.twitter.com https://widget.trustpilot.com https://d1fxy698ilbz6u.cloudfront.net https://d3e26335nux8ic.cloudfront.net; default-src 'self' 'unsafe-inline'; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://d1fxy698ilbz6u.cloudfront.net https://d3e26335nux8ic.cloudfront.net https://region1.google-analytics.com https://region2.google-analytics.com https://region3.google-analytics.com https://www.facebook.com https://api.amplitude.com https://www.myreviews.ai; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://d1fxy698ilbz6u.cloudfront.net https://d3e26335nux8ic.cloudfront.net 1 object-src 'none';base-uri 'self';script-src 'nonce-6mDcSt1tpONiC5TqB_WVPQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 frame-ancestors 'self' https://app.contentful.com; default-src 'self' gap: ws: 'unsafe-inline' 'unsafe-eval' data: api.country.is vercel.live vercel.app *.vercel.live *.vercel.app safevisit.online contentful.com *.contentful.com *.googleapis.com *.youtube.com *.youtube-nocookie.com *.paypal.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.com.ph *.google.ca *.google.ie *.google.co.in *.facebook.com *.amazonaws.com *.cloudfront.net *.googletagservices.com pay.google.com *.s3.amazonaws.com google.com *.sitkagear.com js.narvar.com cdn.searchspring.net js.klarna.com manifest.webmanifest cdn.tailwindcss.com cdn.cookielaw.org api.yotpo.com cdn-widgetsrepository.yotpo.com *.yotpo.com *.searchspring.io *.bigcommerce.com *.locally.com *.ctfassets.net *.onetrust.com *.criteo.com *.avmws.com *.safevisit.online *.gtm-msr.appspot *.dynamic.criteo.com *.facebook.net *.klaviyo.com *.zdassets.com *.browser-intake-datadoghq *.vercel-insights.com *.csper.io klarnaservices.com *.klarnaservices.com *.datadoghq-browser-agent.com *.browser-intake-datadoghq.com *.gstatic.com *.bing.com *.typekit.net *.doubleclick.net *.bidswitch.net *.adnxs.com *.media.net *.rubiconproject.com *.smartadserver.com *.taboola.com *.aralego.com criteo-sync.teads.tv *.3lift.com *.yahoo.net *.socdm.com *.casalemedia.com *.dable.io *.adingo.jp *.stickyadstv.com *.360yield.com *.rlcdn.com *.outbrain.com *.pubmatic.com *.smaato.net *.clmbtech.com *.yieldmo.com *.klarnacdn.net vercel.com assets.vercel.com *.experticity.com 10974823.collect.igodigital.com *.collect.igodigital.com *.bazaarvoice.com gore-rebrand-fonts.surge.sh viev-fonts.surge.sh googleads.g.doubleclick.net envoydev.co track.securedvisit.com bh.contextweb.com stats.g.doubleclick.net public-prod-dspcookiematching.dmxleo.com match.adsrvr.org trends.revcontent.com match.sharethrough.com tapestry.tapad.com criteo-partners.tremorhub.com ad.tpmn.co.kr e1.emxdgt.com cm.g.doubleclick.net partner.mediawallahscript.com visitor.omnitagjs.com i.liadm.com exchange.mediavine.com 1f2e7.v.fwmrm.net tags.bluekai.com dpm.demdex.net ws-us3.pusher.co eu.klarnaevt.com sockjs-us3.pusher.com ws-us3.pusher.com aa.agkn.com track.sv.rkdms.com sync.crwdcntrl.net *.hotjar.com widget-mediator.zopim.com aorta.clickagy.com *.searchspring.net *.googlesyndication.com *.gorewear.com *.rebrand.gorewear.com rebrand.gorewear.com www.sandbox.paypal.com cdn.sand.us.zip.co localhost:* *.origin.gorewear.com origin.gorewear.com 1 object-src 'none';base-uri 'self';script-src 'nonce-B9Ku1HcGvh8NwTHMOmTGTw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' cdn.cookielaw.org chimpstatic.com tags.clickagy.com plugin.credova.com static.zdassets.com cdn.avmws.com d1igp3oop3iho5.cloudfront.net www.google-analytics.com s7.addthis.com ssl.avmws.com z.moatads.com v1.addthisedge.com m.addthis.com www.google.com www.gstatic.com; report-uri /.webscale/csp-report 1 script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' bam-cell.nr-data.net browser-update.org ekr.zdassets.com fonts.googleapis.com fonts.gstatic.com js-agent.newrelic.com maxcdn.bootstrapcdn.com multimedia.email.darkhorse.com *.tfaw.com static.zdassets.com tfaw.zendesk.com widget-mediator.zopim.com www.email.tfaw.com www.tfaw.com bam.nr-data.net js.stripe.com maps.googleapis.com www.gstatic.com www.google.com *.zendesk.com *.zopim.com *.static.zdassets.com c.tvpixel.com www.google-analytics.com connect.facebook.net www.googletagmanager.com www.dwin1.com unpkg.com commerce.adobedtm.com magento-recs-sdk.adobe.net www.googleadservices.com tpc.googlesyndication.com ssl-google-analytics.com translate.googleapis.com translate-pa.googleapis.com account.shareasale.com https://unpkg.com https://commerce.adobedtm.com https://magento-recs-sdk.adobe.net; report-uri /.webscale/csp-report 1 object-src 'none';base-uri 'self';script-src 'nonce-n3jdcYuE8y-E-SApVVG8GQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' *.antpedia.com v.antwebinar.com hmcdn.baidu.com hm.baidu.com m.baidu.com jspassport.ssl.qhimg.com *.google-analytics.com zz.bdstatic.com s.ssl.qhres.com sp0.baidu.com s.360.cn c.mipcdn.com wpa.qq.com res.wx.qq.com mp.weixin.qq.com msite.baidu.com ae.bdstatic.com share.baidu.com bdimg.share.baidu.com *.alicdn.com *.cn-hangzhou.log.aliyuncs.com *.dns-detect.alicdn.com browser.sentry-cdn.com push.zhanzhang.baidu.com po.srf.baidu.com toutong.baidu.com static.bshare.cn cdn.jsdelivr.net sentry.io *.googleapis.com *.cnzz.com api.map.baidu.com *.uc.cn uc.gre *.gstatic.com *.ucweb.com bshare.optimix.cn s2.pstatp.com *.googlesyndication.com *.googleadservices.com *.googletagmanager.com *.qhres2.com 'unsafe-inline' 'unsafe-eval'; img-src * data: ; frame-src https://*.qq.com https://*.antpedia.com https://*.g.doubleclick.net https://*.googlesyndication.com https://*.google.com webcompt:; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.erelocation.net www.google.com www.googletagmanager.com *.gstatic.com maxcdn.bootstrapcdn.com sp.tinymce.com kit-free.fontawesome.com www.google-analytics.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 default-src 'self'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com kit.fontawesome.com *.hsadspixel.net *.hs-analytics.net js.hscta.net *.hubspot.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net www.garp.org *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com; style-src 'self' 'unsafe-inline' *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net cdn2.hubspot.net www.garp.org static.hsappstatic.net; img-src https: 'self' 'unsafe-eval' js.hscta.net no-cache.hubspot.com *.hubspot.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net cdn2.hubspot.net *.hsforms.net *.hsforms.com s3-us-west-2.amazonaws.com; font-src 'self' ka-p.fontawesome.com; connect-src 'self' *.google.com *.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net *.vidyard.com *.fontawesome.com content.hotjar.io *.hotjar.com wss://wsp14.hotjar.com wss://wsp43.hotjar.com/api/v2/client/ws stats.g.doubleclick.net static.libsyn.com cdn.linkedin.oribi.io *.hubapi.com js.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com bat.bing.com hm.baidu.com; object-src 'none'; media-src 'self'; frame-src html5-player.libsyn.com forms.hsforms.com *.hubspot.com *.hs-sites.com *.hubspot.net play.hubspotvideo.com www.garp.org *.hsforms.net *.hsforms.com *.googletagmanager.com *.twitter.com *.facebook.com fast.wistia.net *.youtube.com; base-uri 'self'; report-to /csp-violation-report-endpoint/; 1 default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /errorendpoint.html 1 font-src *.cloudflare.com *.bootstrapcdn.com data: *.gstatic.com *.livechatinc.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com www.slidegeeks.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.facebook.com www.slidegeeks.com 'self' 'unsafe-inline'; frame-ancestors www.slidegeeks.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.trustpilot.com *.hotjar.com *.livechatinc.com *.doubleclick.net *.facebook.com *.addthis.com giphy.com gfycat.com *.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com www.slidegeeks.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io validate.fishpig.co.uk https://images.unsplash.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.ytimg.com *.adsymptotic.com *.googleadservices.com *.bing.com *.linkedin.com *.facebook.com *.facebook.net *.google.com *.google.co.in *.slideteam.net *.slidegeeks.com slidegeeks.com *.googletagmanager.com *.livechatinc.com *.pinterest.com *.doubleclick.net *.gravatar.com *.resultspage.com *.resultsdemo.com *.giphy.com *.clarity.ms *.quora.com *.lfeeder.com *.livechat-files.com www.slidegeeks.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.cloudflare.com *.scarabresearch.com *.trustpilot.com *.googletagmanager.com *.bing.com *.googleadservices.com *.licdn.com *.resultspage.com *.googleoptimize.com *.hotjar.com *.facebook.net *.doubleclick.net *.livechatinc.com *.addthis.com *.addthisedge.com *.formisimo.com *.moatads.com *.2checkout.com *.pinterest.com *.newrelic.com *.nr-data.net *.gravatar.com *.google.com *.clarity.ms *.jquery.com *.resultsdemo.com *.quora.com *.lfeeder.com www.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com www.slidegeeks.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline *.cloudflare.com *.bootstrapcdn.com *.resultspage.com *.resultsdemo.com *.googleapis.com data: www.slidegeeks.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.livechatinc.com www.slidegeeks.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cloudflare.com *.scarabresearch.com *.emarsys.net *.doubleclick.net *.addthis.com *.addthisedge.com *.livechatinc.com *.2checkout.com *.trustpilot.com *.hotjar.com *.nr-data.net *.bing.com *.clarity.ms *.quora.com wss://*.hotjar.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com www.slidegeeks.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.slidegeeks.com http: https: blob: 'self' 'unsafe-inline'; default-src www.slidegeeks.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://cdn.tagcommander.com https://cdnjs.cloudflare.com https://instant.page https://polyfill.io https://unpkg.com https://use.fontawesome.com https://www.google.com; script-src-attr 'self'; script-src-elem 'self' http://pero.securite-routiere.gouv.fr https://www.gstatic.com https://www.youtube.com https://s2.adform.net/banners/scripts/st/trackpoint-async.js https://server.adform.net/Serving/TrackPoint/ https://cstatic.weborama.fr https://cdn.jsdelivr.net https://cdn.tagcommander.com https://cdnjs.cloudflare.com https://instant.page https://polyfill.io https://unpkg.com https://use.fontawesome.com https://www.google.com; style-src 'self' code.ionicframework.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; style-src-attr 'self'; frame-ancestors 'self' 1 default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-b851ef85b8f54e8697330924365eaf12' https://my.baptistchart.com 'self';img-src https://* 'self' blob: data:;style-src https://my.baptistchart.com 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action 'self';media-src https://* 'self' blob:; 1 font-src fonts.gstatic.com use.typekit.net maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com * *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com s3-eu-west-1.amazonaws.com *.back.ecard.pledg.co *.front.ecard.pledg.co front.ecard.pledg.co hooks.stripe.com *.salecycle.com *.criteo.com *.hotjar.com *.facebook.net * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://images.unsplash.com *.retif.eu *.hsforms.net *.hsforms.com * *.googleapis.com *.ggpht.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com jquery.sellxed.com https://cdnjs.cloudflare.com s3-eu-west-1.amazonaws.com *.back.ecard.pledg.co *.front.ecard.pledg.co *.nr-data.net *.newrelic.com *.iadvize.com *.cookielaw.org *.bing.com *.pinimg.com *.hotjar.com *.salecycle.com *.facebook.net *.licdn.com *.hsforms.net *.hsforms.com *.googleapis.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com * *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io s3-eu-west-1.amazonaws.com *.back.ecard.pledg.co *.front.ecard.pledg.co *.nr-data.net *.facebook.net t.elasticsuite.io *.hsforms.net *.hsforms.com * *.google.com *.gstatic.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://js.monitor.azure.com/ https://pfw-prod-ukwest-safespaceonline.azurewebsites.net/ https://translate.google.com/ https://translate.googleapis.com/ https://translate-pa.googleapis.com/ https://qvdt3feo.com/ https://track.zpbt.uk/ https://acdn.adnxs.com/ https://tags.srv.stackadapt.com/ https://track.zpbt.uk/ https://bat.bing.com/ https://googleads.g.doubleclick.net/ https://static.hotjar.com/ https://script.hotjar.com/ https://code.jquery.com/ https://challenges.cloudflare.com/ https://www.youtube.com/ https://performance.radar.cloudflare.com/ https://api.reciteme.com/asset/js https://connect.facebook.net/ https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/ https://js-agent.newrelic.com https://www.google-analytics.com/ https://www.googleoptimize.com/ https://www.googletagmanager.com/; style-src 'report-sample' 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://pfw-prod-ukwest-safespaceonline.azurewebsites.net/ https://tags.srv.stackadapt.com/ https://track.zpbt.uk/ https://www.gstatic.com/ https://api.reciteme.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://analytics.zpbt.uk/ https://vc.hotjar.io/ https://adservice.google.com/ https://www.google.co.uk/ https://translate.googleapis.com/ https://ukwest-0.in.applicationinsights.azure.com/ https://apps.parcelforce.com/ https://event.zpbt.uk/ https://bat.bing.com/ https://googleads.g.doubleclick.net/ https://web.facebook.com/ https://stats.reciteme.com/ https://pagead2.googlesyndication.com/ https://www.facebook.com/ https://api.reciteme.com https://bam.nr-data.net https://consentcdn.cookiebot.com https://analytics.google.com/ https://region1.analytics.google.com/ https://region1.google-analytics.com/ https://stats.g.doubleclick.net https://tags.srv.stackadapt.com https://www.google-analytics.com https://www.google.com; font-src 'self' data: https://pfw-prod-ukwest-safespaceonline.azurewebsites.net/ https://fonts.gstatic.com/ https://api.reciteme.com; frame-src 'self' https://googleads.g.doubleclick.net/ https://www.google.com/ https://tpc.googlesyndication.com/ https://td.doubleclick.net/ https://servedby.flashtalking.com/ https://web.facebook.com/ https://in-app.eastmidlandsrailway.co.uk/ https://www.youtube.com/ https://challenges.cloudflare.com/ https://www.facebook.com/ https://consentcdn.cookiebot.com/; img-src 'self' data: https://www.google.bg/pagead/ https://pagead2.googlesyndication.com/ https://images.journeys.zip/ https://www.gstatic.com/ https://pfw-prod-ukwest-safespaceonline.azurewebsites.net/ https://bat.bing.com/ https://ib.adnxs.com/ https://reporting.eastmidlandsrailway.co.uk/ https://connect.facebook.net/ https://fonts.gstatic.com/ https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://api.reciteme.com https://c.tile.openstreetmap.org https://www.facebook.com https://www.google-analytics.com https://www.googletagmanager.com/ https://www.google.co.uk https://www.google.com; manifest-src 'self'; media-src 'self' https://api.reciteme.com/; worker-src blob:; report-uri https://altcom.report-uri.com/r/d/csp/reportOnly; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' data: *.vimeocdn.com fonts.googleapis.com; img-src 'self' data: secure.gravatar.com www.gravatar.com www.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com; connect-src 'self' *.vimeo.com www.google-analytics.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' data: *.vimeo.com *.vimeocdn.com; child-src 'self' data: *.vimeo.com *.vimeocdn.com; 1 default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-2d285c5ac6724638a84b77deb8f02d4f' https://vs-mychart.franciscanalliance.org 'self';img-src https://* 'self' blob: data:;style-src https://vs-mychart.franciscanalliance.org 'self' 'unsafe-inline';form-action 'self';media-src https://* 'self'; 1 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; report-uri https://19bba7008ff399c64da2bc7f455a3431.report-uri.com/r/d/csp/reportOnly 1 script-src 'nonce-bWXJ0JvboK8Xzcl8ArrZxA==' 'strict-dynamic' https: 'unsafe-inline' 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=UELS4b0KSYWm42aVXCSWhghxK7Zc2_UGTnANBzcFH3Mm_YhmbHD7aBdf4c0tURljRu3x&policy_id=9&user_id=&request_id=e655442b-904a-492b-a387-938aa6501554; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1 default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.com.br https://www.myheritage.com.br 'unsafe-eval' 'nonce-86ac40ea1283929cd67382eb701602aa' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.com.br;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1 font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com 'self' data: cdn.honey.io www.cadburygiftsdirect.co.uk www.greenandblacks.co.uk data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.cardinalcommerce.com *.paypal.com https://plumrocket.com www.cadburygiftsdirect.co.uk www.greenandblacks.co.uk 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.cadburygiftsdirect.co.uk www.greenandblacks.co.uk 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co *.hotjar.com *.google.com *.facebook.com *.trustpilot.com *.criteo.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://plumrocket.com *.googleapis.com *.weltpixel.com ssl.kaptcha.com www.zenaps.com td.doubleclick.net api.lytics.io c.lytics.io acs.apata.io tpc.googlesyndication.com www.paypalobjects.com www.rsa3dsauth.co.uk channel-cards-html.lloydsbankinggroup.com secure5.arcot.com gateway.zscalertwo.net www.cadburygiftsdirect.co.uk www.greenandblacks.co.uk 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.google.com *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.linkedin.com *.googletagmanager.com gallery.mailchimp.com *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com 'self' data: bat.bing.com www.google.co.uk cdn.cookielaw.org c.clarity.ms services.postcodeanywhere.co.uk cm.g.doubleclick.net c.lytics.io www.google.co.in www.awin1.com www.zenaps.com www.google.co.za blob www.google.com.sg www.google.ca www.google.com.au www.google.ie track.webgains.com www.google.de c.bing.com www.google.fr www.google.co.il connect.facebook.net www.google.si www.google.es www.google.com.pk www.bing.com www.google.co.jp www.google.ch www.google.com.bd www.google.com.my www.google.com.vn www.google.com.bh www.google.mu www.facebook.com www.cadburygiftsdirect.co.uk www.greenandblacks.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.avada.io *.paypal.com *.google.com *.googletagmanager.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytics.com *.trustpilot.com cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com cdn.mouseflow.com s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com unpkg.com cdn.cookielaw.org vccp.github.io www.dwin1.com bat.bing.com cdn-assets.rapidspike.com static.queue-it.net assets.queue-it.net cadburygiftsdirect.queue-it.net hemin11112.pcapredict.com amplify.outbrain.com analytics.webgains.io services.postcodeanywhere.co.uk c.lytics.io tr.outbrain.com assets.zendesk.com www.zenaps.com www.google.com api.lytics.io tpc.googlesyndication.com connect.facebook.net www.clarity.ms www.cadburygiftsdirect.co.uk www.greenandblacks.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net unsafe-inline *.gstatic.com tagmanager.google.com services.postcodeanywhere.co.uk c.lytics.io cdn.honey.io www.cadburygiftsdirect.co.uk www.greenandblacks.co.uk 'self' 'unsafe-inline'; object-src www.cadburygiftsdirect.co.uk www.greenandblacks.co.uk 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com www.bing.com www.cadburygiftsdirect.co.uk www.greenandblacks.co.uk 'self' 'unsafe-inline'; manifest-src www.cadburygiftsdirect.co.uk www.greenandblacks.co.uk 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://get.geojs.io *.avada.io *.paypal.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.clarity.ms *.facebook.com *.datatrics.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.facebook.net https://www.google-analytics.com cdn.cookielaw.org geolocation.onetrust.com region1.analytics.google.com rum-05d92538-8011-49f4-95f8-6a4b84b6991e.rapidspike.com tr.outbrain.com worldtimeapi.org bat.bing.com services.postcodeanywhere.co.uk privacyportal-de.onetrust.com google.com pay.google.com adservice.google.com www.google.co.uk api.webgains.io writer.cardinalcommerce.com data www.wepowerconnections.com www.google.com.sg www.google.com spay.samsung.com kg668dbov0.execute-api.us-east-1.amazonaws.com www.google.com.au cdn.linkedin.oribi.io www.google.co.il www.google.es www.google.ie www.google.com.pk www.google.co.in www.google.nl properties blob www.google.com.bd www.google.de www.google.com.vn www.google.mu www.cadburygiftsdirect.co.uk www.greenandblacks.co.uk 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.cadburygiftsdirect.co.uk www.greenandblacks.co.uk http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com edgeshoppingstatic.azureedge.net www.cadburygiftsdirect.co.uk www.greenandblacks.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; base-uri www.cadburygiftsdirect.co.uk www.greenandblacks.co.uk 'self' 'unsafe-inline'; report-uri /csp_reporter.php; 1 font-src *.typekit.net https://cdnjs.cloudflare.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ js.stripe.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.googletagmanager.com *.hotjar.com *.botnation.ai *.avis-verifies.com www.zenaps.com www.facebook.com *.myspectro.io *.kxcdn.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.bing.com *.google.com *.avis-verifies.com *.netreviews.eu lacompagniedesanimauxfr.twgdns.com *.clarity.ms bat.bing.com www.facebook.com *.gstatic.com https://www.google.fr https://api.mapbox.com *.tile.openstreetmap.org https://maps.googleapis.com https://maps.gstatic.com data: 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.stripe.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.shipup.co *.bing.com *.facebook.net *.doubleclick.net *.hotjar.com *.dwin1.com *.twenga.fr *.newrelic.com *.avis-verifies.com *.nr-data.net https://cdnjs.cloudflare.com *.plugins.emarsys.net *.scarabresearch.com *.botnation.ai www.remisesetprivileges.fr www.zenaps.com the.sciencebehindecommerce.com *.clarity.ms connect.facebook.net assets.emarsys.net https://www.googletagmanager.com tagmanager.google.com *.myspectro.io *.kxcdn.com s.kk-resources.com *.avada.io https://maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.typekit.net *.jsdelivr.net https://fonts.googleapis.com https://cdnjs.cloudflare.com *.fontawesome.com *.botnation.ai tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.doubleclick.net *.scarabresearch.com *.eservice.emarsys.net *.botnation.ai www.remisesetprivileges.fr the.sciencebehindecommerce.com *.clarity.ms bam.nr-data.net *.fact-finder.de *.fact-finder.com *.fact-finder.co.uk *.fact-finder.fr *.fact-finder.pl *.fact-finder.it *.fact-finder.at *.fact-finder.ch *.fact-finder.cloud *.myspectro.io *.kxcdn.com s.kelkoogroup.net *.hotjar.com https://get.geojs.io *.avada.io https://nominatim.openstreetmap.org 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://www.zenaps.com https://player.vimeo.com https://isitetv.com https://ln-rules.rewardstyle.com https://e.issuu.com https://recaptcha.net https://tr.snapchat.com https://*.translate.naver.net https://*.hotjar.com https://*.akamaihd.net https://*.attn.tv https://www.shoplooks.com blob: https://app.qubit.com https://*.abtasty.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.hotjar.com https://*.parcellab.com https://privacyportal-eu.onetrust.com https://*.contentsquare.net https://*.criteo.com https://*.qubit.com https://*.qubitproducts.com https://horizon-api.www.lookfantastic.ie https://*.abtasty.com https://www.lookfantastic.ie/e2/ds/relay https://horizon-api.www.lookfantastic.ie/graphql https://*.ingest.sentry.io https://s1.thcdn.com; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn blob: data: https://*.abtasty.com https://*.gstatic.com https://*.googleapis.com; form-action 'self' https://www.facebook.com https://*.lookfantastic.com https://checkout.lookfantastic.ie https://www.glossybox.co.uk https://www.glossybox.se https://www.glossybox.com https://connect.facebook.net https://*.snapchat.com https://www.lookfantastic.com.sg https://www.glossybox.at https://www.glossybox.ch https://www.glossybox.de https://www.glossybox.fi https://www.glossybox.fr https://www.glossybox.ie https://www.glossybox.no https://www.glossybox.dk https://www.lookfantastic.cn; frame-ancestors 'self' https://live.lookfantastic.ie; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https: blob:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://*.google-analytics.com https://*.google.com https://google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://static.criteo.net https://*.criteo.com https://remote.captcha.com https://*.akamaihd.net https://ssl.bing.com https://ln-rules.rewardstyle.com https://*.baidu.com https://recaptcha.net https://*.sciencebehindecommerce.com https://sc-static.net https://*.shoplooks.com https://slooks.top https://slooks.me https://*.translate.naver.net https://*.microsofttranslator.com https://*.hotjar.com https://*.attn.tv https://*.trustpilot.com https://*.bing.com https://*.doubleclick.net https://s.pinimg.com https://static.ads-twitter.com https://*.google.co.uk https://google.co.uk https://lantern.roeyecdn.com https://lantern.roeye.com https://analytics.tiktok.com https://*.ibytedtos.com https://static.thgcdn.cn https://geolocation.onetrust.com https://*.contentsquare.net https://app.contentsquare.com https://static.goqubit.com https://*.qubit.com blob: https://*.abtasty.com https://s1.thcdn.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://www.shoplooks.com https://static.shoplooks.com https://static.thgcdn.cn https://cdn.parcellab.com https://*.abtasty.com https://*.gstatic.com https://s1.thcdn.com; upgrade-insecure-requests; report-to report-endpoint; 1 frame-ancestors 'none'; base-uri 'none'; default-src 'none'; object-src 'self'; media-src 'self'; connect-src 'self' https://www.google-analytics.com https://api-adresse.data.gouv.fr https://grenoblealpesmetropole.matomo.cloud; img-src https: data:; frame-src https:; form-action 'self' https://harpe.grenoble.fr; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; font-src https: data:; report-uri /include/csp.php 1 font-src fonts.gstatic.com use.typekit.net *.fontawesome.com https://cdnjs.cloudflare.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.facebook.com 3dsecure.nexi.it *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.nexigroup.com *.redsys.es *.sia.eu *.vinea.es *.ing.ro *.landbank.com *.eewosecure.com *.sibs.ro *.mercurypaymentservices.it *.netsgroup.com *.cic.fr *.creditmutuel.fr *.modirum.com *.secure.lcl.fr *.arcot.com www.securesuite.co.uk *.wlp-acs.com *.otpbank.hu *.3ds-hanseaticbank.de *.abanca.com *.securesuite.co.uk *.revolut.com *.apata.io *.ing.com *.psa.at *.stripeauthentications.com www.secure22gw.ro *.secure22gw.ro *.winbank.gr *.piraeusbank.gr www.rsa3dsauth.co.uk *.n26.com *.egcp.com *.cardcomplete.com *.sibs.pt *.swedbank.se *.3dsecure.no *.citibank.pl 3dsecure-vrp.de *.3dsecure-vrp.de *.consorsfinanz.de *.emlpayments.com *.bnpparibas.pl *.pluscard.de *.sgb.pl *.cm-cic.com *.edb.com *.cyris.com *.garantibank.ro *.kombank.com:8449 *.pkobp.pl *.sebkort.com *.enfuce.com:* *.cardcenter.ch *.bankmillennium.pl *.nbg.gr *.easybank.at *.bpcprocessing.com *.capitalone.com *.kbcard.com *.sparebank1.no *.viseca.ch *.luottokunta.fi *.csi-processing.com *.cld.asseco-see.hr *.bankid.no *.ibotta.com *.marqeta.com *.raiffeisen.hu *.fisglobal.com *.3debspay.boc.cn *.btrl.ro *.sparkassen-kreditkarten.de *.firstdata.de *.bonuscard.ch *.cornercard.ch *.dkb.de *.sparkasse.at *.uobgroup.com *.bkm.com.tr *.garanti.com.tr *.acb.com.vn:* *.borica.bg *.hdbank.com.vn:* *.kredobank.com.ua *.mbank.pl *.s-id-check-sparkassen.de *.six-group.com *.sbanken.no *.credit-agricole.pl *.samsungcard.com *.mycardplace.com *.otpbanka.hr *.apac.citibank.com *.monzo.com *.alinma.com *.rsa3dsauth.com rsa3dsauth.com easyabc.95599.cn *.easyabc.95599.cn *.bov.com *.ipc.kg *.oschadbank.ua *.qnb.com *.seglan.com *.placetopay.com *.postfinance.ch *.leobank.az *.maybank.com.sg *.raiffeisenbank.rs *.tatrabanka.sk *.ocbc.com *.cupdapp.cn *.fssnet.co.in *.gc.ge *.luminorgroup.com *.swisscard.ch *.targobank.de *.bankofafrica.ma *.rba.hr *.privatbank.ua *.3dsecure-csas.cz *.smartsecure.tsys.co.uk *.ccb.com.cn *.2c2p.com *.bci.cl *.commerzbank.de mycardsecure.com *.mycardsecure.com *.citadele.lv *.creditcard.ecitic.com *.monext.fr *.pekao24.pl *.nonghyup.com *.acs.cmbchina.com *.comdirect.de *.mutuauniversal.net *.centrum24.pl *.acdcproc.com *.akbank.com.tr *.paylife.at *.hanacard.co.kr:* *.ufc.ge *.gpesecure.com *.cafis-paynet.jp *.lloydsbankinggroup.com *.mitid.dk *.nccc.com.tw *.cebbank.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.sharethis.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.gigya.com pay.google.com consentcdn.cookiebot.com www.youtube.com vimeo.com *.facebook.com https://www.yumpu.com/ *.snapchat.com *.doubleclick.de *.doubleclick.ne *.doubleclick.net *.sc-static.net sc-static.net *.container.webgains.link 3dsecure.nexi.it *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.recaptcha.net *.google.com *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.nexigroup.com *.redsys.es *.sia.eu *.vinea.es *.ing.ro *.landbank.com *.eewosecure.com *.sibs.ro *.mercurypaymentservices.it *.netsgroup.com *.cic.fr *.creditmutuel.fr *.modirum.com *.secure.lcl.fr *.arcot.com www.securesuite.co.uk *.wlp-acs.com *.otpbank.hu *.3ds-hanseaticbank.de *.abanca.com *.securesuite.co.uk *.revolut.com *.apata.io *.ing.com *.psa.at *.stripeauthentications.com www.secure22gw.ro *.secure22gw.ro *.winbank.gr *.piraeusbank.gr www.rsa3dsauth.co.uk *.n26.com *.egcp.com *.cardcomplete.com *.sibs.pt *.swedbank.se *.3dsecure.no *.citibank.pl 3dsecure-vrp.de *.3dsecure-vrp.de *.consorsfinanz.de *.emlpayments.com *.bnpparibas.pl *.pluscard.de *.sgb.pl *.cm-cic.com *.edb.com *.cyris.com *.garantibank.ro *.kombank.com:8449 *.pkobp.pl *.sebkort.com *.enfuce.com:* *.cardcenter.ch *.bankmillennium.pl *.nbg.gr *.easybank.at *.bpcprocessing.com *.capitalone.com *.kbcard.com *.sparebank1.no *.viseca.ch *.luottokunta.fi *.csi-processing.com *.cld.asseco-see.hr *.bankid.no *.ibotta.com *.cardinalcommerce.com *.marqeta.com *.raiffeisen.hu *.fisglobal.com *.3debspay.boc.cn *.btrl.ro *.sparkassen-kreditkarten.de *.firstdata.de *.bonuscard.ch *.cornercard.ch *.dkb.de *.sparkasse.at *.uobgroup.com *.bkm.com.tr *.garanti.com.tr *.acb.com.vn:* *.borica.bg *.hdbank.com.vn:* *.kredobank.com.ua *.mbank.pl *.s-id-check-sparkassen.de *.six-group.com *.sbanken.no *.credit-agricole.pl *.samsungcard.com *.mycardplace.com *.otpbanka.hr *.apac.citibank.com *.monzo.com *.alinma.com *.rsa3dsauth.com rsa3dsauth.com easyabc.95599.cn *.easyabc.95599.cn *.bov.com *.ipc.kg *.oschadbank.ua *.qnb.com *.seglan.com *.placetopay.com *.postfinance.ch *.leobank.az *.maybank.com.sg *.raiffeisenbank.rs *.tatrabanka.sk *.ocbc.com *.cupdapp.cn *.fssnet.co.in *.gc.ge *.luminorgroup.com *.swisscard.ch *.targobank.de *.bankofafrica.ma *.rba.hr *.privatbank.ua *.3dsecure-csas.cz *.smartsecure.tsys.co.uk *.ccb.com.cn *.2c2p.com *.bci.cl *.commerzbank.de mycardsecure.com *.mycardsecure.com *.citadele.lv *.creditcard.ecitic.com *.monext.fr *.pekao24.pl *.nonghyup.com *.acs.cmbchina.com *.comdirect.de *.mutuauniversal.net *.centrum24.pl *.acdcproc.com *.akbank.com.tr *.paylife.at *.hanacard.co.kr:* *.ufc.ge *.gpesecure.com *.cafis-paynet.jp *.lloydsbankinggroup.com *.mitid.dk *.nccc.com.tw *.cebbank.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net commerce.adobe.io widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com *.sharethis.com *.gigya.com 'self' data: 'unsafe-inline' data: *.magentosite.cloud panini.it *.googleapis.com *.gstatic.com bam.nr-data.net www.panini.it www.paninibelgium.com www.panini.co.il www.panini.es www.panini.co.uk www.panini.fr www.panini.ch www.panininederland.com www.paninihungary.com www.panini.pl www.paniniportugal.com www.paninistore.com www.panini.ro www.panini.com.gr www.panini.de collectibles.paniniamerica.net www.paninisuomi.com www.paninisverige.com www.paninidanmark.com www.panininorge.com *.bing.com ib.adnxs.com *.facebook.com *.tiktok.com *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.cookiebot.com *.doubleclick.net *.google.com *.google.it *.google.fr *.google.es *.google.be *.twitter.com *.store-cdc-us-collectibles.collectibles.paniniamerica.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.sharethis.com jquery.sellxed.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.gigya.com https://cdnjs.cloudflare.com *.panini.it *.facebook.net *.googleapis.com js-agent.newrelic.com bam.eu01.nr-data.net bam.nr-data.net consent.cookiebot.com consentcdn.cookiebot.com *.clarity.ms cdn.noibu.com wss://*.noibu.com https://*.noibu.com *.queue-it.net *.bing.com *.sc-static.net sc-static.net *.adnxs.com *.acdn.adnxs.com acdn.adnxs.com https://players.yumpu.com *.snapchat.com *.facebook.com *.connect.facebook.net connect.facebook.net *.ads-twitter.com *.google.com *.google.it *.recaptcha.net *.tiktok.com analytics.webgains.io *.webgains.link *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.collectibles.paniniamerica.net *.paniniamerica.net *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.cardinalcommerce.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.sharethis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com 'unsafe-inline' data: *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com js-agent.newrelic.com *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.collectibles.paniniamerica.net *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net qa-api.magedevteam.com *.adyen.com *.sharethis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.panini.it *.gigya.com *.pnn.webformat.cloud *.googleapis.com consentcdn.cookiebot.com consent.cookiebot.com *.facebook.com google.com/pay pay.google.com wss://*.noibu.com https://*.noibu.com bam.nr-data.net paninitutor-be-stage.nw.r.appspot.com paninitutor-be-prod.nw.r.appspot.com clarity.ms *.clarity.ms paniniadrenalyn.com *.paniniadrenalyn.com paninitutor-be-stage.appspot.com paninitutor-be-prod.appspot.com *.snapchat.com *.google.com *.google.it *.doubleclick.net *.pagead2.googlesyndication.com *.tiktok.com *.webgains.io *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.bing.com *.google.fr *.google.es *.google.be *.googlesyndication.com *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.cardinalcommerce.com t.elasticsuite.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src wss://*.noibu.com https://*.noibu.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';report-uri https://www.panini.es/shp_esp_es/webformat_csptools/report/; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com *.gstatic.com *.facebook.net 1.a79ab95c1589a13f8a4cab612bc71f9f7.com *.googleapis.com *.davivienda.com www.daviplata.com eloqua.code-labs.com m.serlefin.com *.doubleclick.net tags.bkrtx.com www.google.com.co 1.c81358859121583b7adf2ace89cb39f44.com *.bluekai.com analytics.google.com www.googletagmanager.com region1.analytics.google.com *.daviplata.com adservice.google.com 1.b406929acabac9b095f124c81bdfcf57f.com chatdaviplata.com *.facebook.com use.typekit.net www.youtube.com www.google-analytics.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 report-uri /api/csp 1 object-src 'none';base-uri 'self';script-src 'nonce-AmDvHUsFu1_e-2y-3c2Zvw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 base-uri 'none'; object-src 'none'; report-uri https://nellie.booking.com/csp-report-uri?type=report&tag=146&pid=45f218e1a0cd0093&e=UmFuZG9tSVYkc2RlIyh9YYYdGuViorKPca0QRNWMpDqS0QSIUtFz3jRHPxBSQnxH; script-src 'self' 'nonce-o53kbNVChENtzSb' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: 'sha256-47mKTaMaEn1L3m5DAz9muidMqw636xxw7EFAK/YnPdg=' 'sha256-iry7oJKoKJ+9HSjmU3E1TlRlpSesJWZ1vapuUz2MP38=' 1 report-uri https://r4com.report-uri.io/r/default/csp/reportOnly 1 default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.co.uk ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com *.google-analytics.com *.analytics.google.com sanalytics.spreadshirt.co.uk *.spreadshirt.co.uk ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.google-analytics.com *.analytics.google.com *.spreadshirt.co.uk ; font-src 'self' https: data: *.spreadshirt.co.uk ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.co.uk ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.co.uk ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1 default-src https: 'unsafe-inline' 'unsafe-eval' data:; media-src https: blob: data:; child-src https: blob:; report-uri https://sentry.io/api/72071/csp-report/?sentry_key=4fb747b409644084ba393c5ab7399d16; 1 font-src use.fontawesome.com https://static.lyra.com/static/ payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com https://cdnjs.cloudflare.com https://cdn.segment.com https://api.segment.io https://*.hokodo.co www.googleservices.com *.google.com *.gstatic.com *.googleapis.com *.fontawesome.com fonts.googleapis.com fonts.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://connect-v2.fintecture.com https://connect-v2-sbx.fintecture.com *.facebook.com https://secure.lyra.com/vads-payment/ https://api.lyra.com/api-payment/ https://static.lyra.com/static/ 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.youtube.com vars.hotjar.com cdn.krxd.net *.criteo.com *.criteo.net *.googlesyndication.com *.google.com *.avis-verifies.com *.force.com *.facebook.com *.facebook.net secure-gateway.hipay-tpp.com *.hipay.com https://secure.lyra.com/vads-payment/ https://static.lyra.com/static/ payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com https://*.hokodo.co *.addthis.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.swagger.io https://assets.fintecture.com *.bing.com www.google.fr beacon.krxd.net maps.gstatic.com *.yahoo.com *.advertising.com *.liadm.com *.yieldmo.com *.smaato.net *.rubiconproject.com *.ad-stir.com *.addthis.com *.doubleclick.net *.outbrain.com *.smartadserver.com *.adnxs.com *.casalemedia.com *.360yield.com *.pubmatic.com *.adform.net *.demdex.net *.openx.net *.yieldlab.net *.omnitagjs.com *.taboola.com *.adscale.de *.teads.tv *.media.net *.3lift.com *.bidswitch.net *.criteo.com *.sharethrough.com *.ivitrack.com *.rlcdn.com *.stickyadstv.com *.fwmrm.net *.tribalfusion.com *.e-planning.net ea.coffrefortplus.com *.facebook.com *.postrelease.com *.thebrighttag.com *.bluekai.com *.tapad.com *.mgid.com *.tremorhub.com *.kargo.com *.adsrvr.org *.clmbtech.com *.smartclip.net maps.google.com *.googletagmanager.com openstreetmap.org maps.googleapis.com *.clarity.ms easyshare.group-label.com *.quanta.io *.d-bi.fr *.privacy-center.org https://secure.lyra.com/static/latest/images/type-carte/ https://static.lyra.com/static/ https://secure.lyra.com/vads-payment/ payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com https://img.youtube.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ bat.bing.com static.zdassets.com ea.coffrefortplus.com t.contentsquare.net *.krxd.net *.hotjar.com az693360.vo.msecnd.net front.activation.beyable.com api.ipify.org secure-gateway.hipay-tpp.com mpsnare.iesnare.com *.hipay.com polyfill.io *.googleapis.com *.cartsguru.io *.criteo.net *.criteo.com *.googlesyndication.com *.addthis.com *.radiateurplus.com *.snapcall.io *.privacy-center.org *.clarity.ms *.quanta.io *.d-bi.fr *.salesforceliveagent.com service.force.com group-label.my.salesforce.com *.googleoptimize.com *.facebook.com *.facebook.net https://api.lyra.com/api-payment/ https://static.lyra.com/static/ payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com https://cdnjs.cloudflare.com https://cdn.segment.com https://*.hokodo.co s7.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com *.avada.io maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com use.fontawesome.com *.force.com *.hipay.com https://static.lyra.com/static/ payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.googleapis.com *.fontawesome.com fonts.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.zdassets.com data: mpsnare.iesnare.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com bat.bing.com in.hotjar.com ekr.zdassets.com coffrefortplus.zendesk.com wss://widget-mediator.zopim.com geoip.animabri.com *.carts.guru *.hotjar.io *.googlesyndication.com *.doubleclick.net *.zendesk.com *.snapcall.io *.googleadservices.com *.google.fr maps.googleapis.com *.clarity.ms *.axept.io *.force.com *.muscula.com *.caast.tv *.privacy-center.org *.hipay.com wss://mpsnare.iesnare.com https://secure.lyra.com/vads-payment/ https://api.lyra.com/api-payment/ payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com https://cdn.segment.com https://api.segment.io https://*.hokodo.co ekr.zdassets.com/ *.addthis.com https://get.geojs.io *.avada.io t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://secure.lyra.com/vads-payment/ https://api.lyra.com/api-payment/ https://static.lyra.com/static/ *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-GI76kNw74M9vcuVTr-S66w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src-attr 'self' 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; report-uri https://www.inalco.fr/report-uri/reportOnly 1 font-src *.fontawesome.com fonts.gstatic.com data: use.typekit.net static.nacongaming.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com api.bazaarvoice.com stg.api.bazaarvoice.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com www.google.com www.youtube.com amc.demdex.net vars.hotjar.com www.facebook.com static.nacongaming.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com network-eu-stg.bazaarvoice.com network-eu.bazaarvoice.com network-eu-a.bazaarvoice.com media.nacongaming.com scaleflex.ultrafast.io axeptio.imgix.net www.google.fr www.facebook.com static.nacongaming.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com network-eu.bazaarvoice.com network-eu-stg.bazaarvoice.com www.google.com www.gstatic.com script.hotjar.com static.hotjar.com connect.facebook.net anltc-v2.bigben.fr analytics.tiktok.com www.googleoptimize.com static.nacongaming.com static.axept.io anltc.bigben.fr 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com display.ugc.bazaarvoice.com *.fontawesome.com fonts.googleapis.com use.typekit.net p.typekit.net static.nacongaming.com 'self' 'unsafe-inline'; object-src static.nacongaming.com 'self' 'unsafe-inline'; media-src *.adobe.com static.nacongaming.com media.nacongaming.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com www.facebook.com in.hotjar.com stats.g.doubleclick.net anltc-v2.bigben.fr axeptio.imgix.net static.nacongaming.com client.axept.io api.axept.io anltc.bigben.fr 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 child-src 'self' app.pendo.io *.youtube.com; default-src * 'unsafe-inline'; font-src 'self' fonts.gstatic.com https://fonts.intercomcdn.com data:; frame-src 'self' https://challenges.cloudflare.com app.pendo.io *.plaid.com js.stripe.com *.youtube.com https://*.doubleclick.net https://a20898485993.cdn.optimizely.com https://a20898485993.cdn-pci.optimizely.com https://www.facebook.com/ https://tpc.googlesyndication.com; img-src 'self' *.guideline.io cms-assets.guideline.com data.pendo.io cdn.pendo.io app.pendo.io pendo-static-6259783729020928.storage.googleapis.com www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://www.facebook.com ads-twitter.com *.bing.com *.microsoft.com https://*.adsymptotic.com https://t.co https://*.linkedin.com https://cdn.optimizely.com https://analytics.twitter.com https://cdn.cookielaw.org https://trkn.us https://www.gravatar.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercomassets.com https://*.intercomusercontent.com alb.reddit.com data:; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' https://challenges.cloudflare.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com 'unsafe-eval' 'nonce-94d816f35f9facb5b1976176315904df' 'strict-dynamic'; worker-src 'self' *.youtube.com; base-uri 'self'; frame-ancestors 'self' app.pendo.io https://*.squareup.com https://squareup.com https://*.squareupstaging.com https://squareupstaging.com https://*.checkhq.com https://*.eddy.com https://eddy.com https://app.belfrysoftware.com https://*.joinwarp.com https://*.monograph.com https://central.inc; report-uri https://sentry2.guideline.tools/api/6/security/?sentry_key=f678b7ad3eade55e6da26393e869e420; 1 font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.mercadolibre.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.trackedlink.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.mlstatic.com *.mercadopago.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.mercadopago.com *.mercadolibre.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com www.facebook.com platform.twitter.com *.weltpixel.com www.xtento.com *.fw-cdn.com/20195190/105526.js https://widget.freshworks.com *.freshchat.com googleapis.com *.googleapis.com googletagmanager.com *.googletagmanager.com googlesyndication.com *.googlesyndication.com google.com *.google.com google.co.nz *.google.co.nz doubleclick.net *.doubleclick.net staticcdn.co.nz *.staticcdn.co.nz newrelic.com *.newrelic.com nr-data.net *.nr-data.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com *.gstatic.com www.xtento.com cdn.xtento.com *.fw-cdn.com/20195190/105526.js https://widget.freshworks.com *.freshchat.com googleapis.com *.googleapis.com googletagmanager.com *.googletagmanager.com googlesyndication.com *.googlesyndication.com google.com *.google.com google.co.nz *.google.co.nz doubleclick.net *.doubleclick.net staticcdn.co.nz *.staticcdn.co.nz newrelic.com *.newrelic.com nr-data.net *.nr-data.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com connect.facebook.net twitter.com platform.twitter.com https://www.googletagmanager.com tagmanager.google.com unpkg.com *.maxmind.com www.xtento.com cdn.xtento.com *.fw-cdn.com/20195190/105526.js https://widget.freshworks.com *.freshchat.com googleapis.com *.googleapis.com googlesyndication.com *.googlesyndication.com google.com *.google.com google.co.nz *.google.co.nz doubleclick.net *.doubleclick.net staticcdn.co.nz *.staticcdn.co.nz newrelic.com nr-data.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com maxcdn.bootstrapcdn.com tagmanager.google.com *.fw-cdn.com/20195190/105526.js https://widget.freshworks.com *.freshchat.com googletagmanager.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.google-analytics.com *.mmapiws.com *.fw-cdn.com/20195190/105526.js https://widget.freshworks.com *.freshchat.com googleapis.com *.googleapis.com googletagmanager.com *.googletagmanager.com googlesyndication.com *.googlesyndication.com google.com *.google.com google.co.nz *.google.co.nz doubleclick.net *.doubleclick.net staticcdn.co.nz *.staticcdn.co.nz newrelic.com nr-data.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' blob:; img-src 'self' data: *; media-src * blob:; script-src 'self' https://kapsch.net https://www.kapsch.net https://*.usercentrics.eu https://service-proxy-logger-wfcmkywozq-ey.a.run.app https://*.albacross.com https://www.clarity.ms *.googletagmanager.com *.google-analytics.com data: *.googleadservices.com *.google.com *.googlesyndication.com snap.licdn.com cdn.linkedin.oribi.io px.ads.linkedin.com analytics.twitter.com *.ads-twitter.com kapsch.matomo.cloud cdn.matomo.cloud noembed.com *.youtube.com *.soundcloud.com vimeo.com tools.euroland.com 'unsafe-inline' 'unsafe-eval' googleads.g.doubleclick.net connect.facebook.net 'unsafe-eval' blob: streamer.a1.net webcast.a1.net vjs.zencdn.net 'report-sample'; connect-src 'self' https://*.usercentrics.eu https://service-proxy-logger-wfcmkywozq-ey.a.run.app https://*.albacross.com https://www.clarity.ms *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.google.com *.googlesyndication.com snap.licdn.com cdn.linkedin.oribi.io px.ads.linkedin.com analytics.twitter.com *.ads-twitter.com kapsch.matomo.cloud cdn.matomo.cloud noembed.com *.youtube.com *.soundcloud.com vimeo.com streamer.a1.net webcast.a1.net; frame-src 'self' https: https:; style-src 'self' 'unsafe-inline' hello.myfonts.net streamer.a1.net webcast.a1.net vjs.zencdn.net; font-src 'self' data:; manifest-src 'self'; report-uri /csp-violation-report/ 1 font-src https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ *.criteo.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.multisafepay.com https://pay.google.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cloudfront.net www.google.nl permalink.psinfoodservice.com www.facebook.com *.linkedin.com squeezely.tech *.bing.com *.criteo.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com *.multisafepay.com maps.gstatic.com ts.tradetracker.net www.magmodules.eu *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.doubleclick.net *.criteo.com *.criteo.net squeezely.tech instant.page *.licdn.com *.bing.com consent.cookiebot.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com s7.addthis.com *.avada.io *.multisafepay.com https://pay.google.com maps.googleapis.com www.gstatic.com tm.tradetracker.net https://www.googletagmanager.com tagmanager.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com maxcdn.bootstrapcdn.com *.multisafepay.com www.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.doubleclick.net *.criteo.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com ekr.zdassets.com/ https://get.geojs.io *.avada.io *.multisafepay.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.gstatic.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com geowidget.easypack24.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.sharethis.com *.twitter.com accounts.google.com secure.payu.com merch-prod.snd.payu.com *.doubleclick.net vars.hotjar.com *.facebook.com m.goadservices.com apis.google.com www.google.com *.cookiebot.com ams.creativecdn.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.sharethis.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net static.payu.com trustmate.io www.google.pl csr.onet.pl bbnaut.ibillboard.com rm.em.nscontext.eu mc.yandex.ru rtb-csync.smartadserver.com connect.facebook.net *.tile.openstreetmap.org geowidget.easypack24.net maps.gstatic.com maps.googleapis.com *.doubleclick.net kodano.pl ade.googlesyndication.com bat.bing.com qon-csts3.quartic.com.pl c.seznam.cz payment.ecommerce.sebgroup.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com *.avada.io accounts.google.com secure.payu.com secure.snd.payu.com trustmate.io *.hotjar.com mc.yandex.ru *.goadservices.com geowidget.easypack24.net maps.googleapis.com *.pushpushgo.com apis.google.com js-agent.newrelic.com *.cookiebot.com bat.bing.com *.tiktok.com *.smartsuppcdn.com www.smartsuppchat.com *.crazyegg.com bam.eu01.nr-data.net static.cloudflareinsights.com *.quarticon.it *.quarticon.com *.quartic.com.pl *.ar-labs.io tags.creativecdn.com c.imedia.cz c.seznam.cz nominatim.openstreetmap.org 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com fonts.googleapis.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com accounts.google.com trustmate.io geowidget.easypack24.net *.quartic.com.pl widget-v3.smartsuppcdn.com www.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com https://get.geojs.io *.avada.io accounts.google.com secure.payu.com merch-prod.snd.payu.com trustmate.io mc.yandex.ru *.doubleclick.net *.analytics.google.com api-shipx-pl.easypack24.net pagead2.googlesyndication.com maps.googleapis.com *.cookiebot.com *.tiktok.com *.smartsupp.com *.smartsuppcdn.com *.smartsuppchat.com *.crazyegg.com bam.eu01.nr-data.net *.quarticon.it *.ar-labs.io www.google.com ams.creativecdn.com region1.google-analytics.com nominatim.openstreetmap.org 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://szkla0com.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.bueroshop24.de ad.yieldlab.net img.youtube.com *.googleadservices.com www.google.de adservice.google.com sync-criteo.ads.yieldmo.com app.usercentrics.eu jadserve.postrelease.com *.taboola.com e1.emxdgt.com *.bidswitch.net *.criteo.com www.awin1.com *.paypal.com *.yahoo.net www.google.com public-prod-dspcookiematching.dmxleo.com a.twiago.com wss://umd.userlike.com simage2.pubmatic.com *.gstatic.com *.rubiconproject.com bat.bing.com *.smartadserver.com the.sciencebehindecommerce.com *.casalemedia.com dais.bueroshop24.de www.dwin1.com uct.service.usercentrics.eu em.guenstiger.de graphql.usercentrics.eu userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-operators.userlike.com match.sharethrough.com cmodul.solutenetwork.com *.b-cdn.net cdn.mouseflow.com cdn.honey.io *.adform.net api.usercentrics.eu www.googletagmanager.com www.google.at criteo-sync.teads.tv api.userlike.com criteo-partners.tremorhub.com ad.360yield.com www.google.nl *.criteo.net aggregator.service.usercentrics.eu id5-sync.com ib.adnxs.com *.facebook.com assets.bueroshop24.de *.doubleclick.net o2.mouseflow.com consent-api.service.consent.usercentrics.eu matching.ivitrack.com contextual.media.net *.outbrain.com www.google.ch visitor.omnitagjs.com analytics.fatmedia.io eb2.3lift.com exchange.mediavine.com www.wepowerconnections.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 object-src 'none';base-uri 'self';script-src 'nonce-GdJZDDnB8Ws0NH47vjJwIQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 report-uri /_/csp-reports 1 font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com 'self' data: cdn.honey.io www.greenandblacks.co.uk www.cadburygiftsdirect.co.uk data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.cardinalcommerce.com *.paypal.com https://plumrocket.com www.greenandblacks.co.uk www.cadburygiftsdirect.co.uk 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.cadburygiftsdirect.co.uk www.greenandblacks.co.uk 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co *.hotjar.com *.google.com *.facebook.com *.trustpilot.com *.criteo.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://plumrocket.com *.googleapis.com *.weltpixel.com ssl.kaptcha.com www.zenaps.com td.doubleclick.net api.lytics.io c.lytics.io acs.apata.io tpc.googlesyndication.com www.paypalobjects.com www.rsa3dsauth.co.uk channel-cards-html.lloydsbankinggroup.com secure5.arcot.com gateway.zscalertwo.net www.greenandblacks.co.uk www.cadburygiftsdirect.co.uk 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.google.com *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.linkedin.com *.googletagmanager.com gallery.mailchimp.com *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com 'self' data: bat.bing.com www.google.co.uk cdn.cookielaw.org c.clarity.ms services.postcodeanywhere.co.uk cm.g.doubleclick.net c.lytics.io www.google.co.in www.awin1.com www.zenaps.com www.google.co.za blob www.google.com.sg www.google.ca www.google.com.au www.google.ie track.webgains.com www.google.de c.bing.com www.google.fr www.google.co.il connect.facebook.net www.google.si www.google.es www.google.com.pk www.bing.com www.google.co.jp www.google.ch www.google.com.bd www.google.com.my www.google.com.vn www.google.com.bh www.google.mu www.facebook.com www.greenandblacks.co.uk www.cadburygiftsdirect.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.avada.io *.paypal.com *.google.com *.googletagmanager.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytics.com *.trustpilot.com cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com cdn.mouseflow.com s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com unpkg.com cdn.cookielaw.org vccp.github.io www.dwin1.com bat.bing.com cdn-assets.rapidspike.com static.queue-it.net assets.queue-it.net cadburygiftsdirect.queue-it.net hemin11112.pcapredict.com amplify.outbrain.com analytics.webgains.io services.postcodeanywhere.co.uk c.lytics.io tr.outbrain.com assets.zendesk.com www.zenaps.com www.google.com api.lytics.io tpc.googlesyndication.com connect.facebook.net www.clarity.ms www.greenandblacks.co.uk www.cadburygiftsdirect.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net unsafe-inline *.gstatic.com tagmanager.google.com services.postcodeanywhere.co.uk c.lytics.io cdn.honey.io www.greenandblacks.co.uk www.cadburygiftsdirect.co.uk 'self' 'unsafe-inline'; object-src www.greenandblacks.co.uk www.cadburygiftsdirect.co.uk 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com www.bing.com www.greenandblacks.co.uk www.cadburygiftsdirect.co.uk 'self' 'unsafe-inline'; manifest-src www.greenandblacks.co.uk www.cadburygiftsdirect.co.uk 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://get.geojs.io *.avada.io *.paypal.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.clarity.ms *.facebook.com *.datatrics.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.facebook.net https://www.google-analytics.com cdn.cookielaw.org geolocation.onetrust.com region1.analytics.google.com rum-05d92538-8011-49f4-95f8-6a4b84b6991e.rapidspike.com tr.outbrain.com worldtimeapi.org bat.bing.com services.postcodeanywhere.co.uk privacyportal-de.onetrust.com google.com pay.google.com adservice.google.com www.google.co.uk api.webgains.io writer.cardinalcommerce.com data www.wepowerconnections.com www.google.com.sg www.google.com spay.samsung.com kg668dbov0.execute-api.us-east-1.amazonaws.com www.google.com.au cdn.linkedin.oribi.io www.google.co.il www.google.es www.google.ie www.google.com.pk www.google.co.in www.google.nl properties blob www.google.com.bd www.google.de www.google.com.vn www.google.mu www.greenandblacks.co.uk www.cadburygiftsdirect.co.uk 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.greenandblacks.co.uk www.cadburygiftsdirect.co.uk http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com edgeshoppingstatic.azureedge.net www.greenandblacks.co.uk www.cadburygiftsdirect.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; base-uri www.greenandblacks.co.uk www.cadburygiftsdirect.co.uk 'self' 'unsafe-inline'; report-uri /csp_reporter.php; 1 connect-src 'self'; default-src 'self'; font-src 'self' https://fonts.googleapis.com data:; frame-src 'self'; img-src 'self'; object-src 'self'; script-src 'self' 'sha256-FZL9wRPxhODNXTMLPAzJeMF6/bBMez8pCJgUGC2I27w=' 'sha256-VIuZeiDoEGhPwHlSmouYL2zK/++F5Oa/NFSaX974JCw=' 'sha256-mLFjRlurOZiQ/39Q05BOaNiGRyjWCTFNWhvR5XkQna4=' 'sha256-si/G7U6YqPCqvuOxuNu+pPvPsnp10TXSUNnpjo4o2E8=' 'sha256-3cxnJf8CDp9v9IE/tMoZHTxdQ0jKVEVpmBeN8YcRySA=' 'sha256-OIvam6gdRSMb4vEcvNxnkh28xoHZAgvfTYMqEKnZ4t4=' 'sha256-JKnfXJEksU6GW8RXQGgAP8It2YFYiWB9a6298Z1CVrM=' 'sha256-i4aadpZdid9j3HWHuZI+cIZm1yMlOqVl90CLm0iEl+8=' 'sha256-8D8dEPWVT29qx5X7YYOS4LgaFRv7TWXZru0XP0gTbzg=' 'sha256-kYTWsL3eyz2tbAz4uBgUleoRWTrBffDFMCwOjoXTu2c=' 'sha256-RhSW3VHyIM33OkPY6gg7vrL2NcW5Ms/WbNRvQiwKoYc=' 'sha256-wA5TFYqUzoSGtPZwm8SESTMYr8hZGT/fGZOzbR47kdE=' 'sha256-71FQZ/vodBjadye5uztg7ATFhoyFQYRg/3WQkgfmcMk=' 'sha256-q+o79s/2v3kyn2KgqNj5UMXu6GhJL3C1AR4DgavQYTs=' 'sha256-S6Erfq/TqN8CQj1PfcDLOezVwgyf7DHr/RdgKtqag2M='; style-src 'self' 'sha256-HDYY6U2YJ1OY+bJ5Wfjr2rSQUWfvwIH2JVCtfSjiHPM=' 'sha256-boOol+9NcNYVRpBCSxWeVXPJG0KEcLU/n9ueQidQj3g=' 'sha256-14ckDx3ADOkTfI7ebHbVrmc4RWA8SOdT5AkIYYRSI1g=' 'sha256-o6B1a8BlPsZTLfzSobFT2K+/3Wb3SKUnv21dJj2trO8=' 'sha256-MzotFeyrBPipKDZyID3daFCpYv7umnM7iR1mL99bl7o=' 'sha256-FZL9wRPxhODNXTMLPAzJeMF6/bBMez8pCJgUGC2I27w=' 'sha256-uhyS4TPnOhChCIC9Q/iAQRc8lGfiwN4r1qJcDwNlZR8=' 'sha256-rvCyiQext9QozGia0vXBtjNI2/CnZLvpIWUAxnVm1lo=' 'sha256-6YITkiQ50pHESOjJXub82weWZ7wrdlHd1GN2R78XThI=' 'sha256-yei2dyOJ9Ii+YSeSfZjhNDbA0aWM8uFhjAiO0N2XGtM=' 'sha256-+17AcPK/e5AtiK52Z2vnx3uG3BMzyzRr4Qv5UQsEbDU=' 'sha256-XQ9IIzofSpnsaWUrxgeXIJi+l/iPTcWjVx5ypSCX3V8=' 'sha256-Y4YhHFCyo/BREYP/C8B4z2tIfioIaXiEC560yu0Ne2Q=' 'sha256-ndWczpqXxcKKxPONpaJxM3neXUh3n67sITst3+bycOg=' 'sha256-a4ayc/80/OGda4BO/1o/V0etpOqiLx1JwB5S3beHW0s=' 'sha256-A9V1T7VGV+t+cMXQLwgAKNpNq5NlSUu0cB7zZq8hIr8=' 'sha256-nl4fY3q3DWeRc9tyOng7cHKyMNe9p5d5nHQyUV+C37o=' 'sha256-Nqnn8clbgv+5l0PgxcTOldg8mkMKrFn4TvPL+rYUUGg=' 'sha256-CsN4k1ceJXYtNa6wVQiOk1kqaTWC0dpbSWmp5lieZyE=' 'sha256-qMEuaMl/cJMddT7wKc2NUkzu1yM4fmtzluf3UeMtLLE=' 'sha256-bvnLuy6LpOOT3gDS8p8t314E1W+9iSw0YMOFoyuwiCg=' 'sha256-jBFvfUl7e9k6ujv6uP5817BV+6MND47rKTrIeDhs/98=' 'sha256-QJduzSZApOX4KPuxtdNIOha0CCcphDMXZYXwSFB5iVw=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-9f+IbnZyB9cVT8/xwky9rVVg3LjHInh9MAiva41lZUk=' 'sha256-s/0mrZeE2ueCh3YgZMc8e7OPYI5HSYWEIQf8DaWQaho=' 'sha256-jKGNV7cDpHhn8R9qBJKtiwZIe+33CJqvJm4QrCsX1+0=' 'sha256-dE8X1QbEDDbRcMzk/2HZfE+PaphXlbxT1p2ZdA3VI08=' 'sha256-rm1iUR3vQ3weFX82s2Bv5nbYicbnipX9l2Eb7Ma5Bls=' 'sha256-qRYXPWgeO8DQuggZ5e4ZR8dTMC/u02bYUqKzzTizqAQ=' 'sha256-x/qMT1N4vhfyww3Cl8YyRuexGUTI5ZEw/ZCb86FvIdg=' 'sha256-Nq/OmXCOfffss2QwvNQBZPlL66Fp7KiYwxbhk6p8ulI=' 'sha256-neXcSvRDrd+qMWPGbWJTgyBVFZbdQY8UNZnGhBnxWbw=' 'sha256-mOMG43/8xEDVjdiQbtThixKcS+7CBkAVIZRXWH+l6fw=' 'sha256-vJaQjoEuS/N0MsRKg88KDGnW/7aZlaANfgAw1oeZAYk=' 'sha256-gXy6cGSHvJazs4nCOyks/yFsmrMvrc7fMfWcSzbPn7Q=' 'sha256-LNi1Y8jJd/EPl6sOEHx/J9b21TwWE4pnMmL/ghNxG/Y=' 'sha256-mrDPQSVDIM447aXVd1Xrz7tyYK/AKKv8+p6V+RohaK0=' 'sha256-7M/cpUhDJzkbOFhJUdcQBCRvF3q8d17vp+MygbNtyAw=' 'sha256-W847s+S8mJ0eXC/jm9rdeMEIMDBbTKJnZgQVq4pyk/A=' 'sha256-vLmWL7Grjd8Oav9rqfwV96WtQpvWqtNg3nOI/QQ3bxI=' 'sha256-iUD3g5BH52ycwdWlB3gOOx2JLCquec01EGpdZIfrMaM=' 'sha256-DMzVrH5fz011rpndyEYxmtcP1tTBQt69VIjpQxfYwRo=' 'sha256-tanm74LMzksD1LMJ9nL1q86GepxZoQI0FpLmofQiRiQ=' 'sha256-A/lFqc0v3WZCu/tAktIkGcq3Rwe5KMiF1VunTnlgb4g=' 'sha256-DmrgTjCfZUR0Y/6REq5QsMK7A/vVsC4d1N47OzFcW3E=' 'sha256-oNhK4QQU2pEV0OM6x64xt7raZpRAP3to3QphoXRSfbw=' 'sha256-vN1Qw2Me22uzWuR59eE1pMeOOE3ehoUYa+bO90TMCD4=' 'sha256-zmN9tWjgDrggZ7+jYb6TGt9VsC5bhRO49OWy0sHHjJ4=' 'sha256-PDv7PK7p4vec7tI/1XbvDMwahytuLYN1Ul7CMcw1gHY=' 'sha256-/kXZODfqoc2myS1eI6wr0HH8lUt+vRhW8H/oL+YJcMg=' 'sha256-xK//ASB2GoP3vH742KHL80RY3VDP0olmt+9lxHrKo7g=' 'sha256-VPK3ArT17yU9wkJRM82RcoWcitp49uzM6yeEP8L9a0k=' https://fonts.googleapis.com; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=Hnzt8gAF3.993V40qNzz8o84q4f8d7cHWz8g4AIXQjI-1711588952-1.0.1.1-UFfW3QMoIW2.lFXc9sOVhyZ4KOdeA6UuxTQGHmnlvmf2F.Tkh.hkxriO3GL0Y6ft12FI9e0aBqWEi8qaACoFopzcJWc_GyvMMkwUCtFNx2kOODJgJOfjdBgBMRagXAsIbT6XsqIggohyUkOJr3uuhgR.7vJy5IO7.KGPXnt5tBWFJEF8OkFL0AmCNDuHPUEmcGXlQncSfK0NI09ptJ.Kvw; report-to cf-wamzqlcxzqtophvd 1 default-src 'self' data: gap: *.klarna.com *.freshchat.com *.vimeo.com *.youtube.com *.whittard.co.uk *.whittard.com mention-me.com *.zenaps.com *.sub2tech.com *.gstatic.com *.facebook.com *.bglobale.com *.global-e.com *.onetrust.com *.windows.net *.whittardofchelsea.freshdesk.com *.tvsquared.com; img-src data: blob: *.demandware.net *.commercecloud.salesforce.com *.ads.linkedin.com *.demdex.net *.amazonaws.com *.ometria.com *.googletagmanager.com *.facebook.net *.facebook.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.doubleclick.net *.googleapis.com *.google-analytics.com *.googleadservices.com *.google.com *.whittard.co.uk *.whittard.com *.postcodeanywhere.co.uk *.pcapredict.com *.zmags.com *.yotpo.com *.tokywoky.com img.tokywoky.com *.klarnaservices.com *.klarnacdn.net *.mention-me.com *.awin1.com *.dwin1.com bda.bookatable.com i.ytimg.com *.contentsquare.net *.contentsquare.com *.sub2tech.com *.cloudfront.net *.youtube.com *.vimeo.com bat.bing.com *.zenaps.com *.msgfocus.com *.fbsbx.com *.fbcdn.net graph.facebook.com *.zscloud.net *.googleusercontent.com *.klarnaevt.com i.vimeocdn.com *.surveymonkey.com *.kaltura.com *.gocertify.me *.bglobale.com *.global-e.com *.bc0a.com *.b0e8.com *.onetrust.com *.windows.net *.particularaudience.com *.p-a.io *.googleanalytics.com *.google-analytics.com *.googleoptimize.com *.tvsquared.com analytics.whittard.com analytics.whittard.co.uk ade.googlesyndication.com *.abtasty.com; child-src 'self' blob: *.abtasty.com *.studentbeans.com *.google.com *.doubleclick.net *.facebook.com *.tokywoky.com *.freshchat.com mention-me.com *.mention-me.com *.klarna.com *.klarnaservices.com bda.bookatable.com *.sub2tech.com *.youtube.com *.vimeo.com *.zenaps.com *.googlesyndication.com *.online-metrix.net *.pagetiger.com *.googletagmanager.com connect.studentbeans.com *.zmags.com *.googleapis.com *.surveymonkey.com *.paperform.co paperform.co *.ordergroove.com *.worldpay.com *.cardinalcommerce.com *.gocertify.me *.bglobale.com *.global-e.com whittardofchelsea.freshdesk.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.postcodeanywhere.co.uk *.pcapredict.com *.bootstrapcdn.com *.myfonts.net cdnjs.cloudflare.com *.yotpo.com *.freshchat.com *.mention-me.com *.sub2tech.com bda.bookatable.com *.zmags.com *.klarnacdn.net *.whittard.co.uk *.whittard.com *.ordergroove.com *.particularaudience.com *.p-a.io *.google.com *.amazonaws.com *.abtasty.com *.gstatic.com; font-src 'self' data: *.gstatic.com *.g.doubleclick.net *.bootstrapcdn.com *.yotpo.com *.bookatable.com *.zmags.com *.alicdn.com *.klarnacdn.net *.whittard.co.uk *.whittard.com *.ordergroove.com *.fontawesome.com *.bglobale.com *.global-e.com *.abtasty.com *.googleapis.com use.typekit.net; media-src 'self' data: *.facebook.com *.youtube.com *.vimeo.com *.paypal.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' snap.licdn.com code.jquery.com *.pinimg.com *.cquotient.com *.ometria.com *.tryzens-analytics.com:12443 *.tvsquared.com *.facebook.net cdnjs.cloudflare.com cdn.cquotient.com *.googletagmanager.com www.googletagmanager.com *.g.doubleclick.net *.googleapis.com *.google-analytics.com *.googleadservices.com *.google.com *.gstatic.com *.dwin1.com *.postcodeanywhere.co.uk *.pcapredict.com *.zmags.com *.z-analytics.net *.yotpo.com *.tokywoky.com *.msecnd.net *.freshchat.com *.klarnaservices.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.mention-me.com *.worldpay.com *.cardinalcommerce.com bda.bookatable.com bat.bing.com *.contentsquare.net *.contentsquare.com *.sub2tech.com *.yottaa.com *.cloudfront.net *.freshworksapi.com *.zenaps.com *.paypal.com *.paypalobjects.com *.awin1.com *.dwin1.com *.sessioncam.com *.whittard.co.uk *.whittard.com *.bootstrapcdn.com *.googlesyndication.com www.google.com *.studentbeans.com onlineerp.solution.quebec widget.surveymonkey.com *.paperform.co paperform.co *.ordergroove.com cdnapisec.kaltura.com *.gocertify.me *.bglobale.com *.global-e.com *.b0e8.com *.vimeo.com *.onetrust.com *.windows.net *.particularaudience.com *.p-a.io *.googleanalytics.com *.googleoptimize.com analytics.whittard.com analytics.whittard.co.uk *.amazonaws.com *.abtasty.com; connect-src 'self' *.ads.linkedin.com snap.licdn.com *.rapid.yottaa-network.net pagead2.googlesyndication.com *.google-analytics.com *.googleadservices.com *.g.doubleclick.net *.tryzens-analytics.com:12280 *.ometria.com *.postcodeanywhere.co.uk *.pcapredict.com *.yotpo.com *.tokywoky.com *.klarnauserservices.com *.klarnaservices.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.mention-me.com mention-me.com bda.bookatable.com *.zmags.com *.z-analytics.net *.contentsquare.net *.contentsquare.com *.sub2tech.com *.cloudfront.net *.awin1.com *.dwin1.com *.yottaa.net *.sessioncam.com bat.bing.com *.facebook.com *.google.com *.facebook.net *.googleapis.com widget.surveymonkey.com *.s3.amazonaws.com *.ordergroove.com *.worldpay.com *.cardinalcommerce.com *.gocertify.me *.bglobale.com *.global-e.com *.vimeo.com *.onetrust.com *.windows.net *.particularaudience.com *.p-a.io *.gstatic.com *.abtasty.com analytics.whittard.com analytics.whittard.co.uk ade.googlesyndication.com *.whittard.com *.whittard.co.uk *.amazonaws.com; manifest-src 'self'; ; report-uri https://289r1hnfc9.execute-api.eu-west-1.amazonaws.com/prod/whittard-cspdata; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.hn www.bancodeoccidente.hn *.doubleclick.net www.google.com *.gstatic.com pro.ip-api.com analytics.google.com region1.analytics.google.com translate.google.com images.scanalert.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 default-src 'self' *.creative.com d287ku8w5owj51.cloudfront.net *.crazyegg.com im-yacms.s3.ap-southeast-1.amazonaws.com *.zdassets.com *.zendesk.com *.zopim.com zendesk-eu.my.sentry.io wss://creativesupporthelp.zendesk.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.awin1.com *.bootstrapcdn.com *.crazyegg.com *.creative.com *.dwin1.com *.facebook.com *.google-analytics.com *.google.com *.gstatic.com *.mlytics.com *.ads-twitter.com ads-api.twitter.com analytics.twitter.com ajax.googleapis.com b91.yahoo.co.jp beacon.cdn.mile.cloud blueimp.github.io browser-update.org cdn.jsdelivr.net cdn.moengage.com cdnjs.cloudflare.com code.jquery.com connect.facebook.net cv.valuecommerce.com d.line-scdn.net d287ku8w5owj51.cloudfront.net dnn506yrbagrg.cloudfront.net googleads.g.doubleclick.net graph.facebook.com images.soundblaster.com lantern.roeyecdn.com platform.twitter.com polyfill.io remote.captcha.com s.yimg.jp sdk.amazonaws.com sslwidget.criteo.com static.criteo.net csm.da.us.criteo.net static.zdassets.com tagmanager.google.com tpay.com *.googlesyndication.com trj.valuecommerce.com use.typekit.net widget-mediator.zopim.com widget.us.criteo.com www.googleadservices.com www.googletagmanager.com www.youtube.com; style-src 'self' 'unsafe-inline' *.creative.com d287ku8w5owj51.cloudfront.net *.typekit.net *.adobe.com *.google.com tagmanager.google.com fonts.googleapis.com fonts.gstatic.com/ *.crazyegg.com *.bootstrapcdn.com cdnjs.cloudflare.com www.jqueryscript.net www.soundblaster.com www.gstatic.com; img-src 'self' blob: *.awin1.com *.crazyegg.com *.creative.com *.dwin1.com *.google-analytics.com *.imgvc.com *.mlytics.com adservice.google.com *.ads-twitter.com ads-api.twitter.com analytics.twitter.com b91.yahoo.co.jp beacon.cdn.mile.cloud browser-update.org contextual.media.net criteo-partners.tremorhub.com csm.va.us.criteo.net d287ku8w5owj51.cloudfront.net data: dis.criteo.com encrypted-tbn0.gstatic.com encrypted-tbn1.gstatic.com encrypted-tbn2.gstatic.com encrypted-tbn3.gstatic.com exchange.mediavine.com google.com.sg googleads.g.doubleclick.net graph.facebook.com gum.criteo.com h.online-metrix.net i.vimeocdn.com i.ytimg.com im-yacms.s3.ap-southeast-1.amazonaws.com image-eu.moengage.com img.youtube.com itag.valuecommerce.com itag.valuecommerce.ne.jp lantern.roeye.com p.typekit.net ssl.gstatic.com static.criteo.net static.zdassets.com stats.g.doubleclick.net sync-criteo.ads.yieldmo.com sync-t1.taboola.com t.co tpay.com tr.line.me translate.google.com translate.googleapis.com use.typekit.net v2assets.zopim.io www.adobe.com www.facebook.com www.google-analytics.com www.google.ae www.google.at www.google.az www.google.ba www.google.be www.google.bg www.google.by www.google.ca www.google.ch www.google.cl www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.uk www.google.co.ve www.google.co.za www.google.com www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bo www.google.com.br www.google.com.co www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.gt www.google.com.hk www.google.com.kw www.google.com.mt www.google.com.mx www.google.com.my www.google.com.np www.google.com.pa www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.cz www.google.de www.google.dk www.google.ee www.google.es www.google.fi www.google.fr www.google.gr www.google.hr www.google.hu www.google.ie www.google.iq www.google.it www.google.lk www.google.lt www.google.lu www.google.lv www.google.kz www.google.mk www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.sk www.google.tt *.googlesyndication.com www.googletagmanager.com www.gstatic.com www.paypalobjects.com www.soundblaster.com www.youtube.com tbs.tradedoubler.com; font-src 'self' *.creative.com d287ku8w5owj51.cloudfront.net fonts.gstatic.com use.typekit.net data: *.bootstrapcdn.com cdnjs.cloudflare.com www.jqueryscript.net file.myfontastic.com www.slant.co cdn.honey.io; child-src blob: www.google.com cdn.moengage.com; connect-src 'self' *.cdnsuehprom.com *.cloud-button.com *.crazyegg.com *.creative.com *.daxinlicai.com *.google-analytics.com *.googlesyndication.com *.mlytics.com *.sphgfgx.com accounts.google.com ad.doubleclick.net adservice.google.com analytics.google.com *.ads-twitter.com ads-api.twitter.com analytics.twitter.com autocomplete-api.smartystreets.com cdn.contentful.com code.jquery.com cognito-identity.ap-northeast-1.amazonaws.com contextual.media.net creativesupporthelp.zendesk.com criteo-partners.tremorhub.com criteo-sync.teads.tv d287ku8w5owj51.cloudfront.net ekr.zdassets.com exchange.mediavine.com google.com graph.facebook.com if1k4cyjr4.execute-api.ap-southeast-1.amazonaws.com measurement-api.criteo.com oxrz6c4lbi.execute-api.ap-southeast-1.amazonaws.com pay.google.com performance.typekit.net region1.analytics.google.com sdk-02.moengage.com securepubads.g.doubleclick.net spay.samsung.com sslwidget.criteo.com static.criteo.net stats.g.doubleclick.net sync-criteo.ads.yieldmo.com sync-t1.taboola.com sync.outbrain.com t.co tez.google.com *.googleapis.com wss://widget-mediator.zopim.com www.facebook.com www.google-analytics.com www.google.com z-m-graph.facebook.com z-p3-graph.facebook.com; frame-src 'self' data: *.crazyegg.com accounts.google.com ad.gunosy.com cdn.moengage.com creativesupporthelp.zendesk.com d287ku8w5owj51.cloudfront.net fledge.us.criteo.com googleads.g.doubleclick.net gum.criteo.com pay.google.com player.vimeo.com static.criteo.net td.doubleclick.net tpc.googlesyndication.com www.facebook.com www.google.co.jp www.google.com www.youtube.com www.youtube-nocookie.com; media-src data: *.creative.com d287ku8w5owj51.cloudfront.net cn-img.creative.com; worker-src 'self' blob: *.creative.com; frame-ancestors 'self' *.creative.com img.stage.creative.com appsmith.dev.creative.com; object-src 'none'; upgrade-insecure-requests; report-uri https://api.creative.com/csp/report/; 1 object-src 'none';base-uri 'self';script-src 'nonce-qRV74jAQNwUgw6Lq1WsFfA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.googleapis.com *.gstatic.com data: *.cookiebot.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.cookiebot.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.googleapis.com *.cookiebot.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com *.cookiebot.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com maps.googleapis.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cookiebot.com https://static.klaviyo.com maxcdn.bootstrapcdn.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://instagram.fdel27-5.fna.fbcdn.net https://instagram.fdel27-4.fna.fbcdn.net https://instagram.fdel27-3.fna.fbcdn.net https://instagram.fdel27-2.fna.fbcdn.net https://instagram.fdel27-1.fna.fbcdn.net https://scontent-lcy1-1.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.cookiebot.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.ideal-postcodes.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com www.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' *; style-src 'self' cdnjs.cloudflare.com 'unsafe-inline'; script-src 'self' 'nonce-1FCE5001-AD83-4EF7-857C-A7D9F952E80B' 'nonce-1A05E578-60C3-4BDE-8796-8CC061208063' 'nonce-06A0559D-F732-435A-BCCB-F5C323D09623' 'nonce-CFED2703-44E1-4D11-A871-3261C57779D2' 'nonce-63E230C4-C78E-4252-856A-4B1FB79E4230' 'nonce-8BC37B9E-DD2A-4B48-9776-CB7BDF6DCA90' 'nonce-36A55DDA-32BD-4244-9109-7201F470D964' 'sha256-PO1m1Qgk7Ef6D3RtZn7m2n/kuQdKUcc4WIAhOkqMA+0=' code.jquery.com cdnjs.cloudflare.com www.googletagmanager.com www.google-analytics.com www.google.com www.youtube.com cdn.cookielaw.org www.youtube-nocookie.com snap.licdn.com connect.facebook.net b2b.intrum.com b2b.intrum.fi b2b.intrum.dk track.adform.net googleads.g.doubleclick.net pi.pardot.com www.gstatic.com *.intrum.com *.hotjar.com *.inzynk.io; font-src 'self' fonts.gstatic.com; object-src 'none'; img-src * 'self' data:; report-uri /diagnostics/csp-report 1 font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://seo.mageplaza.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ maps.googleapis.com chart.googleapis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com chart.googleapis.com *.gstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com maps.googleapis.com chart.googleapis.com www.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-AsESl1yPRsa7BYtm-hjMqg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src https:; connect-src https: wss:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' *.google.com fonts.googleapis.com static.pazaruvaj.com unpkg.com api.mapbox.com cdn.jsdelivr.net geowidget.easypack24.net maxcdn.bootstrapcdn.com ssl.ceneo.pl s.kk-resources.com elnino.daktela.com www.wiarygodneopinie.pl ts.tradetracker.net cdn.foxentry.cz www.parfemy-elnino.cz geowidget.inpost.pl www.googletagmanager.com smartsuppcdn.com cdn.luigisbox.com *.demandware.net; object-src 'self'; img-src 'self' https: data:; font-src https: data:; frame-ancestors 'self' *.creativecdn.com *.hotjar.com *.googletagmanager.com; worker-src 'self' blob:; report-uri https://elnino.report-uri.com/r/d/csp/enforce 1 report-uri https://e3upqkx4nb3hofqe42khocblk40tgemz.lambda-url.us-east-1.on.aws/api/token/Elfbin74NZhrk93uWIlnlUGdBxSbg; default-src 'self' https://*.tytocare.com ; img-src 'self' data: https://*.tytocare.com https://static.tytodemo.com https://*.wistia.net https://*.wistia.com https://match.prod.bidr.io https://id.rlcdn.com https://t.co https://analytics.twitter.com https://bat.bing.com https://*.6sc.co https://*.lfeeder.com https://*.google-analytics.com https://*.linkedin.com https://track.hubspot.com https://www.google.com https://www.google.co.il https://www.google.com.ua https://segments.company-target.com https://www.facebook.com https://secure.gravatar.com https://s.w.org https://wp-rocket.me https://www.googletagmanager.com https://*.hsforms.com https://embedwistia-a.akamaihd.net https://googleads.g.doubleclick.net https://*.tytod.com ; style-src 'self' 'unsafe-inline' https://*.tytocare.com https://static.tytodemo.com https://fonts.googleapis.com ; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.tytocare.com https://use.fontawesome.com https://*.tytod.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.tytocare.com ; script-src-elem 'self' 'unsafe-inline' data: https://*.tytocare.com https://js.hsforms.net https://*.googletagmanager.com https://*.google-analytics.com https://*.wistia.com https://*.wistia.net https://bat.bing.com https://js.hs-scripts.com https://script.crazyegg.com https://connect.facebook.net https://static.ads-twitter.com https://sc.lfeeder.com https://js.driftt.com https://j.6sc.co https://tag.demandbase.com https://*.hotjar.com https://*.doubleclick.net https://snap.licdn.com https://js.hsadspixel.net https://js.hs-banner.com https://js.hsleadflows.net https://js.hs-analytics.net https://js.chilipiper.com https://beacon-v2.helpscout.net https://www.youtube.com https://cdn.syncle.io https://www.googleadservices.com https://d10lpsik1i8c69.cloudfront.net https://static.oktopost.com https://okt.to https://cdn.linkedin.oribi.io https://www.google.com/recaptcha/api.js https://*.tytod.com https://cdn.jsdelivr.net https://syncle.io https://cdnjs.cloudflare.com https://unpkg.com ; connect-src 'self' https://metrics.hotjar.io https://content.hotjar.io https://*.tytocare.com https://pro.ip-api.com https://*.wistia.com https://*.litix.io https://*.6sc.co https://*.google-analytics.com https://*.doubleclick.net https://api.hubapi.com https://api.company-target.com https://forms.hubspot.com https://cdn.linkedin.oribi.io https://bat.bing.com https://secure.adnxs.com https://*.hotjar.com https://beaconapi.helpscout.net https://www.facebook.com https://d3hb14vkzrxvla.cloudfront.net wss://*.hotjar.com https://yoast.com https://settings.luckyorange.net https://gw.linkedin.oribi.io https://forms.hsforms.com https://embedwistia-a.akamaihd.net https://tracking.chilipiper.com https://adservice.google.com https://bluewhale.syncle.io https://px.ads.linkedin.com ; font-src 'self' data: https://*.tytocare.com https://*.wistia.net https://*.wistia.com https://fonts.gstatic.com https://use.fontawesome.com https://workweek.com https://*.tytod.com ; media-src 'self' blob: https://*.tytocare.com https://*.wistia.net https://*.wistia.com https://embedwistia-a.akamaihd.net https://cdn.livechatinc.com https://js.driftt.com ; frame-src 'self' https://*.tytocare.com https://*.hotjar.com https://js.driftt.com https://wp-rocket.me https://www.youtube.com https://s.company-target.com ; frame-ancestors 'self' https://*.tytocare.com https://tytocare.powerappsportals.com https://tytocaredev.powerappsportals.com ; worker-src 'self' blob: https://*.tytocare.com ; object-src 'self' https://*.tytocare.com ; manifest-src 'self' https://*.tytocare.com ; 1 default-src 'self' farmersinsurance.okta.com *.oktacdn.com; connect-src 'self' farmersinsurance.okta.com farmersinsurance-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com farmersinsurance.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' farmersinsurance.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'self' farmersinsurance.okta.com *.oktacdn.com; frame-src 'self' farmersinsurance.okta.com farmersinsurance-admin.okta.com login.okta.com com-okta-authenticator:; img-src 'self' farmersinsurance.okta.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' farmersinsurance.okta.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self'; report-uri https://oktacsp.report-uri.com/r/t/csp/reportOnly; report-to csp 1 default-src 'self' *.ctfassets.net;img-src data: blob: *;style-src 'self' 'unsafe-inline' *.gstatic.com;font-src 'self' fonts.gstatic.com;media-src 'self' *.ctfassets.net *.gstatic.com;frame-src 'self' *.ctfassets.net *.youtube.com *.ungpd.com;connect-src 'self' *.ctfassets.net *.contentful.com *.bugsnag.com *.swish.nu;object-src 'none';script-src 'self'; report-uri https://eo7f9vdutam5kd9.m.pipedream.net; report-to csp-report; 1 default-src 'self'; frame-src https://api-5487f10a.duosecurity.com/ https://www.google.com https://www.youtube.com/ https://static.addtoany.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.addtoany.com/ https://ajax.cloudflare.com/ https://www.google.com/ https://www.google-analytics.com https://www.gstatic.com; report-uri /csp-reports.php 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: code.jquery.com *.gstatic.com cdn.jsdelivr.net *.facebook.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 object-src 'none';base-uri 'self';script-src 'nonce-b6xaACId17ViX_7s_c34ZQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.adyen.com *.lamaisonduchocolat.com *.avis-verifies.com/ *.vimeocdn.com *.vimeo.com reetags.com *.weltpixel.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.adyen.com maps.googleapis.com maps.gstatic.com *.lamaisonduchocolat.com *.vimeo.com *.paypal.com *.gstatic.com *.analytics.google.com reetags.com https://images.unsplash.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com polyfill.io maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.lamaisonduchocolat.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.googleapis.com *.gstatic.com *.google.com *.paypal.com *.braintreegateway.com *.cardinalcommerce.com reetags.com sdk.privacy-center.org js.aploze.com *.jsdelivr.net https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.lamaisonduchocolat.com reetags.com maxcdn.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.algolia.net *.algolia.com *.algolianet.com *.lamaisonduchocolat.com *.googleapis.com *.analytics.google.com reetags.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self'; frame-src hubspot.com salesloft.com typeform.com boards-api.greenhouse.io greenhouse.io embed.s3.amazonaws.com perf.hsforms.com ; media-src youtube.com player.vimeo.com i.vimeocdn.com img.youtube.com cdn.plyr.io player.vimeo.com view.genial.ly soundcloud.com cdn.plyr.io; 1 script-src 'self' 'unsafe-eval' https://www.gstatic.com/recaptcha/ https://cookie-cdn.cookiepro.com https://www.googletagmanager.com https://www.google-analytics.com https://static.hotjar.com https://script.hotjar.com https://dev.visualwebsiteoptimizer.com https://connect.facebook.net https://tag.rmp.rakuten.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com player.vimeo.com polyfill.io www.youtube.com 'unsafe-inline'; script-src-attr 'self'; script-src-elem 'self' https://www.gstatic.com/recaptcha/ https://cookie-cdn.cookiepro.com https://www.googletagmanager.com https://www.google-analytics.com https://static.hotjar.com https://script.hotjar.com https://dev.visualwebsiteoptimizer.com https://connect.facebook.net https://tag.rmp.rakuten.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com player.vimeo.com polyfill.io www.youtube.com 'unsafe-inline'; style-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri https://www.visitbritainshop.com/world/en/report-uri/reportOnly 1 font-src *.fontawesome.com https://*.hotjar.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://secure-test.worldpay.com/shopper/3ds/ddc.html 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://pay.google.com https://secure-test.worldpay.com https://*.kaptcha.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.gstatic.com https://s3.amazonaws.com https://chd.stats.paypal.com https://*.univarsolutions.com https://*.google.com https://static.hotjar.com https://*.loopanalytics.com https://qa-nexeo.cs196.force.com https://consent.trustarc.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.google.com/recaptcha/api.js *.gstatic.com *.cloudflare.com https://pay.google.com/gp/p/js/pay.js https://applepay.cdn-apple.com/jsapi/v1/apple-pay-sdk.js https://payments.worldpay.com/resources/cse/js/worldpay-cse-1.0.2.min.js https://*.loopanalytics.com https://ws.zoominfo.com https://*.googleapis.com https://*.newrelic.com https://*.hotjar.com https://ict.infinity-tracking.net https://c.la2-c2-ia5.salesforceliveagent.com https://d.la2-c2-ia5.salesforceliveagent.com https://consent.trustarc.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com unsafe-inline assets.braintreegateway.com *.cloudflare.com https://cdn.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://stats.g.doubleclick.net https://bam.nr-data.net https://nas.lon.infinity-tracking.net https://ict.infinity-tracking.net https://*.smartystreets.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.gsmoutdoors.com cdn77.api.userway.org api.userway.org shop.pe imgs.signifyd.com cdn11.bigcommerce.com cdn.userway.org fast.a.klaviyo.com cdnjs.cloudflare.com cdn.jsdelivr.net static-forms.klaviyo.com ka-p.fontawesome.com *.googleapis.com a.klaviyo.com *.gstatic.com *.cloudfront.net *.online-metrix.net na.klarnaevt.com i.ytimg.com cdn.jotfor.ms nytrng.com *.bazaarvoice.com kit.fontawesome.com pro.fontawesome.com www.youtube.com www.googleoptimize.com static-tracking.klaviyo.com js.klarna.com www.google-analytics.com x.klarnacdn.net addshoppers.s3.amazonaws.com stackpath.bootstrapcdn.com tasks.gsmoutdoors.com vc.hotjar.io *.hotjar.com shopper.shop.pe app.shop.pe bes.gcp.data.bigcommerce.com *.addthis.com www.googletagmanager.com static.klaviyo.com manage.safeopt.com cdn-scripts.signifyd.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 object-src 'none';base-uri 'self';script-src 'nonce-pakAkRQBIydHZJYVVHrUaw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src 'self' 'unsafe-inline' https://cdn.cookielaw.org https://www.googletagmanager.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://js.monitor.azure.com azure.com https://www.google-analytics.com https://www.google.com https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com https://www.gstatic.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://maps.googleapis.com/ https://js.monitor.azure.com azure.com https://www.google.com https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com blob: https://www.gstatic.com https://www.google.com https://unpkg.com; base-uri 'self'; frame-ancestors 'self'; report-uri https://www.amrest.eu/en/report-uri/reportOnly 1 report-uri https://csp.brandbox.host/; script-src 'self' 'strict-dynamic' 'unsafe-eval' 'nonce-6604d90bd6234'; default-src 'self'; img-src 'self' data: https://*.frank-flechtwaren.de https://*.google.de https://*.pinterest.com https://*.bing.com https://*.ausgezeichnet.org https://*.google-analytics.com https://*.g.doubleclick.net https://*.google.com https://i.ytimg.com https://maps.googleapis.com https://maps.gstatic.com; child-src 'self' https://*.paypal.com https://www.youtube.com https://www.youtube-nocookie.com; frame-src 'self' https://*.pinterest.com https://*.cadsuta.net https://*.facebook.net https://*.doubleclick.net https://*.paypal.com https://www.youtube.com https://www.youtube-nocookie.com https://payment.heidelpay.com; connect-src 'self' https://*.g.doubleclick.net https://*.clarity.ms https://*.analytics.google.com https://*.cadsuta.net https://*.pinterest.com https://*.paypal.com https://www.google-analytics.com https://payment.heidelpay.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; 1 img-src 'self' www.facebook.com www.instagram.com https://*.keywee.co https://images.ctfassets.net https://i.ytimg.com https://a.storyblok.com https://cdn-ukwest.onetrust.com https://connect.facebook.net https://www.facebook.com https://d25d2506sfb94s.cloudfront.net https://*.google.com https://*.google-analytics.com https://*.doubleclick.net https://*.googletagmanager.com https://*.gstatic.com https://*.googleadservices.com https://www.google.com.de https://www.google.com.pl https://www.google.com.es https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat https://images.getinconvo.com https://cdn.yougov.chat https://attachments-bucket-eu-west-1-prod.s3.eu-west-1.amazonaws.com data:; report-uri https://o198417.ingest.sentry.io/api/5594314/security/?sentry_key=f6766c04be5e496fa1fbd7ee7f3ded56&sentry_environment=production&sentry_release=undefined; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://aau.edu.jo https://*.aau.edu.jo *.googleusercontent.com *.jsdelivr.net *.gstatic.com *.bootstrapcdn.com *.googleapis.com *.google.com; report-uri //report-csp-violation 1 upgrade-insecure-requests; default-src 'self' https://*.planer.io https://planer.io; script-src 'self' 'unsafe-inline' ; script-src-elem 'self' 'unsafe-inline' ; script-src-attr 'none'; style-src 'self' 'unsafe-inline' https://*.planer.io https://planer.io; img-src 'self' https: data:; manifest-src 'self' https://login.planer.io; object-src 'none'; frame-ancestors 'self'; report-uri https://frontend-logs.planer.io/v1/frontend-logs/central-login-page; report-to frontend-errors 1 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com data: script.hotjar.com *.fontawesome.com *.zopim.com sparkjop.global.ssl.fastly.net cdn.sparkjop.no cdn.prod.sparkjop.vdc.dev data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.facebook.com *.nosto.com *.nos.to *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.vipps.no *.snapchat.com *.list-manage.com 'self'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.adyen.com *.google.com *.doubleclick.net *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.nosto.com *.nos.to c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.klarna.com big.g.doubleclick.net vars.hotjar.com optimize.google.com *.zopim.com *.snapchat.com *.googlesyndication.com *.googletagmanager.com sparkjop.global.ssl.fastly.net cdn.sparkjop.no cdn.prod.sparkjop.vdc.dev policy.app.cookieinformation.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.adyen.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com connect.facebook.net graph.facebook.com business.facebook.com *.nosto.com *.nos.to www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.google.no *.google.se *.google.fi *.google.ro *.google.pl *.google.dk *.google-analytics.com *.googleadservices.com googleads.g.doubleclick.net *.klarna.com *.klarnaevt.com *.hotjar.com *.hotjar.io *.google.lt *.zopim.com *.atdmt.com *.bing.com *.googlesyndication.com sparkjop.global.ssl.fastly.net *.clarity.ms cdn.sparkjop.no cdn.prod.sparkjop.vdc.dev data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.google.com *.google.bg *.googletagmanager.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com chimpstatic.com downloads.mailchimp.com *.list-manage.com connect.facebook.net graph.facebook.com business.facebook.com *.nosto.com *.nos.to assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleanalytics.com *.googleadservices.com *.googleoptimize.com *.klarna.com static.hotjar.com script.hotjar.io https://widget.postenlabs.no/ *.zdassets.com *.zopim.com *.bing.com sc-static.net data: *.googlesyndication.com sparkjop.global.ssl.fastly.net cdnjs.cloudflare.com *.clarity.ms cdn.sparkjop.no cdn.prod.sparkjop.vdc.dev policy.app.cookieinformation.com *.snapchat.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com downloads.mailchimp.com *.nosto.com *.nos.to unsafe-inline assets.braintreegateway.com *.google.com https://widget.postenlabs.no/assets/ *.fontawesome.com sparkjop.global.ssl.fastly.net cdn.sparkjop.no cdn.prod.sparkjop.vdc.dev 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com data: sparkjop.global.ssl.fastly.net cdn.sparkjop.no cdn.prod.sparkjop.vdc.dev *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com connect.facebook.net graph.facebook.com business.facebook.com *.nosto.com *.nos.to api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com t.elasticsuite.io *.doubleclick.net *.klarna.com *.klarnaevt.com *.hotjar.com vc.hotjar.io surveystats.hotjar.io wss://*.hotjar.com *.googleapis.com https://widget.postenlabs.no/ https://widget.bring.services/api/ *.fontawesome.com *.zdassets.com *.zopim.com wss://widget-mediator.zopim.com *.trollweb.no *.bing.com *.g.doubleclick.net *.getsentry.com sparkjop.global.ssl.fastly.net *.snapchat.com *.clarity.ms www.clarity.ms cdn.sparkjop.no cdn.prod.sparkjop.vdc.dev policy.app.cookieinformation.com consent.app.cookieinformation.com *.zendesk.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com *.zopim.com cdn.sparkjop.no cdn.prod.sparkjop.vdc.dev 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://925015dff672673dc181e65d1429ee9c.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1 default-src 'self' ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://cdn.optimizely.com https://static.ads-twitter.com www.google-analytics.com www.gstatic.com https://analytics.twitter.com https://ssl.google-analytics.com https://www.youtube.com https://player.youku.com https://v1-tt.ixigua.com https://www.google.com https://*.googleapis.com https://bat.bing.com use.typekit.net https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://connect.facebook.net https://platform.twitter.com https://rum-static.pingdom.net https://ajax.aspnetcdn.com https://s.ytimg.com https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.8.0/slick.min.js https://pi.pardot.com https://www.brighttalk.com; style-src 'self' data: 'unsafe-inline' *.googleapis.com use.typekit.net; img-src * data: ; font-src 'self' data: https://fonts.typekit.net fonts.gstatic.com https://use.typekit.net http://fontface.ninja; child-src 'self' http://sdn.sitecore.net https://www.youtube.com https://player.youku.com https://v1-tt.ixigua.com https://www.google.com https://accounts.google.com https://www.googletagmanager.com ; frame-src 'self' http://sdn.sitecore.net https://www.youtube.com https://player.youku.com https://v1-tt.ixigua.com https://player.vimeo.com https://go.pardot.com https://www.brighttalk.com https://e.issuu.com; frame-ancestors 'self' ; connect-src 'self' https://rum-collector-2.pingdom.net ; media-src 'self' https://cruprod.blob.core.windows.net; report-uri https://3chillies.report-uri.io/r/default/csp/reportOnly; 1 font-src *.gstatic.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.doubleclick.net *.facebook.net *.klarnacdn.net *.fontawesome.com *.sugarfreeshops.com sugarfreeshops.com *.cloudflare.com *.cloudfront.net *.simpler.so *.socital.com *.google.com *.bestprice.gr *.pstatic.gr *.adman.gr *.addsauce.com snapppt.com *.cardinalcommerce.com *.skroutz.gr *.linkwi.se *.crazyegg.com *.cookiebot.com consentcdn.cookiebot.com *.facebook.com *.youtube.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.net *.sugarfreeshops.com sugarfreeshops.com *.facebook.com *.google.com *.simpler.so *.socital.com *.bestprice.gr *.pstatic.gr *.adman.gr *.googlesyndication.com *.addsauce.com *.gstatic.com snapppt.com *.cardinalcommerce.com *.skroutz.gr *.linkwi.se *.crazyegg.com *.cookiebot.com *.youtube.com *.twitter.com *.cardlink.gr *.alphaecommerce.gr 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.sugarfreeshops.com sugarfreeshops.com *.facebook.net *.facebook.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.google.com www.google.com *.doubleclick.net *.facebook.net *.klarna.com *.sugarfreeshops.com sugarfreeshops.com *.facebook.com *.cookiebot.com *.boxnow.gr/ *.contactpigeon.com *.skroutz.gr *.tiktok.com *.hotjar.com *.linkwi.se *.criteo.com *.criteo.net *.simpler.so *.bestprice.gr *.pstatic.gr *.adman.gr *.googlesyndication.com trustmark.gr *.socital.com *.addsauce.com *.gstatic.com snapppt.com *.cardinalcommerce.com *.crazyegg.com *.addtoany.com *.twitter.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com *.google.com *.google.bg *.facebook.net *.doubleclick.net *.googletagmanager.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.sugarfreeshops.com sugarfreeshops.com *.facebook.com *.clarity.ms *.socital.com www.google.gr *.contactpigeon.com *.cookiebot.com *.google-analytics.com *.skroutz.gr http://trustmark.gr https://trustmark.gr *.tiktok.com *.adnxs.com *.criteo.com *.e-satisfaction.com *.simpler.so *.bestprice.gr *.pstatic.gr *.adman.gr *.cdninstagram.com snapppt.com *.addsauce.com *.cardinalcommerce.com *.linkwi.se *.crazyegg.com *.cloudflare.com *.googleadservices.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ *.google.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.klarna.com *.klarnacdn.net *.klarnaservices.com *.avada.io 'self' data: *.sugarfreeshops.com sugarfreeshops.com *.cookiebot.com *.googleadservices.com *.googleoptimize.com *.addtoany.com *.pinterest.com *.tumblr.com *.tiktok.com go.linkwi.se *.google.gr *.contactpigeon.com *.adman.gr *.e-satisfaction.com trustmark.gr *.hotjar.com *.socital.com *.criteo.net *.criteo.com *.simpler.so *.clarity.ms *.bestprice.gr *.pstatic.gr *.googlesyndication.com *.addsauce.com snapppt.com *.cardinalcommerce.com *.linkwi.se *.crazyegg.com *.skroutz.gr *.weezmo.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.net *.gstatic.com *.googletagmanager.com *.klarnacdn.net *.fontawesome.com *.sugarfreeshops.com sugarfreeshops.com *.socital.com *.cloudfront.net *.google.com *.contactpigeon.com *.myfonts.net *.cloudfront.com *.e-satisfaction.com http://trustmark.gr https://trustmark.gr *.simpler.so *.bestprice.gr *.pstatic.gr *.adman.gr *.addsauce.com snapppt.com *.cardinalcommerce.com *.skroutz.gr *.linkwi.se *.crazyegg.com *.cookiebot.com *.facebook.com *.youtube.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline'; object-src *.sugarfreeshops.com sugarfreeshops.com 'self' 'unsafe-inline'; media-src *.adobe.com *.sugarfreeshops.com sugarfreeshops.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src *.sugarfreeshops.com sugarfreeshops.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com connect.facebook.net *.facebook.net *.google.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://get.geojs.io *.avada.io *.sugarfreeshops.com sugarfreeshops.com maps.googleapis.com stats.g.doubleclick.net consent.cookiebot.com *.tiktok.com *.doubleclick.net *.googlesyndication.com *.clarity.ms 'self' wss: 'unsafe-inline' wss: *.sentry.io *.contactpigeon.com *.e-satisfaction.com snapppt.com *.socital.com *.hotjar.com *.simpler.so *.bestprice.gr *.pstatic.gr *.adman.gr *.addsauce.com *.gstatic.com skroutza.skroutz.gr go.linkwi.se script.crazyegg.com consentcdn.cookiebot.com *.facebook.com www.youtube.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com 'self' 'unsafe-inline'; child-src *.sugarfreeshops.com sugarfreeshops.com http: https: blob: 'self' 'unsafe-inline'; default-src *.sugarfreeshops.com sugarfreeshops.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.sugarfreeshops.com sugarfreeshops.com 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com *.searchspring.io facebook.com *.facebook.com facebook.net *.facebook.net visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com elfsight.com *.elfsight.com acsbapp.com *.acsbapp.com northbeam.io *.northbeam.io listrakbi.com *.listrakbi.com refersion.com *.refersion.com bing.com *.bing.com cloudfront.net *.cloudfront.net amazonaws.com *.amazonaws.com ywxi.net *.ywxi.net bootstrapcdn.com *.bootstrapcdn.com storelocatorwidgets.com *.storelocatorwidgets.com purityassets.com *.purityassets.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.searchspring.io listrakbi.com *.listrakbi.com purityassets.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.searchspring.io facebook.com *.facebook.com facebook.net *.facebook.net visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com elfsight.com *.elfsight.com acsbapp.com *.acsbapp.com northbeam.io *.northbeam.io listrakbi.com *.listrakbi.com refersion.com *.refersion.com bing.com *.bing.com cloudfront.net *.cloudfront.net amazonaws.com *.amazonaws.com ywxi.net *.ywxi.net pinterest.com *.pinterest.com purityassets.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.searchspring.io elfsightcdn.com *.elfsightcdn.com facebook.com *.facebook.com facebook.net *.facebook.net visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com elfsight.com *.elfsight.com acsbapp.com *.acsbapp.com northbeam.io *.northbeam.io listrakbi.com *.listrakbi.com refersion.com *.refersion.com bing.com *.bing.com cloudfront.net *.cloudfront.net amazonaws.com *.amazonaws.com ywxi.net *.ywxi.net purityassets.com *.purityassets.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ s7.addthis.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://cdn.searchspring.net/intellisuggest/is.min.js *.searchspring.io facebook.com *.facebook.com facebook.net *.facebook.net visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com elfsight.com *.elfsight.com acsbapp.com *.acsbapp.com northbeam.io *.northbeam.io listrak.com *.listrak.com listrakbi.com *.listrakbi.com refersion.com *.refersion.com bing.com *.bing.com cloudfront.net *.cloudfront.net amazonaws.com *.amazonaws.com ywxi.net *.ywxi.net googleapis.com *.googleapis.com storelocatorwidgets.com *.storelocatorwidgets.com purityassets.com *.purityassets.com *.godaddy.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.fontawesome.com unsafe-inline *.searchspring.io facebook.com *.facebook.com facebook.net *.facebook.net visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com elfsight.com *.elfsight.com acsbapp.com *.acsbapp.com northbeam.io *.northbeam.io listrakbi.com *.listrakbi.com refersion.com *.refersion.com bing.com *.bing.com cloudfront.net *.cloudfront.net amazonaws.com *.amazonaws.com ywxi.net *.ywxi.net bootstrapcdn.com *.bootstrapcdn.com storelocatorwidgets.com *.storelocatorwidgets.com mapbox.com *.mapbox.com purityassets.com *.purityassets.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com purityassets.com *.purityassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com https://beacon.searchspring.io/beacon *.searchspring.io facebook.com *.facebook.com facebook.net *.facebook.net visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com elfsight.com *.elfsight.com acsbapp.com *.acsbapp.com northbeam.io *.northbeam.io listrakbi.com *.listrakbi.com refersion.com *.refersion.com bing.com *.bing.com cloudfront.net *.cloudfront.net amazonaws.com *.amazonaws.com ywxi.net *.ywxi.net purityassets.com *.purityassets.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.gstatic.com use.typekit.net *.fontawesome.com data: fonts.googleapis.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.facebook.com static.zdassets.com www.gstatic.com script.hotjar.com static.hotjar.com googleadservices.com maps.googleapis.com/ 'self' 'unsafe-inline'; frame-ancestors static.zdassets.com www.gstatic.com static.hotjar.com script.hotjar.com googleadservices.com maps.googleapis.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.mercadolibre.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * cdn.dnky.co amc.demdex.net www.google.com youtube.com vars.hotjar.com *.doubleclick.net *.pinterest.com *.tryadviser.com *.webviewer.appar.io *.paperless.com.pe *.extranetrosen.cl mldp.mercadopago.com www.mercadolibre.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net imgmp.mlstatic.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com maps.googleapis.com accounts.google.com www.extranetrosen.cl *.hsforms.com track.hubspot.com mercadopago.cl www.mercadopago.cl *.google.com.cl static.zdassets.com www.gstatic.com static.hotjar.com script.hotjar.com *.pinterest.com *.sendtric.com *.tryadviser.com *.adnxs.com *.linkedin.com *.doubleclick.net *.rosen.cl *.rosen.com.pe *.sonataplatform.com 'self' data: www.mercadolibre.com www.mercadolibre.com.mx www.mercadolibre.com.ar www.mercadolibre.com.br a248.e.akamai.net mercadolivre.com.br www.mercadolivre.com.br www.mercadolivre.com.mx www.mercadolivre.com.ar www.mercadopago.com secure.mlstatic.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.dpm.demdex.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com assets.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com player.vimeo.com www.extranetrosen.cl static.zdassets.com js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net js.hs-banner.com www.googleoptimize.com static.hotjar.com *.google.com *.google.cl script.hotjar.com js.hsleadflows.net *.pinimg.com www.youtube.com *.tryadviser.com *.adnxs.com *.hsadspixel.net *.verificado.ai snap.licdn.com *.google-analytics.com *.commerce.adobe.net *.magento.com *.mercadopago.com *.hscollectedforms.net *.doubleclick.net *.omtrdc.net *.googletagmanager.com *.rosen.cl *.rosen.com.pe *.sonataplatform.com *.mouseflow.com *.hubspot.com *.vnforapps.com https://www.google.com *.gstatic.com https://maps.googleapis.com http2.mlstatic.com secure.mlstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com unsafe-inline assets.braintreegateway.com cdn.dnky.co *.rosen.cl *.rosen.com.pe www.extranetrosen.cl *.tryadviser.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.mercadopago.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com api.comapi.com bam.nr-data.net static.zdassets.com v2.zopim.com ekr.zdassets.com rollbar-eu.zendesk.com wa.me *.hubspot.com stats.g.doubleclick.net rosen.zendesk.com wss://widget-mediator.zopim.com *.hotjar.com vc.hotjar.io www.facebook.com public.delivery.janisqa.in public.delivery.janis.in maps.googleapis.com *.google.cl *.pinterest.com wss://*.hotjar.com *.hscollectedforms.net *.hubapi.com *.amazonaws.com *.amazon.com *.zendesk.com *.linkedin.com *.google-analytics.com api.mercadopago.com events.mercadopago.com www.mercadolibre.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.gstatic.com use.typekit.net *.gstatic.com *.jsdelivr.net *.criteo.com *.avis-verifies.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.criteo.com *.adyen.com https://h.online-metrix.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net camo.githubusercontent.com *.gstatic.com *.cloudflare.com *.googleapis.com *.bing.com *.google.com.br *.clarity.ms *.facebook.net *.facebook.com *.adyen.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.cloudflare.com *.googleapis.com *.bing.com *.facebook.net *.cloudfront.net *.criteo.com *.zdassets.com *.google.com *.avis-verifies.com *.clarity.ms *.adyen.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.cloudflare.com *.googleapis.com *.jsdelivr.net *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.cloudflare.com *.googleapis.com *.azurewebsites.net *.clarity.ms *.amazonaws.com wss://widget-mediator.zopim.com *.rdstation.com.br *.zendesk.com *.doubleclick.net *.facebook.net *.facebook.com *.criteo.com *.zdassets.com *.netreviews.eu *.adyen.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://mcstaging.acheipneus.com.br/csp/endpoint; report-to report-endpoint; 1 upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-XfzZAUkr0nHpFv1Avy7FBX7vV' 'strict-dynamic'; frame-ancestors 'self'; manifest-src 'self' 1 font-src *.gstatic.com data: https://api.systempay.fr/static/ https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/api-payment/ https://api.systempay.fr/static/ 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/static/ https://www.googletagmanager.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com https://paiement.systempay.fr/static/latest/images/type-carte/ https://api.systempay.fr/static/ https://paiement.systempay.fr/vads-payment/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://maps.googleapis.com https://maps.gstatic.com https://www.google.fr https://api.mapbox.com *.tile.openstreetmap.org data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://api.systempay.fr/api-payment/ https://api.systempay.fr/static/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://cdnjs.cloudflare.com https://maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://api.systempay.fr/static/ https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/api-payment/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://nominatim.openstreetmap.org 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/api-payment/ https://api.systempay.fr/static/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.googleapis.com *.google.com *.gstatic.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com unsafe-inline *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.no https://www.myheritage.no 'unsafe-eval' 'nonce-e9fc07c96390d0a8281dace177469f8d' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.no;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1 font-src fonts.googleapis.com fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com maps.googleapis.com chart.googleapis.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://mobbex.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.mobbex.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com chart.googleapis.com *.googletagmanager.com *.facebook.net *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.mobbex.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com maxcdn.bootstrapcdn.com unsafe-inline 'self' 'unsafe-inline'; object-src maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com maps.googleapis.com chart.googleapis.com *.google-analytics.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.mobbex.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 script-src https: blob: mediastream: data: 'unsafe-inline' 'unsafe-eval' 1 font-src *.googleapis.com *.gstatic.com *.intercomcdn.com *.stackpathcdn.com *.ecorebates.com use.fontawesome.com use.typekit.net www.shopperapproved.com' data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com https://static.addtoany.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com js.stripe.com *.getbread.com *.breadpayments.com *.rbcpayplan.com *.weltpixel.com *.google.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com www.apptrian.com *.getbread.com *.breadpayments.com *.rbcpayplan.com https://www.magezon.com assets.instantsearchplus.com *.visualwebsiteoptimizer.com *.listrakbi.com *.everesttech.net doubleclick.net *.doubleclick.net hvacdirect.com bat.bing.com shopperapproved.com www.shopperapproved.com google.com *.google.com insight.adsrvr.org sb.scorecardresearch.com px.owneriq.net realtimeanalytics.yext.com ct.pinterest.com ps.eyeota.net *.sharethis.com obs.segreencolumn.com *.tynt.com guarantee-cdn.com alb.reddit.com tags.bluekai.com *.inspectlet.com apxl.io *.adnxs.com js.intercomcdn.com static.intercomassets.com store.paradoxlabs.com https://redchamps.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.addtoany.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.stripe.com www.apptrian.com *.acp-magento.appspot.com *.akamaized.net *.instantsearchplus.com *.fastsimon.com fastsimon-grid.akamaized.net *.getbread.com *.breadpayments.com *.rbcpayplan.com widget.freshworks.com m2epro.freshdesk.com app.cpscentral.com cpscentral.ngrok.io clarity.ms *.clarity.ms hvacdirect.com *.ecorebates.com apxl.io *.visualwebsiteoptimizer.com guarantee-cdn.com www.redditstatic.com redditstatic.com *.listrakbi.com listrakbi.com chimpstatic.com ml314.com *.fastsimon.co cdn.shareaholic.net *.owneriq.net cdn.tynt.com de.tynt.com shopperapproved.com www.shopperapproved.com googleoptimize.com www.googleoptimize.com partner.shareaholic.net partner.shareaholic.com m9m6e2w5.stackpathcdn.com bat.bing.com instant.page s7.addthis.com platform-api.sharethis.com *.sharethis.com clickcease.com www.clickcease.com funnelytics.io *.funnelytics.io *.tctm.co *.segreencolumn.com *.intercom.io *.intercomcdn.com *.omappapi.com *.pinimg.com assets.sitescdn.net cdn.noibu.com *.cloudfront.com *.cloudfront.net analytics.tiktok.com app.shop.pe shop.pe addshoppers.s3.amazonaws.com static.ecorebates.com *.inspectlet.com 219994.tctm.xyz/t.js ob.segreencolumn.com *.google.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net sandbox-assets.secure.checkout.visa.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com widget.freshworks.com m2epro.freshdesk.com www.shopperapproved.com shopperapproved.com hvacdirect.com *.ecorebates.com a.omappapi.com *.fastsimon.com use.fontawesome.com *.typekit.net cdn.listrakbi.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com js.intercomcdn.com hvacdirect.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com https://stats.addtoany.com/menu api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com www.apptrian.com *.getbread.com *.breadpayments.com *.rbcpayplan.com widget.freshworks.com m2epro.freshdesk.com hvacdirect.com *.inspectlet.com *.intercom.io wss: nexus-websocket-a.intercom.io shareaholic.net *.shareaholic.net shareaholic.com *.shareaholic.com sharethis.com *.sharethis.com funnelytics.io *.funnelytics.io googlesyndication.com pagead2.googlesyndication.com doubleclick.net *.doubleclick.net obs.segreencolumn.com bat.bing.com *.tctm.co *.fastsimon.com api.omappapi.com ct.pinterest.com analytics.tiktok.com app.shop.pe *.noibu.com *.breadgateway.net *.clarity.ms apxl.io 219994.tctm.xyz/x.json monitor.clickcease.com www.clickcease.com suggest.instantsearchplus.com dev.visualwebsiteoptimizer.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.authorize.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com *.fontawesome.com data: *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net youtube.com *.youtube-nocookie.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com js.mollie.com *.google.com cdn.dnky.co www.youtube.com *.hotjar.com *.facebook.com *.trustpilot.com *.criteo.com *.pinterest.com www.xtento.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com maps.gstatic.com maps.googleapis.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://www.mollie.com www.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com *.gstatic.com www.linkedin.com linkedin.com googletagmanager.com amcglobal.sc.omtrdc.net cm.everesttech.net *.trustedshops.com www.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net www.google.be maps.google.com ct.pinterest.com 'self' data: www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com chimpstatic.com downloads.mailchimp.com *.list-manage.com js.mollie.com *.google.com www.gstatic.com google.com www.google.com gstatic.com *.googletagmanager.com *.googleapis.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytics.com *.trustpilot.com *.newrelic.com *.nr-data.net cdn.jsdelivr.net www.googleoptimize.com www.clarity.ms *.datatrics.com *.criteo.net *.criteo.com cdn.mouseflow.com s.pinimg.com ct.pinterest.com *.tradetracker.net *.gstatic.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src downloads.mailchimp.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zopim.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com commerce.adobedc.net api.comapi.com www.google-analytics.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com dpm.demdex.net *.feedbackcompany.com amcglobal.sc.omtrdc.net *.zendesk.com *.nr-data.net www.clarity.ms *.facebook.com *.datatrics.com maps.googleapis.com ct.pinterest.com t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'none'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; connect-src https: wss: 'unsafe-inline'; media-src 'self' data: https://videos.ctfassets.net/; worker-src 'self' blob:; child-src 'self' blob:; font-src 'self' data: https://fonts.gstatic.com/; manifest-src 'self'; img-src 'self' data: https://www.google.com/ https://fonts.gstatic.com/ https://www.google.co.in/ https://www.google.co.nz/ https://*.analytics.google.com/ https://*.paypal.com/ https://www.paypalobjects.com/ https://c5.adalyser.com/ https://cm.everesttech.net/ https://*.google-analytics.com/ https://infos.belong.com.au/ https://www.googletagmanager.com/ https://accounts.google.com/ https://www.google.com/ https://www.google.com.au/ https://sp.analytics.yahoo.com/ https://*.taboola.com/ https://images.ctfassets.net/ https://www.facebook.com/ https://*.cloudfunctions.net/ https://dpm.demdex.net/ android-webview-video-poster:; frame-src 'self' https://insight.adsrvr.org/ https://match.adsrvr.org/ https://tsdtocl.com/ https://*.fls.doubleclick.net/ https://*.hotjar.com/ https://lpcdn.lpsnmedia.net/ https://ssl.kaptcha.com/ https://*.paypal.com/ https://www.paypalobjects.com/ belong://* https://telstra.demdex.net/ https://teamtelstra.demdex.net/ https://mobilemaps.net.au/ https://a18283983956.cdn.optimizely.com/ https://tst.kaptcha.com/ https://www.youtube.com/ https://assets.braintreegateway.com/ https://*.telstra.com.au/; frame-ancestors 'self' https://*.belong-services.com.au https://app.optimizely.com/; object-src 'self'; report-uri https://belong.report-uri.com/r/t/csp/reportOnly; report-to default 1 font-src *.elasticbox.eu *.cdn-cnj.si *.livechatinc.com *.harveynorman.si *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.facebook.com https://lapp.leanpay.hr https://app.leanpay.hr https://lapp.leanpay.si https://app.leanpay.si https://stage-app.leanpay.ro https://vendor.leanpay.ro 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.livechatinc.com *.contentexchange.me *.criteo.com *.hotjar.com *.harveynorman.si *.loadbee.com *.flixcar.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.google.com/ *.doubleclick.net *.facebook.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.elasticbox.eu *.cdn-cnj.si * *.harveynorman.si www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com https://www.magezon.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.elasticbox.eu *.contentexchange.me *.livechatinc.com *.criteo.net *.smind.si *.hotjar.com *.criteo.com *.harveynorman.si *.segmentify.com *.convertexperiments.com *.sgmntfy.com *.loadbee.com *.youreko.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com maps.googleapis.com *.google.com/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googleapis.com *.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.elasticbox.eu *.harveynorman.si *.segmentify.com *.youreko.com unsafe-inline *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com *.google.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.elasticbox.eu *.takoleasy.si *.livechatinc.com *.contentexchange.me *.hotjar.com *.harveynorman.si *.segmentify.com *.convertexperiments.com *.flixcar.com *.criteo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src 'self' data: cdn.embedly.com fonts.gstatic.com js.intercomcdn.com use.typekit.net www.tillerhq.com chrome-extension github.com; form-action 'self' www.facebook.com intercom.help; frame-src 'self' accounts.google.com assets.pinterest.com ct.pinterest.com auth.tillermoney.com data: docs.google.com sheets.tillerhq.com tpc.googlesyndication.com trends.google.com www.awin1.com www.adbstr.com www.facebook.com www.google.com www.googletagmanager.com www.pinterest.com www.zenaps.com bid.g.doubleclick.net intercom-sheets.com videopress.com www.youtube.com; manifest-src 'self'; media-src 'self' data: js.intercomcdn.com videos.files.wordpress.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.embedly.com cdn.ampproject.org cloudfront.net *.cloudfront.net embed.redditmedia.com a.omappapi.com a.optnmstr.com ajax.googleapis.com assets.pinterest.com ssl.gstatic.com ssl.google-analytics.com connect.facebook.net r.wdfl.co s.pinimg.com storychief.piwikpro.com tpc.googlesyndication.com cdn.mxpnl.com cdnjs.cloudflare.com googleads.g.doubleclick.net js.intercomcdn.com static.ads-twitter.com stats.wp.com v0.wordpress.com widget.intercom.io www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.google.com www.pagespeed-mod.com; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com p.typekit.net use.typekit.net; report-uri https://tillerhq.report-uri.com/r/t/csp/reportOnly; report-to default 1 object-src 'none';base-uri 'self';script-src 'nonce-dZdfpRP01TX9vPzJ4N2IfA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'none'; connect-src 'self' litho.silvercloudinc.com integration.silvercloudinc.com integration-cdn.silvercloudinc.com *.google-analytics.com *.g.doubleclick.net bam.nr-data.net bam-cell.nr-data.net cdn.linkedin.oribi.io; font-src 'self' *.gstatic.com; frame-src nwfcu.locatorsearch.com *.google.com www.youtube.com efraudprevention.net www.dinkytown.net cucalc.org; img-src 'self' integration.silvercloudinc.com integration-cdn.silvercloudinc.com *.linkedin.com *.adsymptotic.com *.facebook.com *.google-analytics.com *.google.com images.printable.com www.w3.org; media-src www.learnaboutmoneymovement.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.facebook.net *.licdn.com *.silvercloudinc.com code.jquery.com *.gstatic.com cdn.jsdelivr.net js.adsrvr.org js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net www.dinkytown.net cucalc.org https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src 'self' 'unsafe-inline' integration.silvercloudinc.com *.googleapis.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; frame-ancestors 'self' 1 report-uri https://www.yelp.com/csp_report_only?id=c55abda2f4ff8109&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=41d0c45536d2a082f11d1cd0e00fde7f&site=www×tamp=1711593821; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: blob:; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; font-src data: https:; child-src https: yelp-webview://* yelp://* data:; object-src 'none'; worker-src blob: https:; base-uri 'self'; form-action https: 1 script-src 'strict-dynamic' 'report-sample' 'wasm-unsafe-eval' 'nonce-uCaLLt5Yscpic8Doz8mxWY7/kY1dCbnS+GmTflB59e0='; base-uri 'self'; report-to csp-endpoint 1 default-src 'self' salesforce.okta.com *.oktacdn.com; connect-src 'self' salesforce.okta.com salesforce-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com salesforce.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' salesforce.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'self' salesforce.okta.com *.oktacdn.com; frame-src 'self' salesforce.okta.com salesforce-admin.okta.com login.okta.com com-okta-authenticator:; img-src 'self' salesforce.okta.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' salesforce.okta.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' https://confluence.internal.salesforce.com https://foundation--pie.sandbox.my.salesforce.com https://integration360.lightning.force.com https://powerofus.force.com https://pie-powerofus.usa2s.sfdc-yfeipo.force.com https://org62--62stage2.sandbox.lightning.force.com https://threatcanvas.internal.salesforce.com https://foundation.lightning.force.com https://tc.tm-as-a-service.ast.aws-dev2-uswest2.aws.sfdc.cl https://tabstg.internal.salesforce.com https://foundation.my.site.com https://integration360--i360dev.sandbox.lightning.force.com https://tabdev.internal.salesforce.com https://gus--rakesh.sandbox.lightning.force.com https://spfdev01-supportforce.cs21.force.com https://tabse.internal.salesforce.com https://cichub--stage.sandbox.lightning.force.com https://tabtst.internal.salesforce.com https://mc-00tq6cdjppzlxr9vvx98rqyy1.pub.sfmc-content.com https://foundation--pie.builder.salesforce-communities.com https://supportforce.my.site.com https://supportforce--spfstage.sandbox.my.site.com https://foundation.builder.salesforce-communities.com https://tc.tm-as-a-service.ast-s.aws-esvc1-useast2.aws.sfdc.cl https://sfdc-tab.internal.salesforce.com https://cichub.lightning.force.com https://foundation--pie.my.salesforce.com https://supportforce.force.com https://gus.lightning.force.com https://org62.lightning.force.com https://foundation.my.salesforce.com https://foundation--pie.sandbox.my.site.com 1 "default-src 'self' data: *.facebook.com *.google.com.au *.tpc.googlesyndication.com *.stats.g.doubleclick.net *.google.co.in *.tgtag.io *.youtube.com *.abtasty.com *.gstatic.com *.googleapis.com *.amazonaws.com *.powerfront.com; script-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' *.site.com *.flippingbook.com *.criteo.net *.cquotient.com *.adyen.com *.doubleclick.net *.hotjar.com *.google.com *.googleapis.com *.google-analytics.com *.googleadservices.com *.gstatic.com *.paypal.com *.paypalobjects.com *.facebook.net *.googletagmanager.com *.datatoolscloud.net.au *.igodigital.com *.salesforceliveagent.com *.serving-sys.com *.force.com *.tiqcdn.com *.rezdy.com *.polyfill.io *.cloudflare.com *.subscribepro.com *.dwin1.com *.criteo.com *.adnxs.com *.salesforce.com *.wayin.com *.typekit.net *.ooyala.com *.licdn.com *.getwisp.co *.omneo.io *.vimeo.com *.formstack.com *.thefork.com.au *.resy.com *.tealiumiq.com *.yimg.com *.go2cloud.org *.adobe.com *.cloudfront.net *.sc-static.net sc-static.net *.adsrvr.org *.googleoptimize.com *.googleanalytics.com *.bing.com *.facebook.com *.google.com.au *.tpc.googlesyndication.com *.stats.g.doubleclick.net *.google.co.in *.onelink-edge.com *.inside-graph.com *.fouanalytics.com *.tgtag.io *.youtube.com *.byspotify.com *.abtasty.com *.tryzens.com *.powerfront.com blob:; style-src 'self' data: 'unsafe-inline' 'unsafe-hashes' *.site.com *.adyen.com *.googleapis.com *.force.com *.omneo.io *.subscribepro.com *.datatoolscloud.net.au *.salesforceliveagent.com *.ooyala.com *.formstack.com *.thefork.com.au *.go2cloud.org *.sc-static.net *.google.com *.google-analytics.com *.bing.com *.facebook.com *.google.com.au *.tpc.googlesyndication.com *.stats.g.doubleclick.net *.google.co.in *.inside-graph.com *.fouanalytics.com *.tgtag.io *.youtube.com *.byspotify.com *.abtasty.com *.gstatic.com *.powerfront.com; img-src 'self' data: *.penfolds.com *.site.com *.cloudfront.net *.flippingbook.com *.adyen.com *.doubleclick.net *.facebook.com *.adform.net *.mediavine.com *.postrelease.com *.360yield.com *.twiago.com *.adscale.de *.1rx.io *.meba.kr *.rubiconproject.com *.aralego.com *.daum.net *.adsrvr.org *.dotomi.com *.contextweb.com *.admixer.co.kr *.adsymptotic.com *.smrtb.com *.bnmla.com *.tpmn.co.kr *.zemanta.com *.stackadapt.com *.kakao.com *.toast.com *.outbrain.com *.addthis.com *.gstatic.com *.google-analytics.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.bidswitch.net *.salesforce.com *.googletagmanager.com *.googleapis.com *.paypal.com *.mookie1.com *.igodigital.com *.adnxs.com *.googleadservices.com *.zenaps.com *.placeholder.com *.facebook.net *.3lift.com *.ad-stir.com *.adtdp.com *.advertising.com *.bing.com *.casalemedia.com *.clmbtech.com *.criteo.com *.dmxleo.com *.ivitrack.com *.mgid.com *.omnitagjs.com *.pubmatic.com *.rlcdn.com *.sharethrough.com *.smartadserver.com *.socdm.com *.stickyadstv.com *.taboola.com *.tapad.com *.yahoo.com *.yieldmo.com *.dable.io *.adingo.jp *.gssprt.jp *.microad.jp *.demandware.net *.media.net *.openx.net *.smaato.net *.smartclip.net *.yieldlab.net *.teads.tv *.ants.vn *.adswizz.com *.serving-sys.com *.unsplash.com *.typekit.net *.linkedin.com *.vimeocdn.com *.hotjar.com *.mathtag.com *.tealiumiq.com *.yimg.com *.go2cloud.org *.tpc.googlesyndication.com *.stats.g.doubleclick.net *.inside-graph.com *.fouanalytics.com *.tgtag.io *.youtube.com *.abtasty.com *.amazonaws.com *.powerfront.com blob:; font-src 'self' data: *.site.com *.sfdcstatic.com *.gstatic.com *.typekit.net *.hotjar.com *.ooyala.com *.formstack.com *.go2cloud.org *.inside-graph.com *.fouanalytics.com *.byspotify.com *.abtasty.com *.googleapis.com *.powerfront.com blob:; connect-src 'self' *.site.com *.analytics.google.com analytics.google.com *.flippingbook.com *.hotjar.com *.hotjar.io *.serving-sys.com *.paypal.com *.tryzens-analytics.com:12280 *.tryzens-analytics.com:12443 *.google-analytics.com *.googleapis.com *.tealiumiq.com *.facebook.net *.demandware.net *.ooyala.com *.getomneo.com *.force.com wss: *.yimg.com *.adobe.io *.snapchat.com *.onelink-edge.com *.inside-graph.com *.fouanalytics.com *.youtube.com *.byspotify.com *.abtasty.com https://google.com *.google.com *.adyen.com *.powerfront.com; frame-src 'self' *.adsrvr.org *.vintagejournal.co *.doubleclick.net *.paypalobjects.com *.adyen.com *.hotjar.com *.facebook.com *.criteo.net *.paypal.com *.google.com *.force.com *.rezdy.com *.matterport.com *.criteo.com *.vimeo.com *.wayin.com *.typekit.net *.ooyala.com *.snazzymaps.com https://snazzymaps.com *.spotify.com *.exacttarget.com *.sfmc-content.com *.thefork.com.au *.lafourchette.com *.resy.com vimeo.com *.serving-sys.com *.flipsnack.com *.adobe.com *.opinionstage.com *.cloudfront.net *.penfolds.com *.snapchat.com *.bing.com *.inside-graph.com *.fouanalytics.com *.youtube.com *.byspotify.com *.abtasty.com *.gstatic.com *.googleapis.com *.amazonaws.com *.powerfront.com; worker-src 'self' blob: *.datatoolscloud.net.au *.adyen.com *.cloudflare.com *.cquotient.com *.dwin1.com *.force.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.igodigital.com *.licdn.com *.paypal.com *.paypalobjects.com *.rezdy.com *.salesforceliveagent.com *.serving-sys.com *.tiqcdn.com *.polyfill.io *.doubleclick.net *.facebook.net 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *.getwisp.co *.criteo.com *.subscribepro.com *.youtube.com *.powerfront.com;; report-uri https://289r1hnfc9.execute-api.eu-west-1.amazonaws.com/prod/tweau-cspdata; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.doubleclick.net analytics.google.com www.google.ca www.google.co.in *.clarity.ms c9rr8q7a5h.kameleoon.eu discoverflow.co www.google.com.vc static.scarabresearch.com www.google.nl na-data.kameleoon.io *.twitter.com www.googletagmanager.com recommender.scarabresearch.com *.gstatic.com *.facebook.com *.hotjar.com analytics.discoverflow.co static.katalon.com cdn.scarabresearch.com www.google.dm storerocket.io www.google.com pvev5nmsdp.kameleoon.eu api.mapbox.com udc-neb.kampyle.com cdn.storerocket.io embed.binkies3d.com *.quantummetric.com statin.lat store-stats.cwpweb.cc www.google.tt ogudghp8be.kameleoon.eu adservice.google.com *.googleapis.com nebula-cdn.kampyle.com t.co www.google.com.br 9jo4x7j80d.kameleoon.eu www2.discoverflow.co www.google-analytics.com m06p2cs2rp.kameleoon.eu www.google.com.pa lla-cms-prod.directus.app cro.movil.pa *.ads-twitter.com data.kameleoon.io www.google.co.uk kip.katalon.com ssl.google-analytics.com static.kameleoon.com www.google.gy www.google.com.co webchannel-content.eservice.emarsys.net *.facebook.net cdnjs.cloudflare.com www.google.com.jm metrics.hotjar.io www.googleoptimize.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 default-src 'self' *.doubleclick.net try.abtasty.com get.geojs.io; child-src 'self' blob:; connect-src 'self' cdn.cookielaw.org maps.googleapis.com *.googletagmanager.com *.cedexis.com *.google-analytics.com *.contentsquare.net connect.facebook.net resources.xg4ken.com *.tradelab.fr ib.adnxs.com *.googleadservices.com ad.avtm.fr *.google.com.ua *.cardinalcommerce.com *.online-metrix.net *.fastlylb.net *.facebook.com *.execute-api.us-east-1.amazonaws.com *.google.nl *.metaffiliation.com *.wonderpush.com *.analytics.google.com googleads.g.doubleclick.net static.criteo.net *.criteo.com *.internetpluspro.orange-business.com *.cedexis-radar.net *.google.com *.doubleclick.net *.abtasty.com ipinfo.io *.gstatic.com *.usabilla.com a-cedexis.msedge.net *.onetrust.com *.fastlyb.net swrap.tradedoubler.com sgtm.adagio-city.com *.pinterest.com get.geojs.io analytics.tiktok.com *.nr-data.net *.posthog.com *.us-east-1.amazonaws.com *.kontorolabs.com https://www.google-analytics.com https://www.googletagmanager.com; font-src *; frame-src 'self' *.wpc.alphacdn.net *.cedexis-test.com *.doubleclick.net *.criteo.com static.addtoany.com *.google.com *.youtube.com my.matterport.com *.citrix-itm-test.com *.internetpluspro.orange-business.com *.azioncdn.net *.facebook.com *.criteo.net *.fbcdn.net *.citm-test.com *.cardinalcommerce.com *.online-metrix.net *.bitgravity.com cedexis-test.gcorelabs.com *.contentsquare.net csxd.all.accor.com csxd.mag-adagio.com ct.pinterest.com *.adagio-city.com; img-src * data:; media-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' adagio.nonce cdn.cookielaw.org maps.googleapis.com *.googletagmanager.com *.cedexis.com *.google-analytics.com ssl.google-analytics.com *.contentsquare.net connect.facebook.net resources.xg4ken.com *.tradelab.fr ib.adnxs.com *.googleadservices.com googleads.g.doubleclick.net *.criteo.net *.criteo.com *.internetpluspro.orange-business.com *.cedexis-radar.net *.google.com *.doubleclick.net *.abtasty.com ipinfo.io *.gstatic.com *.usabilla.com a-cedexis.msedge.net *.onetrust.com *.fastlyb.net swrap.tradedoubler.com ad.avtm.fr *.google.com.ua *.google.de *.cardinalcommerce.com *.elitrack.com *.metaffiliation.com *.wonderpush.com https://cdn.jsdelivr.net https://static.addtoany.com https://try.abtasty.com staticaws.fbwebprogram.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-hashes'; script-src-elem 'self' 'unsafe-inline' cdn.cookielaw.org maps.googleapis.com *.googletagmanager.com *.cedexis.com *.google-analytics.com *.contentsquare.net connect.facebook.net resources.xg4ken.com *.tradelab.fr ib.adnxs.com *.googleadservices.com googleads.g.doubleclick.net *.criteo.net *.criteo.com *.internetpluspro.orange-business.com *.cedexis-radar.net *.google.com *.doubleclick.net *.abtasty.com ipinfo.io *.gstatic.com *.usabilla.com a-cedexis.msedge.net *.onetrust.com *.fastlyb.net swrap.tradedoubler.com ad.avtm.fr *.google.com.ua *.cardinalcommerce.com *.online-metrix.net *.quantserve.com *.quantcount.com *.elitrack.com *.metaffiliation.com *.wonderpush.com s.pinimg.com cdn.jsdelivr.net try.adtasty.com *.pinimg.com *.adagio-city.com analytics.tiktok.com *.newrelic.com *.posthog.com https://cdn.jsdelivr.net https://static.addtoany.com https://try.abtasty.com staticaws.fbwebprogram.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://cdn.jsdelivr.net; style-src-attr 'self' 'unsafe-inline' 'unsafe-hashes'; style-src-elem * 'unsafe-inline'; frame-ancestors 'self' 1 font-src data: *.gstatic.com oct8necdneu.azureedge.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com sis-t.redsys.es:* sis.redsys.es sis-t.sermepa.es:* sis.sermepa.es *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.googleapis.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.vimeo.com *.oct8ne.com *.marvimundo.es *.marvimundo.com *.asesorcoloracion.es *.asesordecuidado.es *.diadermine.es *.ekomi.es *.jebbit.com *.reskyt.com *.cookiebot.com *.facebook.com *.doubleclick.net *.sequrapi.com https://sandbox.sequracdn.com https://live.sequracdn.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.googleapis.com *.google.com *.google.es *.google.com.br *.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net oct8necdneu.azureedge.net *.ggpht https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.ekomiapps.de *.facebook.com cdn.doofinder.com *.clarity.ms *.rawgit.com *.jsdelivr.net *.bing.com *.doubleclick.net *.google.sm *.google.sk *.google.si *.google.se *.google.rs *.google.ro *.google.pt *.google.pl *.google.no *.google.me *.google.lv *.google.lu *.google.lt *.google.li *.google.it *.google.is *.google.ie *.google.hu *.google.hr *.google.gr *.google.fr *.google.fi *.google.ee *.google.de *.google.cz *.google.com.ua *.google.com.mt *.google.com.gi *.google.co.uk *.google.ch *.google.bg *.google.be *.google.at *.google.ad https://sandbox.sequracdn.com https://live.sequracdn.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.connectif.cloud polyfill.io *.googleapis.com *.google.com *.google.es *.google.com.br *.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.cookiebot.com *.oct8ne.com *.adyen.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.ekomiapps.de *.cloudflare.com *.cloudflareinsights.com *.newrelic.com *.facebook.net *.facebook.com *.clarity.ms *.doofinder.com *.googlesyndication.com *.nr-data.net *.doubleclick.net *.google.sm *.google.sk *.google.si *.google.se *.google.rs *.google.ro *.google.pt *.google.pl *.google.no *.google.me *.google.lv *.google.lu *.google.lt *.google.li *.google.it *.google.is *.google.ie *.google.hu *.google.hr *.google.gr *.google.fr *.google.fi *.google.ee *.google.de *.google.cz *.google.com.ua *.google.com.mt *.google.com.gi *.google.co.uk *.google.ch *.google.bg *.google.be *.google.at *.google.ad *.sequrapi.com *.hotjar.com https://sandbox.sequracdn.com https://live.sequracdn.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com https://static.klaviyo.com *.ekomiapps.de *.doofinder.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.oct8ne.com *.adyen.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.ekomiapps.de *.cloudflare.com *.cloudflareinsights.com *.cookiebot.com *.newrelic.com *.doofinder.com wss://*.doofinder.com *.clarity.ms *.connectif.cloud *.googlesyndication.com *.nr-data.net *.facebook.com *.doubleclick.net *.google.sm *.google.sk *.google.si *.google.se *.google.rs *.google.ro *.google.pt *.google.pl *.google.no *.google.me *.google.lv *.google.lu *.google.lt *.google.li *.google.it *.google.is *.google.ie *.google.hu *.google.hr *.google.gr *.google.fr *.google.fi *.google.ee *.google.de *.google.cz *.google.com.ua *.google.com.mt *.google.com.gi *.google.co.uk *.google.ch *.google.bg *.google.be *.google.at *.google.ad *.sequrapi.com eu1-search.doofinder.com https://sandbox.sequracdn.com https://live.sequracdn.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.typekit.net fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com *.fontawesome.com *.amasty.com *.vimeo.com *.paypal.com *.dotdigital-pages.com *.dotdigital.com *.adidas.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com *.amasty.com *.paypal.com *.dotdigital-pages.com *.dotdigital.com *.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.livechatinc.com cdn.dnky.co youtube.com www.youtube.com *.hotjar.com *.google.com www.facebook.com *.trustpilot.com *.amasty.com *.vimeo.com *.paypal.com *.dotdigital-pages.com *.dotdigital.com *.yieldify.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.livechatinc.com www.google.com www.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com *.gstatic.com www.linkedin.com linkedin.com www.googletagmanager.com googletagmanager.com gallery.mailchimp.com *.trustedshops.com www.facebook.com *.zopim.com cdn.jsdelivr.net *.amasty.com *.vimeo.com *.paypal.com *.dotdigital-pages.com *.dotdigital.com *.adidas.com *.assets.adidas.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.livechatinc.com google.com www.google.com gstatic.com www.gstatic.com *.googleapis.com cdn.dnky.co api.comapi.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.dotdigital.com snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com connect.facebook.net www.feedbackcompany.com *.trustpilot.com *.newrelic.com *.nr-data.net cdn.jsdelivr.net *.amasty.com *.paypal.com *.avada.io *.yotpo.com *.queue-it.net *.cloudflareinsights.com *.yieldify.com *.ddlnk.net debug-tracking.dotdigital.internal s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.typekit.net *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net *.amasty.com *.vimeo.com *.paypal.com *.dotdigital-pages.com *.dotdigital.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com *.amasty.com *.vimeo.com *.paypal.com *.dotdigital-pages.com *.dotdigital.com *.assets.adidas.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ws: *.livechatinc.com commerce.adobedc.net api.comapi.com www.google-analytics.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com www.feedbackcompany.com *.zendesk.com *.nr-data.net *.amasty.com *.vimeo.com *.paypal.com *.dotdigital-pages.com *.dotdigital.com *.trackedlink.net *.trackedweb.net ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 script-src https: 'strict-dynamic' 'report-sample' 'nonce-CcQkedPDQ8AvFKeG1Gow31x7CexCaQkromOaosO1cZY='; base-uri 'self';report-to csp-endpoint 1 font-src fonts.gstatic.com use.typekit.net *.gstatic.com data: fonts.googleapis.com https://*.klarnacdn.net *.fontawesome.com *.bugherd.com *.cloudfront.net *.klarnacdn.net https://www.oka.com/media/fonts/Segma-Black.woff2 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.facebook.com *.salesforce.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com www.google.com https://photos.pixlee.co https://photos.pixlee.com https://www.googletagmanager.com/ *.krxd.net *.criteo.com *.facebook.com *.oka.com *.hotjar.com *.pinterest.com *.flashtalking.com *.clarity.ms *.doubleclick.net *.quantserve.com *.wistia.com *.paypalobjects.com *.user1st.info *.vimeo.com *.addthis.com *.spotify.com *.getfeedback.com https://pay.google.com/ www.xtento.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.adyen.com *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com https://www.google.com https://www.google.co.uk https://www.gstatic.com https://d1fd8aj8bhyfe9.cloudfront.net https://cdn-ukwest.onetrust.com https://img.youtube.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.google.co.uk *.google.com *.linksynergy.com *.krxd.net *.postcodeanywhere.co.uk *.linkedin.com *.bing.com *.pinterest.com *.facebook.com *.atdmt.com *.doubleclick.net *.cloudfront.net *.rubiconproject.com *.bidswitch.net *.pubmatic.com *.360yield.com *.media.net *.teads.tv *.yieldmo.com *.3lift.com *.openx.net *.smaato.net *.advertising.com *.outbrain.com *.yahoo.com *.tapad.com *.aboola.com *.mediawallahscript.com *.casalemedia.com *.mgid.com *.addthis.com *.igodigital.com *.hotjar.com *.usehero.com *.amazonaws.com *.adsymptotic.com *.clarity.ms *.oka.com *.quantserve.com *.akamaihd.net *.wistia.com *.alocdn.com *.tvsquared.com *.googletagmanager.com https://polaris.truevaultcdn.com www.xtento.com cdn.xtento.com https://redchamps.com 'self' data: data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com assets.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.adyen.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.attn.tv events.attentivemobile.com https://*.klarnaservices.com s7.addthis.com https://party11141.pcapredict.com https://suite56.emarsys.net https://assets.pxlecdn.com https://region1.analytics.google.com https://register.feefo.com https://js-agent.newrelic.com https://bam.nr-data.net https://services.postcodeanywhere.co.uk https://d3dh5c7rwzliwm.cloudfront.net https://d32106rlhdcogo.cloudfront.net https://dgf0rw7orw6vf.cloudfront.net https://ajax.cloudflare.com https://cdn.noibu.com https://client.prod.mplat-ppcprotect.com https://okadev-1.store.advancedcommerce.services/graphenehc.js player.vimeo.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.rakuten.com *.onetrust.com *.krxd.net *.usehero.com *.newrelic.com *.nr-data.net *.online-metrix.net *.pcapredict.com *.postcodeanywhere.co.uk *.criteo.net *.criteo.com *.bugherd.com *.cloudfront.net *.licdn.com *.pinimg.com *.bing.com *.facebook.net *.oka.com *.igodigital.com *.hotjar.com *.pinterest.com *.clarity.ms *.doubleclick.net *.quantserve.com *.quantcount.com *.wistia.com *.user1st.info *.tvsquared.com *.googleoptimize.com *.klarnaservices.com *.addthis.com *.addthisedge.com *.moatads.com *.getfeedback.com https://polaris.truevaultcdn.com https://static.cloudflareinsights.com www.xtento.com cdn.xtento.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://*.klarnacdn.net https://register.feefo.com https://services.postcodeanywhere.co.uk *.fontawesome.com *.postcodeanywhere.co.uk *.cloudfront.net *.klarnacdn.net *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.usehero.com *.oka.com *.googleadservices.com *.google-analytics.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.adyen.com *.attn.tv events.attentivemobile.com https://*.klarnaservices.com ekr.zdassets.com/ https://party11141.pcapredict.com https://suite56.emarsys.net https://assets.pxlecdn.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://register.feefo.com https://inbound-analytics.pixlee.com https://pce.afd.co.uk https://bam.nr-data.net https://cdn-ukwest.onetrust.com https://geolocation.onetrust.com https://region1.google-analytics.com https://click.prod.mplat-ppcprotect.com https://okadev-1.store.advancedcommerce.services/graphenehc.js http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.adobedtm.com *.onetrust.com *.usehero.com *.nr-data.net *.doubleclick.net *.postcodeanywhere.co.uk *.bugsnag.com *.pusherapp.com *.googleapis.com *.pinterest.com *.bugherd.com *.hotjar.com *.hotjar.io http://*.hotjar.com:* wss://*.hotjar.com *.oka.com *.clarity.ms *.akamaihd.net *.wistia.com *.litix.io *.paypal.com *.vimeo.com *.klarnaservices.com https://js.klarna.com/ https://js.playground.klarna.com/ *.cardinalcommerce.com *.bing.com https://location.truevaultcdn.com https://okadev-1.store.advancedcommerce.services https://oka-1.store-uk1.advancedcommerce.services https://oka.tracking-uk1.advancedcom https://www.google.com https://px.ads.linkedin.com https://r.lr-intake.com https://pay.google.com/ data: t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.dpm.demdex.net/ *.js-agent.newrelic.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.doubleclick.net cdn.cookielaw.org origin.acuityplatform.com knrpc.olark.com www.google.com *.demdex.net sync.1rx.io cdn.uplift.com loadm.exelator.com e.acuityplatform.com *.googlesyndication.com api.olark.com www.googletagmanager.com pm-mrkt.uplift.com client-api.auryc.com cdn.auryc.com travel-img.s3.amazonaws.com cdn.optinly.net my.hellobar.com www.cloudflare.com h.plerdy.com *.2o7.net six.cdn-net.com adservice.google.com www.uplift-platform.com www.globalmediaserver.com *.facebook.com image2.pubmatic.com *.bluekai.com *.omtrdc.net *.adsrvr.org static.olark.com s.ad.smaato.net pixel.tapad.com cdn.ywxi.net travel-img-assets.s3-us-west-2.amazonaws.com idsync.rlcdn.com www.google-analytics.com bam.nr-data.net d.plerdy.com *.cloudfront.net s3-us-west-2.amazonaws.com images.scanalert.com cdn.uplift-platform.com *.gstatic.com pixel.advertising.com analytics.google.com mt.auryc.com s3.amazonaws.com a.plerdy.com cdn.subscribers.com wss://d.plerdy.com *.everesttech.net www.google.ca www.redtag.ca sync.crwdcntrl.net redtag-ca.s3.amazonaws.com *.googleapis.com rum-static.pingdom.net bat.bing.com rum-collector-2.pingdom.net assets.adobedtm.com *.agkn.com log.olark.com static.optinly.net *.facebook.net *.bidswitch.net www.imgserver.ca www.cdn-net.com js-agent.newrelic.com maxcdn.bootstrapcdn.com fei.pro-market.net *.admanmedia.com itravel2000.s3.amazonaws.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 font-src *.zipmoney.com.au *.iyzipay.com *.gstatic.com *.cloudfront.net *.zip.co *.checkout.com data: 'self' 'unsafe-inline';frame-ancestors 'self';frame-src *.euw2.pure.cloud *.adyen.com *.brightcove.net *.salecycle.com *.tradedoubler.com *.pure.cloud 'self' 'unsafe-inline';img-src *.s3.amazonaws.com *.dyson.lv *.zipmoney.com.au *.boldchat.com *.mktgcdn.com *.dyson.vn *.afterpay.com *.euw2.pure.cloud *.facebook.com *.adyen.com *.assetsadobe2.com *.zip.co *.amazonaws.com *.adobe.com *.google-analytics.com *.riskified.com *.dyson.com.ro *.bazaarvoice.com *.omtrdc.net *.yahoo.net *.googletagmanager.com *.brightcove.com *.boltdns.net *.dyson.co.uk data: 'self' 'unsafe-inline';script-src https://mt.adobe.launch.script.test.js/ *.bambuser.com *.boldchat.com *.queue-it.net *.dyson.lv *.newrelic.com *.googleapis.com *.google-analytics.com *.adobedtm.com *.bazaarvoice.com *.optimizely.com *.nr-data.net *.newrelic.com *.euw2.pure.cloud *.afterpay.com *.googletagmanager.com *.go-mpulse.net *.facebook.net *.brightcove.net *.amazonaws.com *.salecycle.com *.riskified.com *.zencdn.net *.zipmoney.com.au *.zip.co *.pure.cloud blob: 'self' 'unsafe-inline' 'unsafe-eval';style-src *.amazonaws.com *.googleapis.com *.optimizely.com *.checkout.com *.zip.co 'self' 'unsafe-inline';object-src *.euw2.pure.cloud 'self' 'unsafe-inline';child-src *.euw2.pure.cloud blob: 'self' 'unsafe-inline';media-src *.s3.amazonaws.com *.assetsadobe.com *.euw2.pure.cloud blob: 'self' 'unsafe-inline';manifest-src 'self' 'unsafe-inline';connect-src *.dyson.lv *.akstat.io *.boldchat.com wss://websocket.bold360.com *.google.com *.demdex.net wss://webmessaging.euw2.pure.cloud *.nanorep.co *.nr-data.net *.adyen.com *.cloudfront.net *.amazonaws.com *.newrelic.com *.omtrdc.net *.bazaarvoice.com *.go-mpulse.net *.google-analytics.com *.salecycle.com *.doubleclick.net *.zip.co *.riskified.com *.zipmoney.com.au *.pure.cloud *.brightcove.com *.boltdns.net *.akamaihd.net 'self' 'unsafe-inline';base-uri 'self' 'unsafe-inline'; 1 default-src 'self'; img-src 'self' www.google-analytics.com ajax.googleapis.com www.google.com google.com gstatic.com www.gstatic.com secure.gravatar.com; 1 font-src *.fontawesome.com fonts.gstatic.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://a.klaviyo.com *.listrakbi.com maps.gstatic.com *.ggpht store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.listrakbi.com https://static-tracking.klaviyo.com https://ipinfo.io maps.googleapis.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.listrakbi.com *.fontawesome.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://fast.a.klaviyo.com https://a.klaviyo.com https://ipinfo.io *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com *.stackpathcdn.com docker.intra.macron.com:* login.macron.com *.hotjar.io *.hotjar.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.facebook.com https://store.plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com www.paypal.com www.sandbox.paypal.com *.adyen.com www.google.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com www.youtube.com docker.intra.macron.com:* login.macron.com *.criteo.com *.facebook.com *.hotjar.io *.hotjar.com https://store.plumrocket.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com *.vimeocdn.com s.ytimg.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.adyen.com data: maps.googleapis.com maps.gstatic.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com www.google.it www.google.com www.facebook.com *.stackpathcdn.com i.ytimg.com *.amasty.com placehold.it *.cdninstagram.com docker.intra.macron.com:* login.macron.com *.yandex.com *.hotjar.io *.hotjar.com 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.adyen.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.google.com www.gstatic.com chimpstatic.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.google-analytics.com *.googletagmanager.com *.newrelic.com *.nr-data.net connect.facebook.net *.doubleclick.net *.stackpathcdn.com player.vimeo.com docker.intra.macron.com:* login.macron.com mc.yandex.ru *.criteo.net *.criteo.com *.hotjar.io *.hotjar.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.stackpathcdn.com docker.intra.macron.com:* login.macron.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.doubleclick.net www.google-analytics.com *.nr-data.net *.stackpathcdn.com *.instagram.com docker.intra.macron.com:* login.macron.com mc.yandex.ru vimeo.com *.facebook.com *.hotjar.io *.hotjar.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-dca_H0KT3liZ1cJ1jGqRbA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src fonts.gstatic.com use.typekit.net *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com https://media.flixcar.com https://media.flixfacts.com *.oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.twitter.com https://credomatic.compassmerchantsolutions.com https://integracion.alignetsac.com https://eu-test.oppwa.com https://staging.ptranz.com/api/spi/Conductor https://gateway.ptranz.com/api/spi/Conductor https://eu-prod.oppwa.com https://otpbk.datafast.com.ec https://vpayment.verifika.com https://oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.twitter.com https://service.force.com/ https://h.online-metrix.net https://www.facebook.com/ https://integracion.alignetsac.com https://eu-test.oppwa.com https://preaprobados.unicomer.com/ https://lacuracaoapps.com/ https://unicomer-ecuador-guayaquil.dispatchtrack.com/ https://unicomer-ecuador-quito.dispatchtrack.com/ https://ficohsa.pixelpay.app https://eu-prod.oppwa.com https://otpbk.datafast.com.ec https://ppipe.net https://vpayment.verifika.com https://media.flixcar.com https://hp.omnitok.com/ https://front-notrack.indexado.production.pmbox.cloud https://pagostest.datafast.com.ec https://eu-test.ppipe.net https://oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.demdex.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com/ https://www.youtube.com https://www.facebook.com/ connect.facebook.net graph.facebook.com business.facebook.com *.twitter.com https://service.force.com/ https://h.online-metrix.net https://integracion.alignetsac.com https://eu-test.oppwa.com https://preaprobados.unicomer.com/ https://lacuracaoapps.com/ https://unicomer-ecuador-guayaquil.dispatchtrack.com/ https://unicomer-ecuador-quito.dispatchtrack.com/ https://ficohsa.pixelpay.app https://eu-prod.oppwa.com https://otpbk.datafast.com.ec https://ppipe.net https://vpayment.verifika.com https://media.flixcar.com https://hp.omnitok.com/ https://front-notrack.indexado.production.pmbox.cloud https://pagostest.datafast.com.ec https://eu-test.ppipe.net https://oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx *.v1.modern-life-interactive.com https://v1.modern-life-interactive.com hn.ficoposonline.com *.cloudfront.net https://notrack.indexado.pmbox.cloud c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com https://vpos.infonet.com.py/ https://vpos.infonet.com.py:8888/ https://centinelapi.cardinalcommerce.com https://centinelapi.cardinalcommerce.com/V1/Cruise/Collect 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://www.magezon.com https://www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu https://lcoimgprod-grupounicomer.netdna-ssl.com https://cmsuat.lacuracaonline.com https://maps.gstatic.com https://maps.googleapis.com/ *.online-metrix.net https://radioshackla-uat-grupounicomer.netdna-ssl.com https://log.pinterest.com https://gollotienda-uat-24-grupounicomer.netdna-ssl.com https://eu-test.oppwa.com https://img.youtube.com https://unicomer--c.na100.visual.force.com https://unicomer--c.vf.force.com https://unicomer.lightning.force.com https://unicomer.my.salesforce.com https://unicomer--uat.sandbox.my.site.com https://eu-prod.oppwa.com https://otpbk.datafast.com.ec *.demoup.com https://media.flixcar.com https://rt.flix360.com https://event.syndigo.cloud https://event.webcollage.net https://fonts.gstatic.com https://www.googletagmanager.com https://d3np41mctoibfu.cloudfront.net https://media.flixfacts.com https://content.syndigo.com https://s3-sa-east-1.amazonaws.com *.oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx *.ggpht.com https://cdn.cs.1worldsync.com https://files.alquimio.cloud https://fichashppervasive.blob.core.windows.net *.cc.cnetcontent.com https://mycliplister.com/ *.igodigital.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com * www.googleadservices.com www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com *.magento-ds.com www.googletagmanager.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://h.online-metrix.net *.oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://digital-gollo.cs24.force.com https://unicomer--digital.cs24.my.salesforce.com https://c.la1-c1cs-ph2.salesforceliveagent.com/content 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://service.force.com https://integracion.alignetsac.com https://gollotienda-uat-24-grupounicomer.netdna-ssl.com https://eu-test.oppwa.com https://gollo.force.com https://unicomer.my.site.com https://eu-prod.oppwa.com https://otpbk.datafast.com.ec https://vpayment.verifika.com https://unicomer--uat.sandbox.my.site.com https://media.flixcar.com https://www.googletagmanager.com https://oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx *.1worldsync.com unsafe-inline assets.braintreegateway.com https://digital-gollo.cs24.force.com https://unicomer--digital.cs24.my.salesforce.com https://c.la1-c1cs-ph2.salesforceliveagent.com/content 'self' 'unsafe-inline'; object-src https://h.online-metrix.net *.oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com https://image.unicomermktg.com 'self' blob: *.demoup.com *.oppwa.com https://static.zdassets.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net * www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com https://maps.googleapis.com https://service.force.com/ https://log.pinterest.com https://h.online-metrix.net https://gollotienda-uat-24-grupounicomer.netdna-ssl.com https://integracion.alignetsac.com https://eu-test.oppwa.com https://eu-prod.oppwa.com https://otpbk.datafast.com.ec https://oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx blob: api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com https://digital-gollo.cs24.force.com https://unicomer--digital.cs24.my.salesforce.com https://c.la1-c1cs-ph2.salesforceliveagent.com/content 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.artefacta.com/pr-csp/report/add/; report-to report-endpoint; 1 default-src 'self' *.viabenefits.com; script-src 'self' *.viabenefits.com *.cobrowse.pega.com polyfill.io *.fullstory.com www.googletagmanager.com *.qualtrics.com *.comm100.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' *.viabenefits.com *.cobrowse.pega.com 'unsafe-inline'; connect-src 'self' *.viabenefits.com *.fullstory.com *.qualtrics.com *.comm100.io *.launchdarkly.com *.services.visualstudio.com *.applicationinsights.azure.com cdn.jsdelivr.net www.google-analytics.com; img-src 'self' *.viabenefits.com *.qualtrics.com media.umbraco.io i.vimeocdn.com; 1 object-src 'none';base-uri 'self';script-src 'nonce-lvMZxM52ted0-ei3DAViTg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.fontawesome.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com js.stripe.com https://assets.moip.com.br c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com *.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com js.stripe.com *.googletagmanager.com *.facebook.net *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline assets.braintreegateway.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.adyen.com *.google-analytics.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.doubleclick.net/ *.paypal.com *.vimeo.com *.demdex.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com *.mailchimp.com gallery.mailchimp.com *.gstatic.com *.google.com *.google.it *.googleapis.com *.google-analytics.com *.analytics.google.com *.googleadservices.com *.vimeo.com *.googletagmanager.com *.paypal.com *.paypalobjects.com *.demdex.net *.amazonaws.com *.swagger.io *.ytimg.com *.doubleclick.net *.magentocommerce.com *.adobe.com *.everesttech.net *.omtrdc.net *.adobedtm.com *.bing.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.youtube.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com s7.addthis.com *.adobedtm.com *.googleadservices.com *.google.com *.doubleclick.net *.googletagmanager.com *.paypal.com *.paypalobjects.com *.googleapis.com *.vimeo.com *.chimpstatic.com *.mailchimp.com *.addthis.com *.bing.com *.hotjar.com *.facebook.net *.iubenda.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.fontawesome.com *.googleapis.com *.iubenda.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ekr.zdassets.com/ *.demdex.net *.omtrdc.net *.google-analytics.com *.googleadservices.com *.google.com *.googletagmanager.com *.vimeo.com *.paypal.com *.paypalobjects.com *.zdassets.com *.googleapis.com *.youtube.com https://maps.googleapis.com https://fonts.googleapis.com *.doubleclick.net *.hotjar.com *.iubenda.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.onlinegames22.com m.pgf-thzvvo.com *.googleapis.com *.gstatic.com update.waspadfpj.com lobby.gold88dragon.com m.pgf-thek63.com cdn.dcloud.net.cn gameweb.rsgaming888.com wss://wss.waspzf.com api-www.wasptha.com www.recaptcha.net wbgame.bd33fgabh.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 font-src https://fonts.gstatic.com/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.portmone.com.ua https://td.doubleclick.net/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://www.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://www.google.ca/pagead https://www.google.ca/pagead/1p-user-list/ https://www.google.ca/ads/ga-audiences www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com *.googletagmanager.com *.google-analytics.com www.portmone.com.ua https://connect.facebook.net https://www.google.ca/pagead/1p-user-list/ https://www.google.ca/ads/ga-audiences https://tools.luckyorange.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com cdn.bitrix24.ua yaposhka.bitrix24.ua 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com *.googletagmanager.com *.google-analytics.com unsafe-inline cdn.bitrix24.ua yaposhka.bitrix24.ua 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://www.googleadservices.com *.googletagmanager.com *.google-analytics.com *.stats.g.doubleclick.net gate.portmone.com.ua https://pagead2.googlesyndication.com/pagead/buyside_topics/set/ https://stats.g.doubleclick.net https://tools.luckyorange.com https://settings.luckyorange.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-Fn7j9lWjDDpSZ9a1a2eW4w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.cz https://www.myheritage.cz 'unsafe-eval' 'nonce-4487875ff9afe39fe91ce599ff9ef3c9' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.cz;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1 font-src https://fonts.gstatic.com *.cloudflare.com *.gstatic.com *.fontawesome.com https://www.google.com https://www.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://0merchantacsstag.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com https://assets.braintreegateway.com https://c.paypal.com https://tst.kaptcha.com https://geostag.cardinalcommerce.com https://0merchantacsstag.cardinalcommerce.com https://centinelapistag.cardinalcommerce.com https://checkout.paypal.com https://www.google.com https://player.vimeo.com static.addtoany.com *.addthis.com *.cookiebot.com *.criteo.com *.doubleclick.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://www.google.it https://b.stats.paypal.com https://c.paypal.com https://dub.stats.paypal.com blob: https://maps.google.com https://maps.gstatic.com *.facebook.com *.google.it *.bidswitch.net *.doubleclick.net *.criteo.com *.media.net *.rubiconproject.com *.sharethrough.com *.smartadserver.com *.taboola.com *.teads.tv *.3lift.com *.ups.analytics.yahoo.com *.adform.net *.omnitagjs.com *.casalemedia.com id5-sync.com *.360yield.com *.ivitrack.com *.mediavine.com/ *.outbrain.com *.pubmatic.com *.tremorhub.com *.yieldlab.net *.krxd.net *.thebrighttag.com *.cookiebot.com *.googleapis.com *.gstatic.com *.bird.eu https://cdn.clerk.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com https://c.paypal.com https://songbirdstag.cardinalcommerce.com https://maps.google.com https://maps.googleapis.com static.addtoany.com connect.facebook.net *.addthis.com *.moatads.com *.addthisedge.com *.cookiebot.com *.criteo.com *.gestpay.net *.dwin1.com *.hotjar.com *.sella.it *.roeyecdn.com *.googleapis.com *.gstatic.com https://api.clerk.io https://cdn.clerk.io *.google.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com https://www.gstatic.com *.cloudflare.com fonts.googleapis.com https://api.clerk.io https://cdn.clerk.io *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com *.addtoany.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com https://payments.sandbox.braintree-api.com https://api.sandbox.braintreegateway.com https://origin-analytics-sand.sandbox.braintree-api.com https://centinelapistag.cardinalcommerce.com https://kg668dbov0.execute-api.us-east-1.amazonaws.com https://writer.cardinalcommerce.com https://www.sandbox.paypal.com https://vimeo.com https://maps.googleapis.com *.addthis.com *.googleapis.com *.doubleclick.net *.cookiebot.com *.google-analytics.com *.google.com *.criteo.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com t.elasticsuite.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://www.google.com/ https://www.gstatic.com/ https://maps.googleapis.com/ https://www.google-analytics.com/ https://static.cloudflareinsights.com/ data: *.core.windows.net https://maps.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com self *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com secure.nmi.com secure.networkmerchants.com collectcheckout.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://*.doubleclick.net/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * secure.nmi.com secure.networkmerchants.com collectcheckout.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://kalicr.com https://www.google.co.cr/ https://www.facebook.com/ https://almaceneselrey.com/ https://www.google.com/ https://www.gstatic.com/ https://maps.googleapis.com/ https://www.google-analytics.com/ https://static.cloudflareinsights.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.core.windows.net https://maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://googletagmanager.com/ https://www.googletagmanager.com/ data: https://connect.facebook.net/ https://www.google.com/ https://www.gstatic.com/ https://maps.googleapis.com/ https://www.google-analytics.com/ https://static.cloudflareinsights.com/ s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.core.windows.net https://maps.gstatic.com secure.nmi.com secure.networkmerchants.com collectcheckout.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://credomatic.compassmerchantsolutions.com/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://googletagmanager.com/ https://www.googletagmanager.com/ data: https://secure.networkmerchants.com/ https://www.google.com/ https://www.gstatic.com/ https://maps.googleapis.com/ https://www.google-analytics.com/ https://static.cloudflareinsights.com/ unsafe-inline assets.braintreegateway.com *.core.windows.net https://maps.gstatic.com secure.nmi.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.core.windows.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://credomatic.compassmerchantsolutions.com/ https://googletagmanager.com/ https://www.googletagmanager.com/ https://*.doubleclick.net/ data: https://www.facebook.com/ https://www.google.com/ https://www.gstatic.com/ https://maps.googleapis.com/ https://www.google-analytics.com/ https://static.cloudflareinsights.com/ ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.core.windows.net https://maps.gstatic.com secure.nmi.com secure.networkmerchants.com collectcheckout.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none'; script-src 'self' 'unsafe-eval' fonts.googleapis translate.google.com translate.googleapis.com translate-pa.googleapis.com *.gstatic.com siteimproveanalytics.com *.siteimprove.com svc.webspellchecker.net js-agent.newrelic.com bam.nr-data.net assets.pinterest.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://rebilly.github.io https://unpkg.com maps.googleapis.com platform.instagram.com platform.twitter.com; script-src-attr 'self'; script-src-elem 'self' fonts.googleapis translate.google.com translate.googleapis.com translate-pa.googleapis.com *.gstatic.com siteimproveanalytics.com *.siteimprove.com svc.webspellchecker.net js-agent.newrelic.com bam.nr-data.net assets.pinterest.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://rebilly.github.io https://unpkg.com maps.googleapis.com platform.instagram.com platform.twitter.com; style-src 'self' fonts.googleapis translate.google.com translate.googleapis.com translate-pa.googleapis.com *.gstatic.com siteimproveanalytics.com *.siteimprove.com svc.webspellchecker.net js-agent.newrelic.com bam.nr-data.net fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-attr 'self'; frame-ancestors 'self' 1 base-uri 'self'; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubbc97f311fa4b760aa9d5cff03790e285&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=production; font-src 'self' fast.fonts.net fonts.gstatic.com *.fontawesome.com d2m21dzi54s7kp.cloudfront.net cdnjs.cloudflare.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' d2m21dzi54s7kp.cloudfront.net *.googletagmanager.com *.addthis.com *.addthisedge.com *.informz.net *.adroll.com *.snapengage.com *.bugherd.com *.facebook.com *.bootstrapcdn.com cdnjs.cloudflare.com polyfill.io *.moatads.com *.fontawesome.com *.google-analytics.com *.licdn.com *.googleapis.com *.facebook.net; media-src 'self'; object-src 'self' 1 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.klevu.com *.ksearchnet.com *.personalizer.ai data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.vimeo.com script.crazyegg.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.klevu.com *.ksearchnet.com *.personalizer.ai *.eplaneta.ha.rs *.eplaneta.rs *.google.hr *.google.rs script.crazyegg.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com js.klevu.com *.ksearchnet.com *.klevu.com *.personalizer.ai *.platforma-microservices.loc platforma-microservices.loc script.crazyegg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.klevu.com *.ksearchnet.com *.personalizer.ai script.crazyegg.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.klevu.com *.ksearchnet.com *.personalizer.ai *.zsdevelopment.com *.platforma-microservices.loc platforma-microservices.loc *.remiks.com *.eplaneta.rs *.google.hr *.google.rs *.doubleclick.net script.crazyegg.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-K2RwlQ_5tySH-ltartH1tQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-fTot8PWNoSuRB7czzajvHA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 style-src 'self' *.cloudflare.com 'unsafe-hashes' 'unsafe-inline' 'nonce-9AjZGf29PMB+1FyXeSs5dQ=='; report-uri /nelmio/csp/report 1 font-src fonts.gstatic.com use.typekit.net https://fonts.gstatic.com/ https://fonts.googleapis.com/ *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com self *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.bitrix24.es *.facebook.net 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com https://*.doubleclick.net/ https://rum-static.pingdom.net/ https://11469910.fls.doubleclick.net/ https://www.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.facebook.com *.bitrix24.es *.facebook.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://kalicr.com https://www.google.co.cr/ https://11469910.fls.doubleclick.net/ *.google.com *.facebook.com https://connect.facebook.net/ https://www.tiendasekono.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.syteapi.com *.facebook.net *.google.co.cr *.bitrix24.es *.tiendasekono.com *.doubleclick.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://googletagmanager.com/ https://www.googletagmanager.com/ data: https://cdn.frizbit.com/ https://rum-static.pingdom.net/ *.smartlook.com/ *.facebook.com https://www.gstatic.com/ https://www.google.com/ https://bam.nr-data.net/ https://js-agent.newrelic.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.syteapi.com *.bitrix24.es *.pingdom.net *.facebook.net *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://googletagmanager.com/ https://www.googletagmanager.com/ data: *.fontawesome.com unsafe-inline assets.braintreegateway.com *.bitrix24.es 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io https://googletagmanager.com/ https://www.googletagmanager.com/ https://*.doubleclick.net/ data: https://manager.eu.smartlook.cloud/ https://rum-collector-2.pingdom.net/ https://analytics.google.com/ https://www.yotpo.com/ https://bam.nr-data.net/ https://stats.g.doubleclick.net/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com syteapi.com *.syteapi.com *.facebook.com *.pingdom.net *.bitrix24.es *.facebook.net *.googlesyndication.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-FYdD1pEW_NUVg1C1rc7iAQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src 'self' 127.0.0.1:8182 127.0.0.1:8888 127.0.0.1:5005; frame-src 'self'; object-src 'self'; report-uri /cspreportonly; 1 font-src use.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com use.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com *.cardinalcommerce.com *.paypal.com www.facebook.com plumrocket.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com paypal.com https://maps.google.com/ bid.g.doubleclick.net *.authorize.net *.paypal.com google.com googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cloudinary.com *.cloudinary.com cdnjs.cloudflare.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.braintreegateway.com *.google.com plumrocket.com accounts.google.com xtento.com www.facebook.com vars.hotjar.com tsdtocl.com bakedbymelissa.secure.force.com tst.kaptcha.com *.optimizely.com ct.pinterest.com creatives.attn.tv https://plumrocket.com https://accounts.google.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.bakedbymelissa.com m2prod.bakedbymelissa.com *.demdex.net googleadservices.com google-analytics.com paypal.com *.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de cloudinary.com *.cloudinary.com *.stats.paypal.com xtento.com cdn.xtento.com self unsafe-inline *.googleadservices.com *.google-analytics.com paypalobjects.com px.ads.linkedin.com *.klaviyo.com fast.a.klaviyo.com *.taboola.com *.bing.com *.twitter.com idsync.rlcdn.com *.google.com *.google.co.in *.clarity.ms facebook.com *.pinterest.com *.adroll.com cm.g.doubleclick.net dsum-sec.casalemedia.com *.bidswitch.net *.rubiconproject.com *.openx.net *.advertising.com *.outbrain.com *.pubmatic.com *.yahoo.com *.3lift.com *.adnxs.com *.eb2.3lift.com *.inspectlet.com t.co *.youtube.com www.facebook.com sealserver.trustwave.com www.trustlogo.com maps.gstatic.com maps.googleapis.com services.postcodeanywhere.co.uk secure.trust-provider.com www.linkedin.com p.adsymptotic.com segments.company-target.com testgvbgjbhjb.com assets.codepen.io google.com www.fitnesspark.fr gwiq-v3.globalwebindex.net platform.rtbiq.com adventori.com sync.im-apps.net uipglob.semasio.net nxtck.com zdbb.net ds.reson8.com track.linksynergy.com googleads.g.doubleclick.net pippio.com tags.rd.linksynergy.com sync.mathtag.com match.adsrvr.org s.amazon-adsystem.com usermatch.krxd.net beacon.krxd.net tags.bluekai.com gum.criteo.com idsync.reson8.com sync-tm.everesttech.net loadm.exelator.com ads.scorecardresearch.com d.turn.com pm.w55c.net lrpush.apxlv.com gpush.cogocast.net adadvisor.net p.rfihub.com bcp.crwdcntrl.net beacon.walmart.com www.googletagmanager.com um.simpli.fi d7881004885063302109-t7648079750282670895.id.amgdgt.com *.id.amgdgt.com pixel.sitescout.com lrp.mxptint.net sync.srv.stackadapt.com rtb.adentifi.com match.prod.bidr.io cw.addthis.com sync.ipredictive.com sync.tidaltv.com x.dlx.addthis.com pixel.tapad.com epiv.cardlytics.com aa.agkn.com www.entitytag.co.uk ads.avocet.io rtb-csync.smartadserver.com px.owneriq.net bttrack.com pixel.spotify.com usersync-b3.videoamp.com ssum.casalemedia.com ads.undertone.com evt.undertone.com a.tribalfusion.com *.tribalfusion.com s.tribalfusion.com dps.admission.net ps.eyeota.net pxl.jivox.com cs.choozle.com ml314.com seg.sharethis.com mpp.vindicosuite.com liveramp2waycm-atl.netmng.com global.ib-ibi.com odr.mookie1.com dp-sync.dotomi.com pixel.prfct.co crb.kargo.com su.addthis.com aorta.clickagy.com d.agkn.com stags.bluekai.com sync.crwdcntrl.net u.fg8dgt.com fzlnk.com ums.acuityplatform.com synchroscript.deliveryengine.adswizz.com apolloprogram.io sync.smartadserver.com www.storygize.net mmtro.com live.rezync.com wam.solution.weborama.fr p.tvpixel.com img.webmd.com sync.1rx.io sync.targeting.unrulymedia.com cm.ctnsnet.com t.myvisualiq.net tag.clrstm.com dp2.33across.com fei.pro-market.net vop.sundaysky.com load.instinctiveads.com b1sync.zemanta.com ag.innovid.com cm.adgrx.com cm.eyereturn.com x.skimresources.com track2.securedvisit.com cmi.netseer.com c.us1.dyntrk.com secure.insightexpressai.com services.xg4ken.com magnetic.t.domdex.com sync.mediawallahscript.com action.media6degrees.com jadserve.postrelease.com p.mmsho.com trkn.us io.narrative.io pt.ispot.tv www.totaljobs.com prod.y-medialink.com soundwave.bnmla.com dsp.adfarm1.adition.com fr.shopping.rakuten.com/ player.inu.la fksnk.com tg.socdm.com alb.reddit.com https://img.youtube.com www.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.pcapredict.com *.adobedtm.com *.authorize.net *.queue-it.net *.hotjar.com googleadservices.com google-analytics.com *.google-analytics.com paypalobjects.com paypal.com *.braintreegateway.com *.ytimg.com googleapis.com gstatic.com *.cardinalcommerce.com googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.klaviyo.com fast.a.klaviyo.com cloudinary.com *.cloudinary.com cdnjs.cloudflare.com *.trackedlink.net *.trackedweb.net webchat.dotdigital.com cdn.dnky.co s7.addthis.com google.com https://accounts.google.com xtento *.xtento self unsafe-inline unsafe-eval *.adroll.com static.ads-twitter.com snap.licdn.com/ static.zdassets.com *.pinimg.com *.bing.com cdn.attn.tv *.facebook.net cdn.pdst.fm *.taboola.com analytics.tiktok.com *.liadm.com tag.rmp.rakuten.com googleads.g.doubleclick.net ut.rd.linksynergy.com *.inspectlet.com tags.crwdcntrl.net clarity.ms *.clarity.ms facebook.com www.trustlogo.com sealserver.trustwave.com services.postcodeanywhere.co.uk maps.googleapis.com button.aftership.com secure.trust-provider.com ws.zoominfo.com static.cloudflareinsights.com widget-mediator.zopim.com *.optimizely.com www.redditstatic.com https://www.gstatic.com www.xtento.com cdn.xtento.com js-agent.newrelic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com fonts.googleapis.com maxcdn.bootstrapcdn.com unsafe-inline https://static.klaviyo.com services.postcodeanywhere.co.uk use.fontawesome.com https://accounts.google.com https://www.gstatic.com *.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klaviyo.com *.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de cdn.swellrewards.com cloudinary.com *.cloudinary.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com ekr.zdassets.com *.braintreegateway.com self unsafe-inline google-analytics.com sandbox.paypal.com paypalobjects.com accounts.google.com *.bakedbymelissa.com *.cloudfunctions.net *.liadm.com *.g.doubleclick.net *.pinterest.com *.taboola.com *.clarity.ms bakedbymelissa.zendesk.com m2staging.bakedbymelissa.com wss://widget-mediator.zopim.com wss://ws.inspectlet.com *.inspectlet.com d.adroll.com *.crwdcntrl.net/6/map analytics.tiktok.com services.postcodeanywhere.co.uk maps.googleapis.com *.hotjar.com wss://ws29.hotjar.com ekr.zendesk.com bakedbymelissa.attn.tv events.attentivemobile.com bat.bing.com ws7.hotjar.com vc.hotjar.io wss://ws9.hotjar.com wss://*.hotjar.com *.optimizely.com ekr.zdassets.com/ https://accounts.google.com bam.nr-data.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'none'; img-src 'self' https: ; script-src 'self' https: ; style-src 'self'; object-src 'none' 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.cloudfront.net *.clarity.ms cdn-cookieyes.com *.doubleclick.net files2.cybba.solutions www.google.com *.googlesyndication.com www.googletagmanager.com ib.adnxs.com www.google.de www.googletagservices.com app.cybba.solutions *.gstatic.com *.facebook.net files1.cybba.solutions region1.google-analytics.com www.rtb123.com images.artnet.com news.artnet.com adservice.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 font-src *.typekit.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.addtoany.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.loggly.com *.zip.co zip.co *.gstatic.com https://www.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: www.xtento.com cdn.xtento.com t.zip.co static.zipmoney.com.au data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.impactcdn.com *.optimonk.com sc-static.net *.snapchat.com *.addtoany.com *.zip.co cdn.jsdelivr.net *.amazonaws.com *.mktoweb.com *.hotjar.com *.newrelic.com https://www.googletagmanager.com tagmanager.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com *.gstatic.com www.xtento.com cdn.xtento.com static.zipmoney.com.au zip.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.typekit.net tagmanager.google.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.snapchat.com *.optimonk.com *.doubleclick.net *.cloudfront.net *.zip.co zip.co hosted.mastersoftgroup.com *.nr-data.net https://www.google-analytics.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: consentcdn.cookiebot.com *.doubleclick.net tpg.hafas.cloud www.google.ch *.facebook.net *.licdn.com www.google.com www.google.fr *.gstatic.com *.linkedin.com www.tpg.ch acdn.adnxs.com *.googleapis.com ib.adnxs.com analytics.google.com *.facebook.com region1.analytics.google.com www.youtube.com consent.cookiebot.com imgsct.cookiebot.com adservice.google.com www.googletagmanager.com www.google-analytics.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 default-src 'self' inform.okta.com *.oktacdn.com; connect-src 'self' inform.okta.com inform-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com inform.kerberos.okta.com inform.mtls.okta.com https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' inform.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'self' inform.okta.com *.oktacdn.com; frame-src 'self' inform.okta.com inform-admin.okta.com login.okta.com; img-src 'self' inform.okta.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' inform.okta.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' 1 object-src 'none';base-uri 'self';script-src 'nonce-DBz-rYmSp7WMQ4a7bHMsyQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: maxcdn.bootstrapcdn.com www.mybalancenow.com geoip-js.com ssl.kaptcha.com *.gstatic.com www.googletagmanager.com images.ctfassets.net js.hcaptcha.com cdn.contentful.com www.google-analytics.com newassets.hcaptcha.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 default-src 'self'; connect-src 'self' https://static-reflection.netlify.app https://s3.eu-de.cloud-object-storage.appdomain.cloud/static-reflection/ https://more-mirrors.imgix.net https://*.contentinsights.com https://*.smartocto.com https://www.googleapis.com https://attestation.android.com https://securepubads.g.doubleclick.net https://*.googlesyndication.com https://csi.gstatic.com; font-src 'self'; img-src 'self' https://more-mirrors.imgix.net https://*.contentinsights.com https://i.ytimg.com https://www.google.com https://*.doubleclick.net https://*.googlesyndication.com data:; script-src 'self' 'unsafe-inline' *; style-src 'self' 'unsafe-inline'; frame-src https://platform.twitter.com https://www.youtube-nocookie.com https://www.google.com https://tpc.googlesyndication.com https://*.googlesyndication.com; report-uri https://8rwweb66.uriports.com/reports/report; report-to default 1 object-src 'none';base-uri 'self';script-src 'nonce-z0kUu0fH5jm-krbzdpWxGw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src maxcdn.bootstrapcdn.com *.fontawesome.com data: *.gstatic.com *.googleapis.com *.acsbapp.com acsbapp.com *.laderach.com laderach.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://plumrocket.com www.facebook.com *.adyen.com laderach.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com https://www.google.com/recaptcha/ *.adyen.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com www.googletagmanager.com https://plumrocket.com consentcdn.cookiebot.com *.youtube-nocookie.com *.addthis.com *.avada.io *.google.com *.paypal.com *.paypalobjects.com www.facebook.com tpc.googlesyndication.com vars.hotjar.com *.laderach.com *.demdex.net *.youtube.com *.vimeo.com *.doubleclick.net laderach.com policy.app.cookieinformation.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com validator.swagger.io *.adyen.com *.gstatic.com https://images.unsplash.com *.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com maps.gstatic.com *.ytimg.com *.vimeocdn.com *.facebook.net *.acsbapp.com *.googleusercontent.com *.googleapis.com *.clarity.ms *.bing.com *.google.de *.google.es *.doubleclick.net *.paypal.com *.paypalobjects.com services.postcodeanywhere.co.uk laderach.isa-test.de www.facebook.com bat.bing.com googletagmanager.com www.googletagmanager.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.laderach.com laderach.com data: https://redchamps.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com consent.cookiebot.com *.addthisedge.com *.addthis.com *.moatads.com acsbapp.com *.acsbapp.com *.doubleclick.net *.google.com *.gstatic.com *.paypalobjects.com *.paypal.com static.addtoany.com lader11112.pcapredict.com services.postcodeanywhere.co.uk checkoutshopper-live.adyen.com g3367433695.co g3565518030.co g6140614385.co g15252493795.co g15450578130.co g15648662465.co *.cloudflare.com tpc.googlesyndication.com static.hotjar.com script.hotjar.com bat.bing.com *.clarity.ms *.laderach.com laderach.com s7.addthis.com *.avada.io https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net policy.app.cookieinformation.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com maxcdn.bootstrapcdn.com *.fontawesome.com *.googleapis.com *.gstatic.com services.postcodeanywhere.co.uk *.laderach.com laderach.com https://fonts.googleapis.com https://cdn.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.youtube-nocookie.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net googletagmanager.com *.addthis.com *.facebook.com facebook.com *.acsbapp.com *.doubleclick.net wss://ws30.hotjar.com *.hotjar.io *.hotjar.com *.googleapis.com metrics.laderach.com *.clarity.ms *.paypal.com services.postcodeanywhere.co.uk bat.bing.com google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.laderach.com laderach.com ekr.zdassets.com/ https://get.geojs.io *.avada.io policy.app.cookieinformation.com consent.app.cookieinformation.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net www.gstatic.com widget.freshworks.com; style-src 'self' 'unsafe-inline' www.gstatic.com fonts.googleapis.com use.fontawesome.com widget.freshworks.com; img-src 'self' data: *.climateinteractive.org www.googletagmanager.com www.gstatic.com widget.freshworks.com; font-src 'self' data: fonts.gstatic.com use.fontawesome.com; connect-src 'self' www.google-analytics.com widget.freshworks.com climateinteractive.freshdesk.com; child-src www.google.com www.youtube.com app.mapline.com; report-to /csp-reports 1 object-src 'none';base-uri 'self';script-src 'nonce-Dswuuq3m_2pd-4dWCDl8Og' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self'; img-src * data: https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' *; frame-src https:; connect-src https:; font-src 'self' https://cdn.segmentify.com; 1 object-src 'none';base-uri 'self';script-src 'nonce-zn4pzYrdU9u1Uv3YyfcKSQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src 'unsafe-inline' 'unsafe-eval' cdn2.hubspot.net *.hubspot.com *.hubspotusercontent10.net js.hscollectedforms.net js.hsleadflows.net js.hs-scripts.com js.hsadspixel.net js.hs-analytics.net js.hs-banner.com js.hs-banner.net *.hsforms.net *.hsforms.com static.hsappstatic.net js.hubspotfeedback.com feedback.hubapi.com js.usemessages.com *.vidyard.com cdnjs.cloudflare.com cdnjs.cloudflare.com 10921146.fls.doubleclick.net plausible.io *.hotjar.com *.hotjar.io *.qualified.com bttrack.com *.googletagmanager.com *.force.com *.thycotic.com *.centrify.com *.bidr.io *.rlcdn.cm t.co *.twitter.com burly.io *.clickagy.com *.doubleclck.net *.zoominfo.com lltrck.com facebook.com *.facebook.net *.redditstatic.com *.linkedin.com *.licdn.com *.demandbase.com *.zoominfo.com 'strict-dynamic' 'nonce-QKrLLlm5BYLnK/7HOzGZuA=='; ; 1 object-src 'none';base-uri 'self';script-src 'nonce-icrSylkh8hjvBLr3pLMztg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com *.gstatic.com ssl.google-analytics.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 font-src *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.twitter.com *.facebook.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.twitter.com https://www.google.com https://www.google.co.in https://www.facebook.com *.dotdigital-pages.com *.dotdigital.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadolibre.com https://mobbex.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.cloudflare.com *.gstatic.com *.google.com *.google.co.in https://www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com 'self' data: *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net *.youtube.com https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com *.mobbex.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://connect.facebook.net *.paypalobjects.com *.paypal.com https://chimpstatic.com *.googletagmanager.com *.youtube.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.bootstrapcdn.com *.newrelic.com cdn.ampproject.org raw.githubusercontent.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mlstatic.com *.mercadopago.com *.mobbex.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.googleapis.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.youtube.com *.bootstrapcdn.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google.com *.google.co.in *.facebook.com *.nr-data.net *.hotjar.io *.retailrocket.net cdn.ampproject.org *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadopago.com *.mercadolibre.com *.mobbex.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.amphora-store.com/; report-to report-endpoint; 1 font-src *.alothemes.com *.magepow.com 'self' data: *.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.alothemes.com *.magepow.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com business.facebook.com 'self' data: *.google.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.paypal.com *.facebook.com *.apptrian.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.alothemes.com *.magepow.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.facebook.net business.facebook.com *.google.com *.google-analytics.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.alothemes.com *.magepow.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.google.com *.typekit.net unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.alothemes.com *.magepow.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com business.facebook.com *.google-analytics.com *.paypal.com api.mercadopago.com tm.filter:* api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' https://fonts.gstatic.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.sa.gov.au/__data/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://cdn.botframework.com/; style-src 'unsafe-inline' https://fonts.googleapis.com/ https://www.sa.gov.au/_design/ https://www.sa.gov.au/__data/assets/css_file/; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.doubleclick.net static.addtoany.com www.google-analytics.com *.pinterest.com p.typekit.net app.securiti.ai *.facebook.com *.deltafaucet.com *.igodigital.com *.gstatic.com *.facebook.net cdn-prod.securiti.ai use.typekit.net media.brizo.com brizo.com www.googletagmanager.com js-agent.newrelic.com bam.nr-data.net bimsmith.com adservice.google.com *.pinimg.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 object-src 'none';base-uri 'self';script-src 'nonce-qHlvtUHMXK_sn1shx359gg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self'; script-src 'self' www.google-analytics.com 'unsafe-inline' www.googletagmanager.com cdnjs.cloudflare.com cdn.jsdelivr.net tagmanager.google.com fonts.googleapis.com ssl.google-analytics.com cdn.rawgit.com www.youtube.com player.vimeo.com s.ytimg.com static.addtoany.com maps.googleapis.com www.gstatic.com www.google.com cdn.polyfill.io; object-src 'self' www.youtube.com; style-src 'self' fast.fonts.net 'unsafe-inline' cdn.jsdelivr.net cdnjs.cloudflare.com tagmanager.google.com cdn.rawgit.com www.youtube.com static.addtoany.com fonts.googleapis.com www.gstatic.com; img-src 'self' ocpsiteprodsa.blob.core.windows.net ocpsitedevsa.blob.core.windows.net ssl.gstatic.com www.gstatic.com www.google-analytics.com static.addtoany.com maps.googleapis.com maps.gstatic.com data:; frame-src www.youtube.com player.vimeo.com www.google.com; frame-ancestors 'self'; child-src www.youtube.com; font-src 'self' fast.fonts.net fonts.gstatic.com; connect-src 'self' www.google-analytics.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 default-src 'self'; script-src 'report-sample' 'self' https://acsbapp.com/apps/app/dist/js/app.js https://wordpress.org https://accessibe.com http://www.w3.org/ https://connect.facebook.net/en_US/fbevents.js https://maps.googleapis.com/maps/api/js https://pi.pardot.com/analytics https://wec-assets.terminus.services/c5a1ac0f-5619-41ea-b104-3c89d7d61c2e/t.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js; style-src 'report-sample' 'self' https://cdnjs.cloudflare.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://cdn.acsbapp.com https://maps.googleapis.com https://www.google-analytics.com; font-src 'self' data: https://cdnjs.cloudflare.com https://fonts.gstatic.com; frame-src 'self'; img-src 'self' http://www.w3.org/ http://purl.org/ https://cdn.acsbapp.com https://wec-assets.terminus.services https://www.google-analytics.com; manifest-src 'self'; media-src 'self'; report-uri https://647739cd974ac544f93abb19.endpoint.csper.io/?v=0; worker-src 'none'; 1 img-src https://higherlogicdownload.s3.amazonaws.com/NASN/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NASN/ https://img.youtube.com/vi/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/NASN/ https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ fonts.googleapis.com https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NASN/ https://higherlogicdownload.s3.amazonaws.com/NASN/ https://higherlogiclongterm.s3.amazonaws.com/NASN/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ higherlogiccloudfront.s3.amazonaws.com fonts.googleapis.com https://higherlogicdownload.s3.amazonaws.com/NASN/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NASN/ 'self' https://higherlogiclongterm.s3.amazonaws.com/NASN/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; media-src https://higherlogiclongterm.s3.amazonaws.com/NASN/ https://higherlogicdownload.s3.amazonaws.com/NASN/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NASN/ https://higherlogicstream.s3.amazonaws.com/NASN/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/NASN/ https://higherlogicdownload.s3.amazonaws.com/NASN/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d132x6oi8ychic.cloudfront.net cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NASN/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; script-src-elem https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d3uf7shreuzboy.cloudfront.net/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; worker-src 'self'; frame-src https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; default-src 'self'; base-uri 'self'; connect-src 'self' hl-managedservices.informz.net; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 1 default-src 'self' https: data: 1 object-src 'none';base-uri 'self';script-src 'nonce-gUPCGj3rBo_Jpvz6HB5fwA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.klevu.com *.ksearchnet.com *.bootstrapcdn.com 'unsafe-inline' data: *.gstatic.com *.cloudflare.com maxcdn.bootstrapcdn.com use.fontawesome.com fonts.gstatic.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.paypal.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.shorepowerinc.com *.paypal.com *.google.com www.facebook.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'unsafe-inline' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com maps.gstatic.com blob: *.gstatic.com *.resellerratings.com https://sep.yimg.com *.kayako.com https://notify.bugsnag.com https://files.batteryjunction.com https://www.google.com https://googleads.g.doubleclick.net *.yotpo.com swellrewards.com *.swellrewards.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com *.klevu.com *.twitter.com *.fontawesome.com *.google.com *.googleapis.com *.google-analytics.com https://api.resellerratings.com https://batteryjunction.kayakocdn.com https://assets.kayako.com https://d2wy8f7a9ursnm.cloudfront.net https://googleads.g.doubleclick.net www.gstatic.com cdn.ampproject.org connect.facebook.net *.yotpo.com swellrewards.com *.swellrewards.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline cdn.dnky.co webchat.dotdigital.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.bootstrapcdn.com *.googleapis.com *.cloudflare.com https://files.batteryjunction.com www.gstatic.com maxcdn.bootstrapcdn.com *.yotpo.com swellrewards.com *.swellrewards.com fonts.googleapis.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' data: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.goog-analytics.com https://api.resellerratings.com https://batteryjunction.kayako.com wss://kre.kayako.net https://apps.kayako.net https://stats.g.doubleclick.net cdn.ampproject.org www.googleapis.com *.yotpo.com swellrewards.com *.swellrewards.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://shorepowerinc.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1 font-src *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com *.elecrow.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com https://store.plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://store.plumrocket.com *.google.com *.addthis.com *.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com *.elecrow.com *.shopify.com github.com *.githubusercontent.com *.wp.com *.imgur.com bitronics.store www.longan-labs.cc data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google-analytics.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.facebook.net *.pinterest.com *.instagram.com *.dwin1.com *.livechatinc.com *.elecrow.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.cloudflare.com *.googleapis.com *.addthis.com *.graph.instagram.com *.google-analytics.com *.elecrow.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-CAuwdj3o4hx8FaGtYwD7sA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 base-uri 'self'; object-src 'self'; child-src 'self' https://*.youtube.com; connect-src 'self' wss://proxy.datacenterhub.org wss://vncproxy.datacenterhub.org wss://datacenterhub.org https://datacenterhub.org/api/members/tools/diskusage https://www.google-analytics.com https://stats.g.doubleclick.net https://www.dropbox.com https://api.scite.ai https://www.purdue.edu; default-src 'self' https://*.datacenterhub.org; font-src about: chrome-extension: data: https://fonts.gstatic.com safari-extension: 'self' https://at.alicdn.com/t/; form-action 'self'; frame-ancestors 'self' https://ag.purdue.edu; frame-src 'self' https://*.datacenterhub.org https://content.googleapis.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://youtube.com https://player.vimeo.com https://calendar.google.com https://www.youtube.com https://vimeo.com https://docs.google.com; img-src * data: image:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com/maps-api-v3/api/js/ https://maps.googleapis.com/maps/api/js/ https://maps.googleapis.com/maps/api/js https://maps.googleapis.com/maps/vt https://www.googletagmanager.com/gtag/js https://www.google.com/jsapi https://www.gstatic.com/charts/ https://cdnjs.cloudflare.com/ajax/libs/ScrollMagic/ https://cdnjs.cloudflare.com/ajax/libs/gsap/; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://www.google.com https://code.jquery.com https://cdnjs.cloudflare.com; worker-src blob:; media-src 'self' data:; report-uri https://csp.hubzero.org/csp-cms.php 1 object-src 'none';base-uri 'self';script-src 'nonce-hQNZiqWI679p_Fw3usqY_Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-Xq8GDljqKSUE57kzU6KttQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-4nEdWoGCNw5q8_GnPXGngw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-h_NsKS-P4H6XbqupsPISfw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tr.snapchat.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://storyboard.storystream.ai https://content.storystream.ai; form-action 'self' https://www.facebook.com https://m.berghaus.com https://checkout.berghaus.com https://www.berghaus.com https://connect.facebook.net https://tr.snapchat.com; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://player.vimeo.com https://vod-progressive.akamaized.net https://download-video.akamaized.net https://d7c4jjeuqag9w.cloudfront.net https://media.storystream.ai; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://*.twitter.com https://apps.storystream.ai; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com; report-to report-endpoint 1 default-src 'self' https: ; worker-src 'self' blob: ; img-src 'self' https://dl.episerver.net/ https://www.googletagmanager.com/ https://maps.gstatic.com/mapfiles/ https://maps.googleapis.com/maps/ https://cm.g.doubleclick.net/ https://ad.doubleclick.net/ https://adservice.google.com/ https://region1.analytics.google.com/ https://w.usabilla.com/ https://stats.g.doubleclick.net/ https://www.facebook.com/ https://www.google.ca/ads/ga-audiences https://www.google.co.il/ads/ga-audiences https://www.google.co.in/ads/ga-audiences https://www.google.co.ma/ads/ga-audiences https://www.google.co.za/ads/ga-audiences https://www.google.com.gh/ads/ga-audiences https://www.google.com.gi/ads/ga-audiences https://www.google.com.hk/ads/ga-audiences https://www.google.com.ph/ads/ga-audiences https://www.google.com.pk/ads/ga-audiences https://www.google.com/ads/ga-audiences https://www.google.de/ads/ga-audiences https://www.google.dk/ads/ga-audiences https://www.google.es/ads/ga-audiences https://www.google.ie/ads/ga-audiences https://www.google.im/ads/ga-audiences https://www.google.it/ads/ga-audiences https://www.google.je/ads/ga-audiences https://www.google.lt/ads/ga-audiences https://www.google.nl/ads/ga-audiences https://www.google.pl/ads/ga-audiences https://www.google.se/ads/ga-audiences https://www.google-analytics.com https://www.google.com/ https://www.google.co.uk/ https://cdn.cookielaw.org/ ;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/ https://maps.googleapis.com/ https://www.googleoptimize.com/ https://www.google-analytics.com/ https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.responsetap.com/ https://dl.episerver.net/ https://cdn.cookielaw.org/ https://script.infinity-tracking.com https://widget.trustpilot.com/ https://api.usabilla.com/ https://app.optimizely.com/ https://cdn.gbqofs.com/mt/nfumutual/ https://cdn3.optimizely.com/ https://cdn.optimizely.com/ https://www.pagespeed-mod.com/ https://az416426.vo.msecnd.net/ https://unpkg.com/web-vitals/ ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://dl.episerver.net/ ; font-src 'self' https://fonts.gstatic.com/ ; 1 font-src fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com *.fontawesome.com data: *.gstatic.com 'self' data: www.dufrio.com.br data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com www.dufrio.com.br 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com www.dufrio.com.br 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com cdn.dnky.co *.hotjar.com *.google.com *.facebook.com *.trustpilot.com *.criteo.com *.mercadopago.com *.mercadolibre.com www.dufrio.com.br *.voxus.tv *.btg360.com.br *.criteo.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com *.google.com *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com *.gstatic.com *.linkedin.com *.googletagmanager.com gallery.mailchimp.com *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net https://cdn.mundipagg.com https://api.pagar.me www.xtento.com cdn.xtento.com *.ebit.com.br *.ebitempresa.com.br *.mercadopago.com *.mlstatic.com *.google-analytics.com ssl.gstatic.com www.gstatic.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com *.caravelx.com 'self' data: www.dufrio.com.br *.dufrio.com.br s3.amazonaws.com newimgebit-a.akamaihd.net *.bing.com *.google.com.br *.adnxs.com *.mercadopago.com.br *.btg360.com.br *.criteo.com *.mediavine.com *.bluekai.com *.adgrx.com *.casalemedia.com *.yahoo.com *.3lift.com *.teads.tv *.taboola.com *.smartadserver.com *.sharethrough.com *.rubiconproject.com *.media.net *.doubleclick.net *.bidswitch.net *.emxdgt.com *.yieldmo.com *.clmbtech.com *.socdm.com *.omnitagjs.com *.stickyadstv.com *.360yield.com *.ivitrack.com *.liadm.com *.outbrain.com *.pubmatic.com *.revcontent.com *.tremorhub.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.gstatic.com fonts.googleapis.com *.paypal.com *.google.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytics.com *.trustpilot.com *.newrelic.com *.nr-data.net cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com cdn.mouseflow.com www.xtento.com cdn.xtento.com *.ebit.com.br *.mercadopago.com tagmanager.google.com *.mlstatic.com connect.facebook.net js.huggy.chat *.avada.io www.dufrio.com.br s3.amazonaws.com *.voxus.com.br *.bing.com *.btg360.com.br *.adcart.com.br *.dwin1.com *.afilio.com.br 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net *.ebit.com.br *.mercadopago.com tagmanager.google.com fonts.google.com webfonts.huggy.cloud *.gstatic.com www.dufrio.com.br s3.amazonaws.com 'self' 'unsafe-inline'; object-src www.dufrio.com.br 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com www.dufrio.com.br 'self' 'unsafe-inline'; manifest-src www.dufrio.com.br 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.nr-data.net *.clarity.ms *.facebook.com *.datatrics.com https://api.mundipagg.com https://api.pagar.me https://hits-banner-cloud-function.azurewebsites.net *.mercadopago.com maps.googleapis.com *.analytics.google.com *.googletagmanager.com *.mercadolibre.com wss://ct-socket.huggy.app widget.huggy.io viacep.com.br https://get.geojs.io *.avada.io t.elasticsuite.io www.dufrio.com.br *.reclameaqui.com.br *.voxus.tv *.voxus.com.br *.loggly.com *.ipify.org 'self' 'unsafe-inline'; child-src www.dufrio.com.br http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com www.dufrio.com.br *.google.com.br 'self' 'unsafe-inline' 'unsafe-eval'; base-uri www.dufrio.com.br 'self' 'unsafe-inline'; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com; img-src 'self' data: https://ik.imagekit.io https://www.google-analytics.com https://img.youtube.com https://*.ytimg.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; connect-src 'self' https://*.google-analytics.com https://stats.g.doubleclick.net; font-src 'self' data:; frame-src 'self' https://www.google.com https://www.youtube.com; frame-ancestors 'self' 1 default-src 'self'; img-src 'self' https: data: blob: https://*.google-analytics.com/ https://*.googletagmanager.com/ https://googleads.g.doubleclick.net https://www.google.com; script-src 'self' rs.fullstory.com/ edge.fullstory.com/ dkx0n05ol7t5q.cloudfront.net/ snap.licdn.com/ www.figma.com/ accounts.google.com/ www.googleadservices.com/ https://*.googletagmanager.com/ www.gstatic.com/ www.google.com/ apis.google.com/ js.stripe.com/ cdn.headwayapp.co/ fast.wistia.com/ cdn.segment.com/ widget.intercom.io/ js.intercomcdn.com/ connect.facebook.net/ https://track.usabilityhub.com/app.js 'nonce-LCD7A9EXXNsjmynn/nA2Hw=='; connect-src 'self' wss://nexus-websocket-a.intercom.io/ https://*.google-analytics.com/ https://analytics.google.com/ https://*.analytics.google.com/ https://*.googletagmanager.com/ stats.g.doubleclick.net/ *.s3.amazonaws.com/ o26819.ingest.sentry.io/ cdn.segment.com/ api.segment.io/ api-iam.intercom.io/ rs.fullstory.com/ edge.fullstory.com/ *.wistia.com/ api.storyblok.com/ js.stripe.com/ https://track.usabilityhub.com/ capture-api.ap3prod.com/ capture-api.au.autopilotapp.com/; font-src 'self' https: data:; frame-src 'self' headway-widget.net/ js.stripe.com/ www.google.com/ accounts.google.com/ www.figma.com/ www.youtube.com/; manifest-src 'self' https: dkx0n05ol7t5q.cloudfront.net/; base-uri 'self'; object-src 'self'; media-src 'self' blob: https://lyssna-prod-recordings.s3.amazonaws.com/; style-src 'self' 'unsafe-inline' dkx0n05ol7t5q.cloudfront.net/ accounts.google.com/ fonts.googleapis.com/ *.ortto.app/; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubab97daa89e37cd81c4a19bad4d1ad558&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:production&service=app 1 default-src 'self' 'unsafe-inline' https://*.google-analytics.com; img-src https://*; 1 object-src 'none';base-uri 'self';script-src 'nonce-Adw9cs_wfxwHAmVtT_yz5A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' ;img-src 'self' https://media.graphassets.com https://*.quora.com https://px.ads.linkedin.com https://t.co/1/i/adsct https://analytics.twitter.com https://*.ads.linkedin.com https://*.google-analytics.com https://www.linkedin.com https://*.clarity.ms https://c.bing.com https://googletagmanager.com ;script-src 'self' js.intercomcdn.com widget.intercom.io https://*.quora.com https://cdn.segment.com 'nonce-69004158acf79e7764d249fd52a1ebac' 'strict-dynamic';connect-src 'self' https://api-iam.intercom.io 'nonce-69004158acf79e7764d249fd52a1ebac' https://*.clarity.ms https://*.google-analytics.com https://*.algolia.net https://cdn.linkedin.oribi.io https://api.segment.io https://cdn.segment.com wss://*.intercom.io https://api-js.mixpanel.com https://*.sentry.io https://api.attio.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css2 ;frame-src 'self' https://player.vimeo.com https://www.google.com;base-uri 'none';object-src 'none' ;font-src 'self' https://fonts.gstatic.com 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.clarity.ms maxcdn.bootstrapcdn.com static.gollog.com.br *.voegol.com.br rs.fullstory.com cdn.inbenta.io ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 default-src https: data: 'unsafe-inline' 'unsafe-eval' blob: wss:; report-uri https://7ee2a4f517b54c13812e54076aefcb7d.myssl-uri.com/api/csp-report 1 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com *.fontawesome.com data: www.dewitschijndel.nl data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com www.dewitschijndel.nl 'self' 'unsafe-inline'; frame-ancestors www.dewitschijndel.nl 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com cdn.dnky.co *.hotjar.com *.trustpilot.com *.criteo.com *.addthis.com www.xtento.com tpc.googlesyndication.com www.dewitschijndel.nl 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com https://static.buckaroo.nl *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com *.linkedin.com gallery.mailchimp.com *.trustedshops.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net https://images.unsplash.com www.xtento.com cdn.xtento.com www.google.it bat.bing.com c.clarity.ms www.google.be ad.doubleclick.net www.google.rs www.google.lv www.google.ie www.facebook.com pagead2.googlesyndication.com www.dewitschijndel.nl c.bing.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl *.paypal.com *.googleapis.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.feedbackcompany.com *.trustpilot.com *.newrelic.com *.nr-data.net https://cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com cdn.mouseflow.com s7.addthis.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com www.xtento.com cdn.xtento.com bat.bing.com dewitschijndel.nl selfservice.robinhq.com az416426.vo.msecnd.net robincontentdesktop.blob.core.windows.net tpc.googlesyndication.com connect.facebook.net www.dewitschijndel.nl 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com https://cdn.jsdelivr.net www.dewitschijndel.nl 'self' 'unsafe-inline'; object-src www.dewitschijndel.nl 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com www.dewitschijndel.nl 'self' 'unsafe-inline'; manifest-src www.dewitschijndel.nl 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.facebook.com *.facebook.net *.google.com https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl *.paypal.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.nr-data.net *.clarity.ms *.datatrics.com https://profiles-staging.2factors.nl ekr.zdassets.com/ bat.bing.com www.google.it dewitschijndel.nl dc.services.visualstudio.com www.google.nl ad.doubleclick.net www.google.be maps.googleapis.com www.google.rs www.dewitschijndel.nl 'self' 'unsafe-inline'; child-src www.dewitschijndel.nl http: https: blob: 'self' 'unsafe-inline'; default-src www.dewitschijndel.nl 'self' 'unsafe-inline' 'unsafe-eval'; base-uri www.dewitschijndel.nl 'self' 'unsafe-inline'; report-uri /csp_reporter.php; 1 font-src fonts.gstatic.com *.gstatic.com data: fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net https://fonts.gstatic.com; data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://maps.googleapis.com/ *.meetanshi.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.yotpo.com *.google.com; 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://maps.googleapis.com/ http://maps.gstatic.com/ *.meetanshi.com https://meetanshi.com/media/logo.png *.nextopia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://redchamps.com *.facebook.com *.yotpo.com dhv2ziothpgrr.cloudfront.net https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://maps.googleapis.com/ *.meetanshi.com cdn.nextopia.net *.ecomm-nav.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://cdn.searchspring.net/intellisuggest/is.min.js *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com analytics.google.com *.facebook.net unpkg.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com cdn.nextopia.net unsafe-inline tagmanager.google.com *.yotpo.com dhv2ziothpgrr.cloudfront.net https://fonts.googleapis.com; 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://maps.googleapis.com/ http://maps.gstatic.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com cdn.ampproject.org www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.meetanshi.com *.nextopia.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com https://beacon.searchspring.io/beacon *.google-analytics.com analytics.google.com *.facebook.net *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src userlike-cdn-umm.b-cdn.net *.gstatic.com data: *.cloudfront.net *.mey.com 'self' data: data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src ct.pinterest.com www.awin1.com fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de ad.ad-srv.net *.adsrvr.org *.fls.doubleclick.net www.facebook.com opt.kuponacdn.de gum.criteo.com pixel.mathtag.comm pp.payengine.de pptest.payengine.de checkoutshopper-test.adyen.com/ checkoutshopper.adyen.com/ 'self' 'unsafe-inline'; img-src www.etracker.de id5-sync.com s.thebrighttag.com beacon.krxd.net *.google.de *.google.com ads.creative-serving.com *.uimserv.net *.adnxs.com ups.analytics.yahoo.com visitor.omnitagjs.com *.ad.smaato.net matching.ivitrack.com exchange.mediavine.com *.taboola.com *.stickyadstv.com criteo-sync.teads.tv cm.adform.net sync-criteo.ads.yieldmo.com ad.sxp.smartclip.net *.emxdgt.com criteo-partners.tremorhub.com sync.outbrain.com *.3lift.com *.smartadserver.com ads.yahoo.com *.casalemedia.com *.bidswitch.net *.twiago.com contextual.media.net match.sharethrough.com *.pubmatic.com cdn.stickyadstv.com *.adscale.de ad.360yield.com sp.analytics.yahoo.com ad.yieldlab.net cotads.adscale.de *.criteo.com *.liadm.com pixel.rubiconproject.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.adyen.com *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.awin1.com *.bing.com *.cloudfront.net stats.g.doubleclick.net *.doubleclick.net *.g.doubleclick.net www.facebook.com www.google.com www.google.de www.googletagmanager.com *.usercentrics.eu *.adfarm1.adition.com *.adition.com *.pinterest.com pixel.mathtag.com *.adnxs.com checkoutshopper-test.adyen.com/ checkoutshopper.adyen.com/ *.mey.com *.clarity.ms 'self' data: data: 'self' 'unsafe-inline'; script-src userlike-cdn-umm.b-cdn.net api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com cdn.polyfill.io www.googleoptimize.com browser.sentry-cdn.com *.etracker.de *.etracker.com *.google.de *.google.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.googletagmanager.com *.adyen.com *.googleapis.com www.gstatic.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de jquery.sellxed.com *.adform.net *.amazon.com js.adsrvr.org www.awin1.com bat.bing.com *.dt51.net *.cloudfront.net googleads.g.doubleclick.net www.dwin1.com connect.facebook.net www.google.com *.google-analytics.com www.gstatic.com mastertag.kpcustomer.de opt.kuponacdn.de bam.nr-data.net bam.eu01.nr-data.net js-agent.newrelic.com static.shopgate.com the.sciencebehindecommerce.com tagmanager.google.com *.usercentrics.eu *.kuponacdn.de app.theadx.com browser-update.org pixel.mathtag.com pptest.payengine.de *.adnxs.com static.criteo.net s.pinimg.com sslwidget.criteo.com *.clarity.ms *.mey.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.usercentrics.eu *.cloudfront.net *.mey.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src maps.googleapis.com userlike-cdn-umm.b-cdn.net api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com sentry.mey.netz98.org eu-api.friendlycaptcha.eu www.etracker.de www.facebook.com www.clarity.ms dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de stats.g.doubleclick.net mey.dvinci-hr.com bam.eu01.nr-data.net the.sciencebehindecommerce.com *.usercentrics.eu aggregator.service.usercentrics.eu bat.bing.com *.pinterest.com *.google-analytics.com *.maps.googleapis.com *.mey.com *.cloudfront.net *.clarity.ms 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src data: 'unsafe-inline' 'unsafe-eval' https: blob: http://*.files.wordpress.com wss://bgr.com; report-uri https://pmcuri.report-uri.com/r/d/csp/reportOnly 1 default-src https: 'unsafe-inline' 'unsafe-eval'; report-to https://www.u-canshop.jp/cspReport/cspReport.jsp; 1 default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-31c1a3cd3b0d44c1be73c5e2027cf08d' https://www.mypremisehealth.com 'self';img-src https://* 'self' blob: data:;style-src https://www.mypremisehealth.com 'self' 'unsafe-inline';form-action 'self';media-src https://* 'self'; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com www.recaptcha.net code.highcharts.com www.youtube.com js.hubspot.com www.dropbox.com widget.altrulabs.com www.google.com maps.googleapis.com wt-assets.hubteam.com cdn2.hubspot.net www.redditstatic.com cdn.veritonic.com gosniply.com d.impactradius-event.com test.test.com js.hubspot.com analytics.tiktok.com 'strict-dynamic' 'nonce-E2Ys9Mq+VJyeIra6fh7n8w=='; report-uri https://send.hsbrowserreports.com/csp/report; 1 default-src 'self' https://snap.licdn.com/ https://www.youtube.com/ *.youtube.com http://www.google-analytics.com https://consent.bumble.com; script-src 'self' 'unsafe-inline' 'report-sample' 'nonce-+2AiOq3lwahaYjl8UCqFeg==' https://snap.licdn.com/ https://www.youtube.com/ *.youtube.com http://www.google-analytics.com https://consent.bumble.com; style-src 'self' 'unsafe-inline'; connect-src 'self' https://consent.bumble.com http://www.google-analytics.com; child-src 'self'; font-src 'self' data:; manifest-src 'self'; base-uri 'self'; frame-src 'self' https://snap.licdn.com/ https://www.youtube.com/ *.youtube.com http://www.google-analytics.com https://consent.bumble.com; img-src * data: blob:; media-src * data: blob:; report-uri /jss/csp_report.phtml?token=bumble_team_site&env=production; 1 default-src 'self'; font-src 'self'; img-src 'self'; script-src self https://www.google.com https://www.gstatic.com; style-src 'self';frame-src self https://www.google.com https://www.gstatic.com;frame-ancestors 'self' 1 font-src data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.hotjar.com bat.bing.com www.google.ca *.gstatic.com www.youtube.com vitals.vercel-analytics.com www.googletagmanager.com content.hotjar.io pi.pardot.com 8svnw30sib.algolia.net analytics.google.com images.ctfassets.net tags.srv.stackadapt.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: code.jquery.com *.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com *.google.com www.google.cz; block-all-mixed-content; report-uri https://www.mudrc.net/report.php?csp 1 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; media-src 'self' https://stream.klgd.ru rtmp://stream.klgd.ru https://wowza.klgd.ru https://cctv.klgd.ru 1 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report; connect-src https: wss: *.callbackhunter.com; 1 default-src 'none'; base-uri 'self'; form-action 'self' https://bam.nr-data.net; frame-ancestors 'none'; frame-src 'self' https://*.gcs-web.com https://www.google.com https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com https://*.doubleclick.net https://nationalvision.gcs-web.com; connect-src 'self' https://code.jquery.com https://*.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com https://www.google-analytics.com https://*.doubleclick.net https://www.googletagmanager.com https://extreme-ip-lookup.com https://*.extreme-ip-lookup.com https://ipmeta.io https://*.ipmeta.io https://bam.nr-data.net https://bucketeer-db2073e4-ac1a-4046-97bf-04dce765dca1.s3.amazonaws.com/public/ https://jobpal-sm.s3.amazonaws.com https://612dedf14e35cd00d7d60304.config.smooch.io https://api.smooch.io wss://api.smooch.io https://cdn.cookielaw.org/ https://cdn.linkedin.oribi.io; script-src 'self' https://code.jquery.com https://www.gstatic.com https://www.google-analytics.com https://ssl.google-analytics.com 'unsafe-inline' https://www.googletagmanager.com https://tagmanager.google.com https://www.youtube.com http://www.youtube.com https://*.ytimg.com https://www.googleadservices.com https://www.google.com https://*.doubleclick.net 'unsafe-eval' https://tagmanager.google.com https://js-agent.newrelic.com https://bam.nr-data.net https://jobpal-sm.s3.amazonaws.com https://api.smooch.io https://cdn.cookielaw.org/ https://cdnjs.cloudflare.com/ https://cdn.jsdelivr.net/ https://connect.facebook.net/ https://snap.licdn.com/ https://www.googleoptimize.com/ https://click.appcast.io/; style-src 'self' https://*.typekit.net https://fonts.googleapis.com https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline' https://jobpal-sm.s3.amazonaws.com https://cdnjs.cloudflare.com/; font-src 'self' https://*.typekit.net https://fonts.gstatic.com https://fonts.gstatic.com data: https://jobpal-sm.s3.amazonaws.com 'nonce-9e9a709e6e2942ac9a766e5db5e9ba89'; img-src 'self' data: https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://ssl.gstatic.com https://*.doubleclick.net https://www.google.com https://*.googleusercontent.com https://ssl.gstatic.com https://bucketeer-db2073e4-ac1a-4046-97bf-04dce765dca1.s3.amazonaws.com/public/ https://media.smooch.io https://i.americasbest.com https://cdn.cookielaw.org/ https://click.appcast.io/ https://px.ads.linkedin.com/ https://www.facebook.com/ https://px4.ads.linkedin.com; manifest-src 'self'; media-src 'self' https://jobpal-sm.s3.amazonaws.com; report-uri https://aclens.report-uri.com/r/d/csp/reportOnly 1 worker-src blob:; font-src https://fonts.gstatic.com *.yotpo.com *.klevu.com *.klarnacdn.net *.gorgias.chat *.googleapis.com *.ksearchnet.com fonts.gstatic.com fonts.googleapis.com *.gstatic.com www.sportrx.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.yotpo.com www.sportrx.com 'self' 'unsafe-inline'; frame-ancestors googleadservices.com *.criteo.net *.criteo.com *.gorgias.chat *.twitter.com *.yotpo.com *.youtube.com www.sportrx.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.twitter.com *.criteo.com *.google.com *.doubleclick.net *.facebook.com *.braintreegateway.com *.kaptcha.com *.klarna.com *.criteo.net *.usablenet.com *.gorgias.chat *.yotpo.com www.sportrx.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com https://helloextend-static-assets.s3.amazonaws.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com validate.fishpig.co.uk www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.yotpo.com *.klevu.com *.bing.com *.visualwebsiteoptimizer.com *.pushcrew.com *.klaviyo.com a.klaviyo.com *.facebook.com *.pinterest.com *.dialogtech.com *.cloudfront.net *.google.com *.stickyadstv.com *.teads.tv *.outbrain.com *.postrelease.com *.advertising.com *.tremorhub.com *.criteo.com *.yieldmo.com sync-criteo.ads.yieldmo.com *.bluekai.com *.yahoo.com *.demdex.net *.addthis.com *.gorgias.chat *.paypalobjects.com *.googleadservices.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://a.klaviyo.com *.ksearchnet.com www.sportrx.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com *.youtube.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com https://*.helloextend.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com js.klevu.com *.google.com *.yotpo.com *.googletagmanager.com *.cloudflare.com *.gstatic.com *.klaviyo.com *.zdassets.com *.zendesk.com *.zopim.com *.twitter.com *.newrelic.com *.nr-data.net *.criteo.com *.doubleclick.net *.bing.com *.criteo.net *.klarnaservices.com *.visualwebsiteoptimizer.com *.pushcrew.com *.facebook.net *.cloudfront.net *.pinimg.com *.avmws.com *.noibu.com *.dialogtech.com *.klarnacdn.net *.addthis.com *.pii.ai *.gorgias.chat *.clarity.ms *.braintreegateway.com *.googleapis.com *.cdn-cookieyes.com *.cookieyes.com acsbapp.com *.acsbapp.com *.klarna.com *.glasseson.com https://static.klaviyo.com https://fast.a.klaviyo.com *.ksearchnet.com www.sportrx.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.yotpo.com *.klevu.com *.klarnacdn.net *.pushcrew.com *.cloudfront.net fonts.googleapis.com fonts.gstatic.com *.googleapis.com *.ksearchnet.com www.sportrx.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.zdassets.com *.cloudfront.net *.gorgias.chat *.glasseson.com www.sportrx.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com https://*.helloextend.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.yotpo.com *.google-analytics.com *.klaviyo.com a.klaviyo.com *.zdassets.com *.zendesk.com *.zopim.com wss://widget-mediator.zopim.com *.nr-data.net *.doubleclick.net *.klarnaservices.com *.klarnauserservices.com *.luckyorange.net *.pinterest.com *.visitors.live wss://visitors.live wss://in.visitors.live *.noibu.com *.dialogtech.com *.braintreegateway.com wss://input.noibu.com *.klarnaevt.com *.clarity.ms *.gorgias.chat wss://us-east1-898b.gorgias.chat *.segment.io *.googleapis.com *.cdn-cookieyes.com *.cookieyes.com acsbapp.com *.acsbapp.com *.glasseson.com *.mixpanel.com *.cloudfront.net https://static.klaviyo.com https://fast.a.klaviyo.com *.klarnacdn.net *.klarna.com *.klevu.com *.ksearchnet.com www.sportrx.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.sportrx.com http: https: blob: 'self' 'unsafe-inline'; default-src *.yotpo.com *.klaviyo.com *.klevu.com *.twitter.com *.criteo.net *.glasseson.com *.cloudfront.net www.sportrx.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-XbTF7Z9x7l-oXun3dFktPg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 base-uri 'self'; connect-src 'self' *.hotjar.com analytics.tiktok.com *.hotjar.io wss://*.hotjar.com https://in.hotjar.com/ https://vc.hotjar.io https://www.facebook.com/tr/ https://www.facebook.com https://recursos.dinersclub.com.ec https://www.google-analytics.com https://stats.g.doubleclick.net; default-src 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://optimize.google.com vars.hotjar.com https://www.facebook.com/tr/ https://vars.hotjar.com https://stags.bluekai.com https://www.youtube.com; img-src * 'self' data: https: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com *.linkedin.com www.googletagmanager.com *.oracleinfinity.io dc.oracleinfinity.io www.google.es www.google.com www.facebook.com stags.bluekai.com www.google-analytics.com; manifest-src 'self'; media-src * 'self' 'unsafe-eval' 'unsafe-inline' https://dce-documents.s3.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://analytics.tiktok.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com *.ads.linkedin.com platform.linkedin.com *.licdn.com www.google-analytics.com https://static.hotjar.com https://script.hotjar.com snap.licdn.com d.oracleinfinity.io acdn.adnxs.com script.hotjar.com *.hotjar.com https://script.hotjar.com static.hotjar.com vars.hotjar.com c.oracleinfinity.io connect.facebook.net recursos.dinersclub.com.ec tags.bkrtx.com www.google-analytics.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com cdn.jsdelivr.net tagmanager.google.com; 1 default-src https: 'unsafe-inline' 'unsafe-eval' ; img-src https: data: http://geo.nls.uk ; font-src https: data: ; report-uri https://csp.rcahms.gov.uk/canmore-live ; 1 font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com *.narvar.com *.narvar.qa *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cybersource.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cybersource.com landofcoder.com *.buywithprime.amazon.com *.pinterest.com *.livechatinc.com *.weltpixel.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net https://static.afterpay.com https://site-assets.afterpay.com/ *.googleapis.com *.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.narvar.com *.narvar.qa store.paradoxlabs.com getrockerbox.com *.googletagmanager.com *.google.com *.virtuelabs.com *.virtueflourish.com *.virtueprofessional.com www.xtento.com cdn.xtento.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com h.online-metrix.net *.authorize.net landofcoder.com *.buywithprime.amazon.com getrockerbox.com *.googletagmanager.com *.google.com *.livechatinc.com *.evgnet.com *.tiktok.com *.bing.com *.facebook.net *.upsellit.com *.cdn-apple.com *.virtuelabs.com *.virtueflourish.com *.virtueprofessional.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com static.afterpay.com/ *.squarecdn.com tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.narvar.com *.narvar.qa 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.adobe.io performance.typekit.net *.sentry.io static.afterpay.com static.sandbox.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.clearpay.co.uk *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com h.online-metrix.net *.authorize.net landofcoder.com *.google-analytics.com *.doubleclick.net *.tiktok.net *.google.com https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self'; script-src 'self'; style-src 'self'; font-src * 1 object-src 'none';base-uri 'self';script-src 'nonce-OIMNLMhvz5aKkhMfG-JMFA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self'; img-src 'self' https://s1749.t.eloqua.com data: 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://img.en25.com/i/elqCfg.min.js https://img.en25.com/i/elqCfg.min.js https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; 1 default-src 'self' https://*.sentry-cdn.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; script-src 'self' 'nonce-b93361d5-6593-4f3a-9ef51dfe546dafcf' 'unsafe-inline' 'strict-dynamic' false; style-src 'self' https://tagmanager.google.com https://fonts.googleapis.com https://*.hotjar.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com https://*.hotjar.com; img-src 'self' data: https: blob:; connect-src 'self' https://*.ingest.sentry.io https://*.googleapis.com https://*.g.doubleclick.net https://consentcdn.cookiebot.com https://consent.cookiebot.com https://*.googletagmanager.com false *.google-analytics.com *.analytics.google.com www.facebook.com https://www.google.de/ads https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 'nonce-b93361d5-6593-4f3a-9ef51dfe546dafcf'; worker-src 'self' blob:; frame-ancestors 'self' https://*.cookiebot.com; form-action 'self' *.facebook.com https://*.cookiebot.com; frame-src 'self' https://*.trustpilot.com https://*.cookiebot.com *.facebook.com; report-uri https://o153269.ingest.sentry.io/api/5947271/security/?sentry_key=e053727f27894f56ab910e7f94e49808; base-uri 'none'; object-src 'none' 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.cloudfront.net github.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 object-src 'none';base-uri 'self';script-src 'nonce-OBOpor4hN5fQWL-70N090Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 report-uri https://www.yelp.com/csp_report_only?id=44859eeb2d6fba8c&page=csp_report_frame_directives%2Cfull_site_ssl_csp_report_directives&policy_hash=41d0c45536d2a082f11d1cd0e00fde7f&site=www×tamp=1711589147; frame-ancestors 'self' https://*.yelp.com; default-src https:; img-src https: data: blob:; script-src https: data: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' data:; font-src data: https:; child-src https: yelp-webview://* yelp://* data:; object-src 'none'; worker-src blob: https:; base-uri 'self'; form-action https: 1 default-src 'self' https://*.trinitywallstreet.org; connect-src 'self' https://translate.googleapis.com https://bam.nr-data.net https://*.kaltura.com https://analytics.google.com https://stats.g.doubleclick.net; font-src * data:; img-src * data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://translate.google.com https://translate.googleapis.com addevent.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.newrelic.com https://*.kaltura.com https://*.addevent.com/ https://www.googletagmanager.com addevent.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com cloud.typography.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://www.gstatic.com https://live-tcws-new.pantheonsite.io https://*.googleapis.com/ cloud.typography.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; worker-src 'self' blob:; frame-ancestors 'self'; report-uri https://trinitywallstreet.org/report-uri/reportOnly 1 font-src bonafont.com.mx *.fontawesome.com fonts.gstatic.com *.criteo.net *.criteo.com script.hotjar.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com facebook.com *.facebook.net *.germany-2.evergage.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ us.creativecdn.com api.retargetly.com resources-rt.idx.lat facebook.com *.facebook.net static.criteo.net cdn.evergage.com *.germany-2.evergage.com cdn.evgnet.com danonesa.germany-2.evergage.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com *.mercadolibre.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com c.sharethis.mgr.consensu.org *.sharethis.com *.lpsnmedia.net *.hotjar.com *.criteo.com danonebonafont.api.useinsider.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io bonafont.com.mx blob: i.liadm.com *.liadm.com x.bidswitch.net cm.g.doubleclick.net ib.adnxs.com r.casalemedia.com ad.360yield.com contextual.media.net sync.outbrain.com pixel.rubiconproject.com match.sharethrough.com rtb-csync.smartadserver.com sync-t1.taboola.com criteo-sync.teads.tv eb2.3lift.com ups.analytics.yahoo.com e1.emxdgt.com tg.socdm.com visitor.omnitagjs.com matching.ivitrack.com exchange.mediavine.com c.bing.com simage2.pubmatic.com trends.revcontent.com s.ad.smaato.net criteo-partners.tremorhub.com ade.clmbtech.com sync-criteo.ads.yieldmo.com tags.bluekai.com e.dlx.addthis.com *.stickyadstv.com cdn.evergage.com google.com.br www.google.com.br idsync.rlcdn.com l.sharethis.com cure.adnxs.com cm.adgrx.com script.hotjar.com bam.nr-data.net secure.adnxs.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.germany-2.evergage.com cdn.evgnet.com danonesa.germany-2.evergage.com *.facebook.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com platform-cdn.sharethis.com maps.gstatic.com cdn2.hubspot.net *.facebook.com *.igodigital.com *.google.com.mx *.criteo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ bonafont.com.mx cdn.gbqofs.com *.newrelic.com js-agent.newrelic.com bam.nr-data.net io.narrative.io idsync.rlcdn.com emv3dsauth1.secureacs.com cdn.jsdelivr.net google.com.br facebook.com analytics.google.com *.googletagmanager.com cdn.evergage.com *.germany-2.evergage.com cdn.evgnet.com danonesa.germany-2.evergage.com *.facebook.net eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com *.avada.io *.mlstatic.com *.mercadopago.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.sharethis.com *.liveperson.net *.lpsnmedia.net *.googleapis.com *.igodigital.com *.hotjar.com danonebonafont.api.useinsider.com *.criteo.net *.criteo.com api.retargetly.com resources-rt.idx.lat 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com bonafont.com.mx cdn.jsdelivr.net cdn.evergage.com *.germany-2.evergage.com cdn.evgnet.com danonesa.germany-2.evergage.com *.facebook.net *.fontawesome.com unsafe-inline fonts.googleapis.com *.criteo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com bonafont.com.mx blob: idsync.rlcdn.com danonesa.germany-2.evergage.com *.germany-2.evergage.com *.facebook.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com bonafont.com.mx danonesa.germany-2.evergage.com rt.idx.lat report.danone.gbqofs.io io.narrative.io idsync.rlcdn.com emv3dsauth1.secureacs.com bam.nr-data.net google.com.br facebook.com *.facebook.net l.sharethis.com content.hotjar.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.germany-2.evergage.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolibre.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com www.googleapis.com *.hotjar.com stats.g.doubleclick.net wss://*.hotjar.com *.criteo.com hit.api.useinsider.com surveystats.hotjar.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.klarnacdn.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com https://seo.mageplaza.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net www.facebook.com *.dotdigital-pages.com *.dotdigital.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com landofcoder.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com 'self' data: *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com connect.facebook.net graph.facebook.com business.facebook.com www.feedoptimise.com cdn.feedoptimise.com *.klarna.com *.klarnaevt.com *.klarnacdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com connect.facebook.net graph.facebook.com business.facebook.com www.feedoptimise.com cdn.feedoptimise.com *.klarna.com *.klarnaservices.com landofcoder.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.klarnacdn.net *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com www.facebook.com *.facebook.net *.google.com *.fact-finder.de *.fact-finder.com *.fact-finder.co.uk *.fact-finder.fr *.fact-finder.pl *.fact-finder.it *.fact-finder.at *.fact-finder.ch *.fact-finder.cloud *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com connect.facebook.net graph.facebook.com business.facebook.com *.klarnaevt.com *.klarnaservices.com landofcoder.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com ipv4check.ec-elements.com ipv6check.ec-elements.com data: 'unsafe-eval'; report-uri /csp-violation-report-endpoint/ 1 object-src 'none';base-uri 'self';script-src 'nonce-xxPSnevepPC_NfHKBI_ABw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-nlvh-TIpEojH0fFfsK8jSA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-E3oWILGfZcViTO4wtEn9Aw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self'; report-uri https://www.nt-ware.com/contentsecuritypolicyreport/index.php; 1 font-src *.zip.co *.iyzipay.com *.zipmoney.com.au *.gstatic.com *.cloudfront.net *.checkout.com data: 'self' 'unsafe-inline';frame-ancestors 'self';frame-src *.cloudfront.net *.salecycle.com *.adyen.com *.boldchat.com *.tradedoubler.com *.google.com *.euw2.pure.cloud *.demdex.net *.brightcove.net 'self' 'unsafe-inline';img-src *.google.co.in *.googletagmanager.com *.dyson.com.sg *.zipmoney.com.au *.facebook.com *.doubleclick.net *.mktgcdn.com *.swarovski.com *.dyson.vn *.zip.co *.adyen.com *.demdex.net *.everesttech.net *.dyson.co.uk *.gstatic.com *.omtrdc.net *.euw2.pure.cloud *.afterpay.com *.assetsadobe2.com *.amazonaws.com *.adobe.com *.google-analytics.com *.riskified.com *.bazaarvoice.com *.dyson.sk *.dyson.com.tr data: 'self' 'unsafe-inline';script-src *.googletagmanager.com *.facebook.net *.queue-it.net *.tradedoubler.com *.salecycle.com https://mt.adobe.launch.script.test.js/ *.zencdn.net *.optimalpeople.fr *.dynatrace.com *.zipmoney.com.au *.zip.co *.google.com *.afterpay.com *.boldchat.com *.newrelic.com *.googleapis.com *.google-analytics.com *.adobedtm.com *.bazaarvoice.com *.optimizely.com *.nr-data.net *.newrelic.com *.euw2.pure.cloud *.go-mpulse.net *.cookielaw.org *.brightcove.net *.nanorep.co *.jsdelivr.net *.amazonaws.com *.riskified.com blob: 'self' 'unsafe-inline' 'unsafe-eval';style-src *.zip.co *.googleapis.com *.optimizely.com *.amazonaws.com *.checkout.com 'self' 'unsafe-inline';object-src *.euw2.pure.cloud 'self' 'unsafe-inline';child-src *.euw2.pure.cloud blob: 'self' 'unsafe-inline';media-src *.brightcove.net *.dyson.com *.s3.amazonaws.com *.assetsadobe.com *.euw2.pure.cloud blob: 'self' 'unsafe-inline';manifest-src 'self' 'unsafe-inline';connect-src *.google.com *.dynatrace.com *.optimalpeople.fr *.akstat.io *.salecycle.com *.doubleclick.net *.google-analytics.com *.zipmoney.com.au *.zip.co *.adyen.com *.cloudfront.net *.nr-data.net *.amazonaws.com *.newrelic.com wss://webmessaging.euw2.pure.cloud *.bazaarvoice.com *.omtrdc.net *.cookielaw.org *.go-mpulse.net *.boldchat.com *.dyson.sk *.nanorep.co *.nanorep.com wss://websocket.bold360.com *.demdex.net *.riskified.com *.edq.com 'self' 'unsafe-inline';base-uri 'self' 'unsafe-inline'; 1 default-src 'none' ; manifest-src 'self' ; object-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com/ https://cdnjs.cloudflare.com/ajax/libs/gsap/ *.googleapis.com/ https://www.google-analytics.com/ https://cookie-cdn.cookiepro.com ; style-src 'self' 'unsafe-inline' https://www.gstatic.com/recaptcha/ https://fonts.googleapis.com/ ; img-src 'self' data: https://maps.gstatic.com/ *.cdninstagram.com/ https://cookie-cdn.cookiepro.com/ https://www.facebook.com/tr/ https://www.google-analytics.com/ https://maps.googleapis.com/ ; font-src 'self' data: https://fonts.gstatic.com/ ; connect-src 'self' https://maps.googleapis.com/ https://stats.g.doubleclick.net/ region1.google-analytics.com/ https://cookie-cdn.cookiepro.com/ https://www.google-analytics.com/ ; media-src 'self' ; form-action 'self' https://www.facebook.com/tr/ ; frame-src 'self' https://www.google.com/ ; report-to csp-endpoint 1 font-src *.fontawesome.com maxcdn.bootstrapcdn.com 'unsafe-inline' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://fittinglabs-development.firebaseapp.com https://fittinglabs-staging.firebaseapp.com https://fittinglabs-production.firebaseapp.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.youtube.com www.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://shop-demo.fittinglabs.it https://shop-dev.fittinglabs.it https://magento.test www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com www.facebook.com bam.nr-data.net epictv.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://apis.google.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com connect.facebook.net api.videoly.co js-agent.newrelic.com bam.nr-data.net dapi.videoly.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com https://api.fittinglabs.it https://api-demo.fittinglabs.it https://api-dev.fittinglabs.it https://identitytoolkit.googleapis.com https://securetoken.googleapis.com http://127.0.0.1:5000 http://localhost:5000 *.lottiefiles.com *.eu-central-1.linodeobjects.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com https://www.google-analytics.com bam.nr-data.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.eu-central-1.linodeobjects.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: wss://waf.intelix.pl wroclaw.intelix.pl:63981 waf.intelix.pl wss://wroclaw.intelix.pl:63981 static.site24x7rum.com www.google.com maps.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 default-src 'self' 'unsafe-inline' https://kiwirail.co.nz/* https://www.googletagmanager.com/ www.kiwirail.co.nz/* http://www.w3.org/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://www.facebook.com https://www.youtube.com/ https://connect.facebook.net/;img-src 'self' 'unsafe-inline' data: http://www.w3.org/ https://www.facebook.com/ https://www.google-analytics.com/;report-uri https://www.kiwirail.co.nz/csp/v1/report; 1 default-src 'self' data: 'unsafe-inline' https://www.google.com https://www.gstatic.com https://api.sandbox.braintreegateway.com https://api.braintreegateway.com https://browser-update.org https://cdn.jsdelivr.net https://fonts.googleapis.com https://widget.freshworks.com https://chart.googleapis.com; font-src *; form-action 'self'; report-uri /API/csp-report.php 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com www.google.co.uk static-tracking.klaviyo.com imgs.signifyd.com *.googleapis.com *.facebook.net storage.elfsight.com sogknives.com na.klarnaevt.com cdn11.bigcommerce.com fast.a.klaviyo.com static-forms.klaviyo.com analytics.google.com cdn.acsbapp.com api.userway.org core.service.elfsight.com *.bazaarvoice.com cdn.userway.org *.cloudfront.net region1.analytics.google.com cdn.avmws.com ad.ipredictive.com tasks.gsmoutdoors.com phosphor.utils.elfsightcdn.com cdn77.api.userway.org *.doubleclick.net www.google.co.il media-cdn.ipredictive.com bat.bing.com use.typekit.net images.ctfassets.net cdnjs.cloudflare.com www.googleoptimize.com *.facebook.com widget.gleamjs.io www.google-analytics.com x.klarnacdn.net *.amazon-adsystem.com *.gstatic.com *.online-metrix.net bes.gcp.data.bigcommerce.com www.google.ca www.instagram.com a.klaviyo.com www.google.com.au p.typekit.net apps.elfsight.com cdn.honey.io cdn-scripts.signifyd.com static.klaviyo.com js.klarna.com static.elfsight.com api.instagram.com www.gsmoutdoors.com cdn.contentful.com www.googletagmanager.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 object-src 'none';base-uri 'self';script-src 'nonce-D1SQreGLCfv2lGjoCp1EBg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-GkTNVo90k45sv42vjvgasw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' https://fonts.googleapis.com; script-src 'self'; style-src 'self'; img-src 'self'; font-src * 1 object-src 'none';base-uri 'self';script-src 'nonce-MfYTIXh4vR7G8ZvH3pYZFw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.googleapis.com *.custhelp.com www.googletagmanager.com *.doubleclick.net *.facebook.net code.jquery.com www.rnengage.com farm66.staticflickr.com tickers.mystocks.co.ke youtube.com www.google.com live.mystocks.co.ke *.gstatic.com www.google.co.ke analytics.google.com cdnjs.cloudflare.com *.facebook.com img04.en25.com region1.analytics.google.com *.googleadservices.com *.eloqua.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 font-src *.fontawesome.com *.gstatic.com 'self' data: fonts.gstatic.com *.cloudflare.com *.twitter.com *.typekit.net *.googleapis.com *.bootstrapcdn.com *.hotjar.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cleverreach.com *.twitter.com *.cleverreach.de 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com js.mollie.com *.weltpixel.com *.twitter.com *.addthis.com *.uptain.de *.hotjar.com *.facebook.com *.cleverreach.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.cloudfront.net https://www.mollie.com maps.gstatic.com x.klarnacdn.net *.gstatic.com *.cloudflare.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.usercentrics.eu *.google.de *.maxcluster.net *.magecomp.com *.ssl-amazon.com *.payments-amazon.com *.wimo.com *.google.com *.google.com.ua *.trbo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.googleapis.com *.gstatic.com s7.addthis.com js.mollie.com maps.googleapis.com x.klarnacdn.net/ https://www.googletagmanager.com tagmanager.google.com *.cloudflare.com *.twitter.com *.google-analytics.com googletagmanager.com *.trustedshops.com *.fontawesome.com *.addthis.com m.addthis.com z.moatads.com *.addthisedge.com graph.facebook.com widgets.pinterest.com *.usercentrics.eu app.uptain.de *.hotjar.com *.facebook.com *.facebook.net *.cloudflareinsights.com *.cleverreach.com *.cleverreach.de *.googleoptimize.com *.trbo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.googleapis.com *.gstatic.com fonts.googleapis.com tagmanager.google.com *.cloudflare.com *.twitter.com *.typekit.net *.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.io *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de ekr.zdassets.com/ t.elasticsuite.io *.google-analytics.com maps.googleapis.com https://www.google-analytics.com *.cloudflare.com *.twitter.com *.paypal.com *.usercentrics.eu *.uptain.de *.hotjar.com wss://ws15.hotjar.com *.hotjar.io *.google.com *.google.de *.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.gstatic.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.google.com *.google.com.ua *.google.co.uk *.paynup.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google.com *.google.com.ua *.google.co.uk *.gstatic.com *.doubleclick.net store.paradoxlabs.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io cdn.ampproject.org raw.githubusercontent.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google.com *.google.com.ua *.google.co.uk *.gstatic.com *.googletagmanager.com *.doubleclick.net *.avada.io *.paynup.com * *.authorize.net *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com https://static.klaviyo.com *.googleapis.com *.googletagmanager.com *.fontawesome.com *.paynup.com maxcdn.bootstrapcdn.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com cdn.ampproject.org www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google-analytics.com *.google.com https://get.geojs.io *.avada.io * *.authorize.net *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 report-uri https://www.tv5unis.ca/csp-report;default-src 'self' *.googlesyndication.com ;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.2mdn.net *.amazon-adsystem.com *.adsafeprotected.com *.doubleclick.net *.facebook.com *.facebook.net *.google.ca *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.crwdcntrl.net *.id5-sync.com *.scorecardresearch.com *.google-analytics.com *.gstatic.com *.hotjar.com *.tagman.ca *.pinimg.com *.tiktok.com *.tv5unis.ca cdn.ampproject.org snap.licdn.com tag.aticdn.net sc-static.net *.uidapi.com *.jsdelivr.net ;style-src 'self' 'unsafe-inline' *.tv5unis.ca fonts.googleapis.com ;img-src 'self' data: *.adsafeprotected.com *.doubleclick.net *.facebook.com *.google.ca *.google.com *.googleusercontent.com *.google-analytics.com *.googlesyndication.com *.scorecardresearch.com *.linkedin.com *.tiktok.com *.tv5unis.ca p.adsymptotic.com bcp.crwdcntrl.net platform-lookaside.fbsbx.com ;media-src 'self' blob: *.2mdn.net *.llnw.net *.uplynk.com *.gvt1.com ;frame-src 'self' *.doubleclick.net *.facebook.com *.firebaseapp.com/ *.google.com *.googlesyndication.com *.googleadservices.com ads.pubmatic.com imasdk.googleapis.com vars.hotjar.com tr.snapchat.com ;font-src 'self' data: fonts.gstatic.com ;connect-src 'self' *.2mdn.net *.adnxs.com *.amazon-adsystem.com *.amazon-adsystem.com *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.ca *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.gvt1.com *.linkedin.com *.llnw.net *.tagman.ca *.scorecardresearch.com *.tiktok.com *.tv5unis.ca *.uplynk.com bcp.crwdcntrl.net cdn.ampproject.org cdn.jsdelivr.net licensing.bitmovin.com platform-lookaside.fbsbx.com sc-static.net sentry.io snap.licdn.com static.hotjar.com tag.aticdn.net *.uidapi.com vendorlist.consensu.org https://api.tv5unis.ca ;worker-src 'self' blob: ;form-action 'self' www.facebook.com tr.snapchat.com ; 1 default-src 'self';connect-src 'self' marketing.cockroachlabs.cloud https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://autocomplete.clearbit.com https://status.cockroachlabs.cloud https://marketing.cockroachlabs.cloud 350-qin-827.mktoresp.com https://eligibility.wootric.com https://wootric-eligibility.herokuapp.com https://r3f773swz03t.statuspage.io https://checkout.stripe.com https://api.stripe.com https://fast.appcues.com wss://api.appcues.net https://api.segment.io https://cdn.segment.com https://session-replay.browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://logs.browser-intake-datadoghq.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' marketing.cockroachlabs.cloud https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.google-analytics.com https://*.googletagmanager.com https://r3f773swz03t.statuspage.io cdn.wootric.com munchkin.marketo.net https://checkout.stripe.com https://js.stripe.com cdn.segment.com https://cdn.madkudu.com fast.appcues.com;child-src 'self' marketing.cockroachlabs.cloud blob: https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.cockroachlabs.com https://checkout.stripe.com https://js.stripe.com https://r3f773swz03t.statuspage.io;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fast.appcues.com;font-src 'self' https://fonts.gstatic.com data:;img-src 'self' data: https://logo.clearbit.com https://*.stripe.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat;report-uri /csp-reports 1 base-uri 'self'; default-src 'none'; child-src 'self'; connect-src 'self' https://*.google-analytics.com https://sentry.io https://stats.g.doubleclick.net https://www.facebook.com; font-src 'self' https://fonts.gstatic.com https://hello.myfonts.net data:; form-action 'self'; frame-ancestors 'self'; frame-src 'self'; img-src 'self' https://*.google-analytics.com https://*.googletagmanager.com blob: data:; media-src 'none'; object-src 'self' blob:; manifest-src 'self'; script-src 'self' https://*.google-analytics.com https://*.googletagmanager.com https://browser.sentry-cdn.com https://www.youtube.com https://s.ytimg.com https://connect.facebook.net 'unsafe-inline'; style-src 'self' https://fonts.googleapis.com https://hello.myfonts.net 'unsafe-inline'; report-uri https://o115950.ingest.sentry.io/api/5442953/security/?sentry_key=2d010088d19e4231bfaafcd8c84034a0&sentry_release=&sentry_environment=live; upgrade-insecure-requests 1 img-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; 1 default-src 'self'; font-src 'self' *.gstatic.com use.fontawesome.com; img-src 'self' data: *.eventdata.co.uk *.eventdata.uk eventdata.uk *.google-analytics.com px.ads.linkedin.com connect.facebook.com connect.facebook.net syndication.twitter.com; script-src-elem 'self' 'unsafe-hashes' 'unsafe-inline' *.eventdata.co.uk *.eventdata.uk eventdata.uk pay.dnapayments.com *.googletagmanager.com *.google-analytics.com cdnjs.cloudflare.com app.webreg.me snap.licdn.com connect.facebook.net use.fontawesome.com platform.linkedin.com platform.twitter.com; script-src 'self' 'unsafe-hashes' 'unsafe-inline' connect.facebook.net; style-src 'self' *.googleapis.com cdnjs.cloudflare.com *.eventdata.co.uk *.eventdata.uk eventdata.uk connect.facebook.net; style-src-elem 'self' 'unsafe-inline' *.googleapis.com cdnjs.cloudflare.com *.eventdata.co.uk *.eventdata.uk eventdata.uk connect.facebook.net; style-src-attr 'unsafe-hashes' 'unsafe-inline'; frame-ancestors 'self'; connect-src 'self' *.google-analytics.com stats.g.doubleclick.net app.gleanin.com connect.facebook.com; frame-src www.booking.com platform.twitter.com pay.dnapayments.com; report-uri https://qtq417pr.uriports.com/reports/report; report-to default 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.omtrdc.net sc.omtrdc.net *.adobedtm.com *.btttag.com *.boardsbeyond.com boardsbeyond.com *.bootstrapcdn.com bootstrapcdn.com iad-03.braze.com *.cloudfront.net *.doubleclick.net doubleclick.net google.lv *.googleadservices.com googleadservices.com *.googleapis.com googleapis.com *.googletagmanager.com azurewebsites.net blob.core.windows.net *.msn.com msn.com *.pendo.io pendo.io ingest.sentry.io data: blob:; img-src 'self' *.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com *.btttag.com btttag.com *.boardsbeyond.com boardsbeyond.com *.bootstrapcdn.com bootstrapcdn.com braintreegateway.com sandbox.braintreegateway.com iad-03.braze.com cloudflare.com cloudflareinsights.com *.cloudfront.net cloudfront.net g.doubleclick.net *.doubleclick.net doubleclick.net facebook.com facebook.net analytics.google.com google.ae google.am google.at google.az google.ba google.be google.bg google.bs google.by google.ca google.cd google.cg google.ch google.cl google.cm google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ma google.co.nz google.co.th google.co.tz google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.com google.com.af google.com.ag google.com.ar google.com.au google.com.bd google.com.bh google.com.bo google.com.br google.com.bz google.com.co google.com.cu google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.gh google.com.gt google.com.hk google.com.jm google.com.kw google.com.lb google.com.ly google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sv google.com.tj google.com.tr google.com.tw google.com.ua google.com.vc google.com.vn google.cz google.de google.dm google.dz google.ee google.es google.fi google.fr google.ge google.gm google.gr google.gy google.hn google.hu google.ie google.iq google.it google.je google.jo google.kg google.kz google.lk google.lt google.lu google.lv google.md google.me google.mn google.mu google.nl google.no google.pl google.ps google.pt google.ro google.ru google.rw google.se google.sk google.so google.sr google.tg google.tt googlesyndication.com gstatic.com *.googleadservices.com googleadservices.com *.googleapis.com googleapis.com *.googletagmanager.com googletagmanager.com google-analytics.com jsdelivr.net azurewebsites.net blob.core.windows.net *.msn.com msn.com cookielaw.org onetrust.com braintree-api.com paypal.com paypalobjects.com sandbox.braintree-api.com sandbox.paypal.com stats.paypal.com *.pendo.io pendo.io ingest.sentry.io srv.stackadapt.com youtube.com ytimg.com data: blob:; font-src 'self' *.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com *.btttag.com btttag.com *.boardsbeyond.com boardsbeyond.com *.bootstrapcdn.com bootstrapcdn.com braintreegateway.com sandbox.braintreegateway.com iad-03.braze.com cloudflare.com cloudflareinsights.com *.cloudfront.net cloudfront.net g.doubleclick.net *.doubleclick.net doubleclick.net facebook.com facebook.net analytics.google.com google.ae google.am google.at google.az google.ba google.be google.bg google.bs google.by google.ca google.cd google.cg google.ch google.cl google.cm google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ma google.co.nz google.co.th google.co.tz google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.com google.com.af google.com.ag google.com.ar google.com.au google.com.bd google.com.bh google.com.bo google.com.br google.com.bz google.com.co google.com.cu google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.gh google.com.gt google.com.hk google.com.jm google.com.kw google.com.lb google.com.ly google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sv google.com.tj google.com.tr google.com.tw google.com.ua google.com.vc google.com.vn google.cz google.de google.dm google.dz google.ee google.es google.fi google.fr google.ge google.gm google.gr google.gy google.hn google.hu google.ie google.iq google.it google.je google.jo google.kg google.kz google.lk google.lt google.lu google.lv google.md google.me google.mn google.mu google.nl google.no google.pl google.ps google.pt google.ro google.ru google.rw google.se google.sk google.so google.sr google.tg google.tt googlesyndication.com gstatic.com *.googleadservices.com googleadservices.com *.googleapis.com googleapis.com *.googletagmanager.com googletagmanager.com google-analytics.com jsdelivr.net azurewebsites.net blob.core.windows.net *.msn.com msn.com cookielaw.org onetrust.com braintree-api.com paypal.com paypalobjects.com sandbox.braintree-api.com sandbox.paypal.com stats.paypal.com *.pendo.io pendo.io ingest.sentry.io srv.stackadapt.com youtube.com ytimg.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com *.btttag.com btttag.com *.boardsbeyond.com boardsbeyond.com *.bootstrapcdn.com bootstrapcdn.com braintreegateway.com sandbox.braintreegateway.com iad-03.braze.com cloudflare.com cloudflareinsights.com *.cloudfront.net cloudfront.net g.doubleclick.net *.doubleclick.net doubleclick.net facebook.com facebook.net analytics.google.com google.ae google.am google.at google.az google.ba google.be google.bg google.bs google.by google.ca google.cd google.cg google.ch google.cl google.cm google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ma google.co.nz google.co.th google.co.tz google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.com google.com.af google.com.ag google.com.ar google.com.au google.com.bd google.com.bh google.com.bo google.com.br google.com.bz google.com.co google.com.cu google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.gh google.com.gt google.com.hk google.com.jm google.com.kw google.com.lb google.com.ly google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sv google.com.tj google.com.tr google.com.tw google.com.ua google.com.vc google.com.vn google.cz google.de google.dm google.dz google.ee google.es google.fi google.fr google.ge google.gm google.gr google.gy google.hn google.hu google.ie google.iq google.it google.je google.jo google.kg google.kz google.lk google.lt google.lu google.lv google.md google.me google.mn google.mu google.nl google.no google.pl google.ps google.pt google.ro google.ru google.rw google.se google.sk google.so google.sr google.tg google.tt googlesyndication.com gstatic.com *.googleadservices.com googleadservices.com *.googleapis.com googleapis.com *.googletagmanager.com googletagmanager.com google-analytics.com jsdelivr.net azurewebsites.net blob.core.windows.net *.msn.com msn.com cookielaw.org onetrust.com braintree-api.com paypal.com paypalobjects.com sandbox.braintree-api.com sandbox.paypal.com stats.paypal.com *.pendo.io pendo.io ingest.sentry.io srv.stackadapt.com youtube.com ytimg.com data: blob:; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com *.btttag.com btttag.com *.boardsbeyond.com boardsbeyond.com *.bootstrapcdn.com bootstrapcdn.com braintreegateway.com sandbox.braintreegateway.com iad-03.braze.com cloudflare.com cloudflareinsights.com *.cloudfront.net cloudfront.net g.doubleclick.net *.doubleclick.net doubleclick.net facebook.com facebook.net analytics.google.com google.ae google.am google.at google.az google.ba google.be google.bg google.bs google.by google.ca google.cd google.cg google.ch google.cl google.cm google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ma google.co.nz google.co.th google.co.tz google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.com google.com.af google.com.ag google.com.ar google.com.au google.com.bd google.com.bh google.com.bo google.com.br google.com.bz google.com.co google.com.cu google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.gh google.com.gt google.com.hk google.com.jm google.com.kw google.com.lb google.com.ly google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sv google.com.tj google.com.tr google.com.tw google.com.ua google.com.vc google.com.vn google.cz google.de google.dm google.dz google.ee google.es google.fi google.fr google.ge google.gm google.gr google.gy google.hn google.hu google.ie google.iq google.it google.je google.jo google.kg google.kz google.lk google.lt google.lu google.lv google.md google.me google.mn google.mu google.nl google.no google.pl google.ps google.pt google.ro google.ru google.rw google.se google.sk google.so google.sr google.tg google.tt googlesyndication.com gstatic.com *.googleadservices.com googleadservices.com *.googleapis.com googleapis.com *.googletagmanager.com googletagmanager.com google-analytics.com jsdelivr.net azurewebsites.net blob.core.windows.net *.msn.com msn.com cookielaw.org onetrust.com braintree-api.com paypal.com paypalobjects.com sandbox.braintree-api.com sandbox.paypal.com stats.paypal.com *.pendo.io pendo.io ingest.sentry.io srv.stackadapt.com youtube.com ytimg.com data: blob:; style-src 'self' 'unsafe-inline' *.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com *.btttag.com btttag.com *.boardsbeyond.com boardsbeyond.com *.bootstrapcdn.com bootstrapcdn.com braintreegateway.com sandbox.braintreegateway.com iad-03.braze.com cloudflare.com cloudflareinsights.com *.cloudfront.net cloudfront.net g.doubleclick.net *.doubleclick.net doubleclick.net facebook.com facebook.net analytics.google.com google.ae google.am google.at google.az google.ba google.be google.bg google.bs google.by google.ca google.cd google.cg google.ch google.cl google.cm google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ma google.co.nz google.co.th google.co.tz google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.com google.com.af google.com.ag google.com.ar google.com.au google.com.bd google.com.bh google.com.bo google.com.br google.com.bz google.com.co google.com.cu google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.gh google.com.gt google.com.hk google.com.jm google.com.kw google.com.lb google.com.ly google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sv google.com.tj google.com.tr google.com.tw google.com.ua google.com.vc google.com.vn google.cz google.de google.dm google.dz google.ee google.es google.fi google.fr google.ge google.gm google.gr google.gy google.hn google.hu google.ie google.iq google.it google.je google.jo google.kg google.kz google.lk google.lt google.lu google.lv google.md google.me google.mn google.mu google.nl google.no google.pl google.ps google.pt google.ro google.ru google.rw google.se google.sk google.so google.sr google.tg google.tt googlesyndication.com gstatic.com *.googleadservices.com googleadservices.com *.googleapis.com googleapis.com *.googletagmanager.com googletagmanager.com google-analytics.com jsdelivr.net azurewebsites.net blob.core.windows.net *.msn.com msn.com cookielaw.org onetrust.com braintree-api.com paypal.com paypalobjects.com sandbox.braintree-api.com sandbox.paypal.com stats.paypal.com *.pendo.io pendo.io ingest.sentry.io srv.stackadapt.com youtube.com ytimg.com data: blob:; style-src-elem 'self' 'unsafe-inline' *.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com *.btttag.com btttag.com *.boardsbeyond.com boardsbeyond.com *.bootstrapcdn.com bootstrapcdn.com braintreegateway.com sandbox.braintreegateway.com iad-03.braze.com cloudflare.com cloudflareinsights.com *.cloudfront.net cloudfront.net g.doubleclick.net *.doubleclick.net doubleclick.net facebook.com facebook.net analytics.google.com google.ae google.am google.at google.az google.ba google.be google.bg google.bs google.by google.ca google.cd google.cg google.ch google.cl google.cm google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ma google.co.nz google.co.th google.co.tz google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.com google.com.af google.com.ag google.com.ar google.com.au google.com.bd google.com.bh google.com.bo google.com.br google.com.bz google.com.co google.com.cu google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.gh google.com.gt google.com.hk google.com.jm google.com.kw google.com.lb google.com.ly google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sv google.com.tj google.com.tr google.com.tw google.com.ua google.com.vc google.com.vn google.cz google.de google.dm google.dz google.ee google.es google.fi google.fr google.ge google.gm google.gr google.gy google.hn google.hu google.ie google.iq google.it google.je google.jo google.kg google.kz google.lk google.lt google.lu google.lv google.md google.me google.mn google.mu google.nl google.no google.pl google.ps google.pt google.ro google.ru google.rw google.se google.sk google.so google.sr google.tg google.tt googlesyndication.com gstatic.com *.googleadservices.com googleadservices.com *.googleapis.com googleapis.com *.googletagmanager.com googletagmanager.com google-analytics.com jsdelivr.net azurewebsites.net blob.core.windows.net *.msn.com msn.com cookielaw.org onetrust.com braintree-api.com paypal.com paypalobjects.com sandbox.braintree-api.com sandbox.paypal.com stats.paypal.com *.pendo.io pendo.io ingest.sentry.io srv.stackadapt.com youtube.com ytimg.com data: blob:; object-src 'none'; frame-ancestors *; upgrade-insecure-requests; 1 default-src 'self' https:; font-src 'self' https: data: https://fonts.googleapis.com; img-src 'self' https: data:; object-src 'none'; script-src 'self' https: https://d2wy8f7a9ursnm.cloudfront.net https://cdnjs.cloudfront.com https://cdn.pendo.io 'nonce-I5yjKXW4hMGPl1Qfe67tew=='; style-src 'self' https: https://fonts.googlconsole.com 'nonce-I5yjKXW4hMGPl1Qfe67tew==' 1 default-src https: 'unsafe-inline' 'unsafe-eval' 'self' data:; img-src 'self' *.eff.org data:; connect-src https: 'unsafe-inline' 'unsafe-eval' 'self' data: https://sentry.eff.org/api/2/store/; report-uri https://sentry.eff.org/api/2/security/?sentry_key=f1118ad37b5e4afbabe3487ca42fe73e 1 object-src 'none';base-uri 'self';script-src 'nonce-H0v5L3vwYbPbwtJFPMWYZw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src-elem 'self' 'unsafe-inline' https://euassets.gulfoilltd.com/ https://www.youtube.com/ https://www.googletagmanager.com/ https://platform.twitter.com/ https://www.gstatic.com/ https://secure.data-insight365.com/js/265784.js https://www.google-analytics.com/analytics.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.hotjar.com/c/hotjar-3470892.js https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://connect.facebook.net/en_US/fbevents.js https://script.hotjar.com/modules.2de3322c0609a6da3702.js https://connect.facebook.net/signals/config/214369947959115 https://secure.data-insight365.com/Track/Capture.aspx https://connect.facebook.net/signals/config/515690463347689 https://script.hotjar.com/modules.cf637fb03b42388e3bf3.js https://script.hotjar.com/browser-perf.33dcc26815d7481e62e8.js https://script.hotjar.com/modules.12bb18a8ada54a042e86.js https://script.hotjar.com/modules.736847466fb559831017.js https://script.hotjar.com/modules.78e2d84033035343416f.js https://script.hotjar.com/modules.0ef46a83101151841364.js cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com; style-src 'self' 'unsafe-inline' https://euassets.gulfoilltd.com/ cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com netdna.bootstrapcdn.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://euassets.gulfoilltd.com/ https://script.hotjar.com/modules.0ef46a83101151841364.js cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com netdna.bootstrapcdn.com; frame-ancestors 'self' 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: v2.mtnfeed.com vauth.command.verkada.com *.demdex.net *.facebook.com cdn.inbenta.io 65b80e0ba474e800088c0c12--heuristic-pare-aa03ec.netlify.app use.typekit.net bat.bing.com *.omtrdc.net *.gstatic.com 65f36ba4407d71000885ad04--heuristic-pare-aa03ec.netlify.app cookies.alterramtnco.com pippio.com *.clarity.ms sdk.inbenta.io cdn.cookielaw.org *.doubleclick.net backend.roundshot.com *.everesttech.net assets.pixlee.com www.googletagmanager.com apolloprogram.io crystalmountainresort.roundshot.com adservice.google.com assets.adobedtm.com edge.adobedc.net assets.pxlecdn.com *.adsrvr.org *.facebook.net vc.hotjar.io *.bidr.io idsync.rlcdn.com rum.browser-intake-us3-datadoghq.com session-replay.browser-intake-us3-datadoghq.com *.hotjar.com command.verkada.com 655264f0813f72000819adf1--heuristic-pare-aa03ec.netlify.app www.pages08.net p.typekit.net analytics.google.com media-mammothresorts-com.s3.us-west-2.amazonaws.com www.inntopia.travel mtnpowder.com s3.amazonaws.com www.datadoghq-browser-agent.com www.sc.pages08.net code.createjs.com *.onetrust.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 font-src 'self' data: https://fonts.gstatic.com https://fonts.intercomcdn.com https://fonts.googleapis.com https://popsql.com https://popsql.com ; frame-src 'self' https://intercom-sheets.com https://vercel.live ; media-src 'self' blob: ; script-src 'self' 'unsafe-inline' https://popsql.com https://popsql.com http://cdn.mxpnl.com http://fast.wistia.com http://static.asayer.io http://www.google-analytics.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.googletagmanager.com https://assets.customer.io https://cdn.koala.live https://cdn.segment.com https://cmp.osano.com https://js-na1.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hsadspixel.net https://js.intercomcdn.com https://snap.licdn.com https://static.asayer.io https://vercel.live https://widget.intercom.io https://www.redditstatic.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://fonts.googleapis.com ; worker-src 'self' blob: ; 1 font-src fonts.gstatic.com *.thron.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.iubenda.com *.thron.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.gstatic.com maps.googleapis.com cdn.rawgit.com/googlemaps/ cdn.jsdelivr.net/gh/googlemaps/ *.iubenda.com *.thron.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com *.iubenda.com *.thron.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.thron.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.thron.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.bolt.com https://configure-staging.arper.com maps.googleapis.com *.iubenda.com *.thron.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://configure-staging.arper.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self';script-src 'self' 'nonce-RVxj0rHbWdDNMg+TkbiWUqnL' *.travcorpservices.com/ https://www.google.com https://www.google-analytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://ajax.googleapis.com https://www.gstatic.com https://googleads.g.doubleclick.net https://api.feefo.com https://register.feefo.com https://bat.bing.com https://cdn.evgnet.com https://connect.facebook.net https://i.clarity.ms https://static-ssl.responsetap.com *.hotjar.com/ https://tag.simpli.fi https://unpkg.com https://www.bugherd.com https://www.datadoghq-browser-agent.com https://assetscdn.stackla.com/media/js/ https://vjs.zencdn.net https://cdn.amplitude.com/libs/ https://sdk.joinsherpa.io https://apps.mypurecloud.com https://consentcdn.cookiebot.com https://cdnjs.cloudflare.com https://ttc-contiki.entry.promo https://cdn.optimizely.com https://www.riddle.com;style-src 'self' 'unsafe-inline' https://assetscdn.stackla.com/media/components/stackla-uikit/dist/ https://fonts.googleapis.com https://p.typekit.net https://use.typekit.net https://vjs.zencdn.net https://apps.mypurecloud.com;img-src 'self' https://bat.bing.com https://c.clarity.ms https://i.ytimg.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.uplift-platform.com;frame-src 'self' https://10006172.fls.doubleclick.net https://uplift-cdn-stg.uplift.com https://vars.hotjar.com https://widget.stackla.com https://www.google.com https://apps.joinsherpa.io;font-src 'self' https://assetscdn.stackla.com https://fonts.gstatic.com https://use.typekit.net https://vjs.zencdn.net https://apps.mypurecloud.com;connect-src 'self' *.travcorpservices.com/ *.travcorp.com/ *.corp.ttc:7443/ https://api.feefo.com https://bat.bing.com https://in.hotjar.com https://ws11.hotjar.com/api/ https://l.clarity.ms https://metrics.responsetap.com/infinity/ https://noembed.com https://pm-mrkt.prodgw.uplift-platform.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://ttctravel.germany-2.evergage.com https://www.facebook.com https://www.google-analytics.com 1 default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.luckyorange.com *.elfsight.com *.googletagmanager.com *.facebook.net *.google-analytics.com *.googleadservices.com *.ads-twitter.com *.bing.com *.clickcease.com *.g.doubleclick.net blob: *.clarity.ms includestest.ccdc02.com *.google.com *.twitter.com t.co *.adroll.com *.gstatic.com *.nr-data.net *.newrelic.com;object-src 'none';style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.support.vmedia.ca *.luckyorange.com *.myfonts.net;img-src 'self' *;media-src 'self' *;frame-src 'self' *.google.com *.g.doubleclick.net *.facebook.com;font-src 'self' *;connect-src 'self' *.luckyorange.com *.elfsight.com *.google-analytics.com *.g.doubleclick.net *.uc.r.appspot.com wss://in.visitors.live wss://realtime.luckyorange.com public-auth-dot-lucky-orange.appspot-preview.com *.clarity.ms *.googleapis.com *.postescanada-canadapost.ca *.facebook.com *.googleadservices.com bat.bing.com sentry.io bam-cell.nr-data.net;report-uri /WebResource.axd?cspReport=true 1 default-src https: 'unsafe-inline' 'unsafe-eval' data: about: blob: wss://*.tawk.to; report-uri /_resources/php/csp-report.php 1 report-to slardar-endpoint; script-src 'unsafe-eval' 'report-sample' 'nonce-80b49e00838983bd4562951ae813451c-argus' 'strict-dynamic'; 1 font-src *.cloudflare.com *.youtube.com *.twitter.com *.gstatic.com *.typekit.net *.mail.ru *.twimg.com *.trustedshops.com *.googleapis.com data: *.flocktory.com *.chatra.io *.adhigh.net *.weborama.fr *.acstat.com *.advcake.com *.cnt.my gdeslon.ru *.gdeslon.ru *.indoleads.com *.vk.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.twitter.com *.youtube.com *.chatra.io *.acstat.com *.advcake.com *.cnt.my gdeslon.ru *.gdeslon.ru *.indoleads.com *.vk.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.twitter.com *.youtube.com *.yandex.md *.flocktory.com *.mail.ru *.chatra.io *.adhigh.net *.weborama.fr *.acstat.com *.advcake.com *.cnt.my *.google.com gdeslon.ru *.gdeslon.ru *.indoleads.com *.vk.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.twitter.com *.yandex.md *.flocktory.com *.mail.ru *.chatra.io *.adhigh.net *.weborama.fr *.acstat.com *.advcake.com *.cnt.my *.google.com gdeslon.ru *.gdeslon.ru *.indoleads.com *.vk.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.cloudflare.com *.youtube.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.nr-data.net *.mail.ru *.googletagmanager.com *.bi.owox.com *.google.com *.google.ru *.flocktory.com *.chatra.io *.adhigh.net *.weborama.fr *.acstat.com *.advcake.com *.cnt.my gdeslon.ru *.gdeslon.ru *.indoleads.com *.vk.com vk.com *.maps.yandex.net *.yandex.ru *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.cloudflare.com *.youtube.com *.twitter.com *.google-analytics.com *.google.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.newrelic.com *.nr-data.net *.omtrdc.net *.googletagmanager.com *.jsdelivr.net *.flocktory.com *.mail.ru *.chatra.io *.adhigh.net *.weborama.fr *.acstat.com *.advcake.com *.cnt.my gdeslon.ru *.gdeslon.ru *.indoleads.com *.vk.com vk.com *.api-maps.yandex.ru *.suggest-maps.yandex.ru *.maps.yandex.net *.yandex.ru https://yastatic.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com maps.googleapis.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.youtube.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.jsdelivr.net *.flocktory.com *.mail.ru *.chatra.io *.adhigh.net *.weborama.fr *.acstat.com *.advcake.com *.cnt.my gdeslon.ru *.gdeslon.ru *.indoleads.com *.vk.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net *.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cloudflare.com *.youtube.com *.twitter.com *.paypal.com *.twimg.com *.google-analytics.com *.nr-data.net *.mail.ru *.dadata.ru *.demdex.net *.ipify.org *.yandex.ru ymetrica1.com *.bi.owox.com *.google.com *.yandex.md *.flocktory.com *.chatra.io *.adhigh.net *.weborama.fr *.acstat.com *.advcake.com *.cnt.my gdeslon.ru *.gdeslon.ru *.indoleads.com *.vk.com stats.g.doubleclick.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.gstatic.com use.typekit.net *.fontawesome.com 'unsafe-inline' data: *.listrakbi.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.fontawesome.com *.livehelpnow.net *.listrakbi.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.facebook.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.fontawesome.com *.livehelpnow.net *.listrakbi.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net qa-api.magedevteam.com *.fontawesome.com *.listrakbi.com *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-KUoKQPWQmJBvym_1Jz6G0g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src fonts.gstatic.com *.googleapis.com *.gstatic.com *.klevu.com *.ksearchnet.com *.cloudflare.com *.candid-io.site44.com *.typekit.net data: https://fonts.googleapis.com *.hotjar.com *.digitalgenius.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://ct.pinterest.com 'self' javascript: 'unsafe-inline' javascript: 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.dotdigital-pages.com *.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com magento-cloudflare.jetrails.com www.youtube.com *.getcandid.com *.vimeo.com *.zohopublic.com *.candid-io.site44.com *.googleapis.com *.hotjar.com *.pinterest.com https://connect.chargelogic.com https://www.google.com https://eazyform.app *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com www.apptrian.com ct.pinterest.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.ytimg.com *.klevu.com *.ksearchnet.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twimg.com *.getcandid.com *.azureedge.net *.arteriorshome.com *.cdninstagram.com *.candid.io https://forms.hsforms.com https://forms-na1.hsforms.com https://candid-io.site44.com https://bam.nr-data.net https://track.hubspot.com *.userway.org data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.apptrian.com www.pinterest.com s.pinimg.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klevu.com *.ksearchnet.com *.avada.io *.cloudflare.com *.google-analytics.com *.google.com *.typekit.net *.fontawesome.com *.hsforms.net *.hsforms.com *.nr-data.net *.newrelic.com *.getcandid.com *.netdna-ssl.com *.jquery.com *.candid-io.site44.com *.hotjar.com https://maxcdn.bootstrapcdn.com *.digitalgenius.com https://cdn.jsdelivr.net https://eazyform.app https://js.hs-scripts.com *.hscollectedforms.net *.noibu.com *.pingdom.net https://js.hs-analytics.net https://js.hs-banner.com https://rum-static.pingdom.net https://cdn.noibu.com/collect.js *.userway.org https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.klevu.com *.ksearchnet.com *.hotjar.com *.cloudflare.com *.googleapis.com *.twimg.com *.gstatic.com *.typekit.net *.getcandid.com *.fontawesome.com *.candid-io.site44.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com ct.pinterest.com https://www.arteriorshome.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com cdn.ampproject.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com www.apptrian.com ct.pinterest.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klevu.com *.ksearchnet.com https://get.geojs.io *.avada.io *.cloudflare.com *.candid-io.site44.com *.nr-data.net *.hsforms.net *.hsforms.com *.azureedge.net *.getcandid.com *.hotjar.com *.js.hs-banner.com *.noibu.com *.pingdom.net *.hscollectedforms.net wss://input.noibu.com *.dgdeepai.com *.userway.org https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-nC-uFpZF3pElAz96BRXw4w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' https: data: sentry.io; script-src 'self' 'self' https: data: 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com; style-src 'self' https: 'unsafe-inline' cdn.materialdesignicons.com; img-src 'self' data: blob: *.knownorigin.io ko-blog-assets.imgix.net firebasestorage.googleapis.com translate.googleapis.com storage.googleapis.com user-profile-images-cdn-bucket.storage.googleapis.com www.google.com www.google.co.uk www.google.co.tz www.google.rw www.google.co.zw www.google.com.jm www.google.com.kw www.google.com.mm www.google.com.tj www.google.tt www.google.so www.google.cm www.google.gl www.google.vu analytics.google.com storage.cloud.google.com *.google-analytics.com www.googletagmanager.com fonts.gstatic.com alb.reddit.com www.facebook.com analytics.twitter.com t.co stats.g.doubleclick.net ipfs.infura.io reneil.eth.link registry.walletconnect.com script.hotjar.com yastatic.net connect.facebook.net ipfs.infura.io js.intercomcdn.com syndication.twitter.com downloads.intercomcdn.com static.intercomassets.com images.squarespace-cdn.com cdn.jsdelivr.net ct.pinterest.com cdn.cookielaw.org; font-src 'self' data: fonts.gstatic.com cdn.jsdelivr.net fonts.intercomcdm.com at.alicdn.com script.hotjar.com use.typekit.net cdn.materialdesignicons.com cdn.megabonus.com fonts.intercomcdn.com rsms.me; connect-src 'self' properties: https: data: ipfs: blob: wss: *.intercom.io stats.g.doubleclick.net; worker-src 'self' https: blob:; media-src 'self' https: blob:; child-src 'self' https: blob:; report-uri https://o4504282778632192.ingest.sentry.io/api/4504283174666240/security/?sentry_key=4543d5feb32c40059b2d574493fcebb7&sentry_environment=production 1 default-src 'self' blob: wss: data: https:; img-src 'self' data: blob: https: android-webview-video-poster android-webview https://assets.badenova.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https: https://www.googletagmanager.com https://connect.facebook.net; script-src-elem 'self' 'unsafe-inline' https: https://cdn.tagcommander.com https://connect.facebook.net https://widgets.trustedshops.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://static.badenova.de; connect-src 'self' wss: https:; style-src 'self' 'unsafe-inline' data: https:; frame-src 'self' data: https:; report-uri https://o569815.ingest.sentry.io/api/5716003/security/?sentry_key=ba1ca883ccf34f2db27be1ed29aedfa3 1 object-src 'none';base-uri 'self';script-src 'nonce-A9KUbsAPrglHf0KdvmLHXg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-mFN5tkiAmAWB-lzER3XF0g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src fonts.gstatic.com use.typekit.net *.google.com *.gstatic.com *.cloudfront.net *.amazonaws.com *.klevu.com *.fontawesome.com *.googleapis.com *.socialannex.com *.amplighting.com amplighting.com voltlighting.com *.voltlighting.com *.hotjar.com *.bazaarvoice.com *.ksearchnet.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de api.bazaarvoice.com stg.api.bazaarvoice.com *.google.com *.gstatic.com www.facebook.com *.amazonaws.com *.amplighting.com amplighting.com voltlighting.com *.voltlighting.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.affirm.com *.affirm.ca display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.google.com *.gstatic.com www.facebook.com *.googletagmanager.com *.googleapis.com *.amazonaws.com *.paypalobjects.com www.paypalobjects.com amc.demdex.net fast.amc.demdex.net bid.g.doubleclick.net nsg.symantec.com *.hotjar.com www.youtube.com www.pinterest.com *.twitter.com *.socialannex.net *.amplighting.com amplighting.com voltlighting.com *.voltlighting.com https://nytrng.com/ *.attn.tv *.guarantee-cdn.com ssl.kaptcha.com *.fls.doubleclick.net *.paypal.com *.googlesyndication.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.affirm.com *.affirm.ca display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.google.com *.klevu.com bat.bing.com *.gstatic.com www.facebook.com connect.facebook.net googleads.g.doubleclick.net www.google.co.in *.amazonaws.com dpm.demdex.net amc.demdex.net *.visualwebsiteoptimizer.com *.powerreviews.com *.cloudfront.net nsg.symantec.com *.wpengine.com www.googletagmanager.com cdn.socialannex.com *.cloudinary.com *.gravatar.com *.adobedtm.com *.amplighting.com amplighting.com voltlighting.com *.voltlighting.com *.trackedlink.net *.b0e8.com *.guarantee-cdn.com *.clarity.ms *.bing.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.lfeeder.com *.shop.pe wt.rqtrk.eu id5-sync.com *.payments-amazon.com guarantee-cdn.com 'self' blob: *.hotjar.com https://bttrack.com *.paypalobjects.com *.googlesyndication.com *.doubleclick.net *.hubspot.com graph.facebook.com business.facebook.com *.ksearchnet.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://redchamps.com *.facebook.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.sandbox.paypal.com t.paypal.com assets.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.affirm.com *.affirm.ca apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.google.com bat.bing.com *.gstatic.com *.klevu.com www.facebook.com *.cloudfront.net googleads.g.doubleclick.net *.powerreviews.com unpkg.com *.visualwebsiteoptimizer.com *.amazonaws.com *.googletagmanager.com *.googleapis.com js-agent.newrelic.com nsg.symantec.com a.opmnstr.com bam.nr-data.net bam-cell.nr-data.net cdn.socialannex.com *.hotjar.com *.instagram.net cdn.plyr.io stackpath.bootstrapcdn.com dn.jsdelivr.net code.jquery.com *.socialannex.com *.amplighting.com amplighting.com voltlighting.com *.voltlighting.com *.bc0a.com cdn.attn.tv guarantee-cdn.com cdn.b0e8.com *.clarity.ms https://www.google-analytics.com *.lfeeder.com https://shop.pe *.shop.pe wt.rqtrk.eu cdn.id5-sync.com *.blackcrow.ai *.bttrack.com https://bttrack.com *.google.co.in *.googleadservices.com *.authorize.net *.paypal.com www.youtube.com analytics.tiktok.com tpc.googlesyndication.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com connect.facebook.net graph.facebook.com business.facebook.com js.klevu.com *.ksearchnet.com *.kaptcha.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com analytics.google.com *.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com display.ugc.bazaarvoice.com *.google.com *.klevu.com *.powerreviews.com *.gstatic.com *.cloudfront.net *.amazonaws.com stats.g.doubleclick.net www.google-analytics.com *.socialannex.com *.amplighting.com amplighting.com voltlighting.com *.voltlighting.com *.hotjar.com *.fontawesome.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.ksearchnet.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.snplow.net commerce.adobedc.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.affirm.com *.affirm.ca api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.google.com bat.bing.com *.gstatic.com *.amazonaws.com *.paypal.com *.googletagmanager.com *.googleapis.com *.dotdigital.com dpm.demdex.net amcglobal.sc.omtrdc.net *.cardinalcommerce.com stats.g.doubleclick.net get.geojs.io *.powerreviews.com api.omappapi.com *.wpengine.com bam.nr-data.net bam-cell.nr-data.net stats.ksearchnet.com *.ksearchnet.com *.demdex.net *.socialannex.com *.visualwebsiteoptimizer.com *.amplighting.com amplighting.com voltlighting.com *.voltlighting.com www.facebook.com *.bc0a.com *.clarity.ms *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.lfeeder.com https://shop.pe *.shop.pe *.attn.tv events.attentivemobile.com *.hotjar.com https://google.com lb.eu-1-id5-sync.com id5-sync.com *.hotjar.io wss://*.hotjar.com *.blackcrow.ai https://bttrack.com *.authorize.net analytics.tiktok.com webchat.dotdigital.com webchat.staging.dotdigital.com connect.facebook.net graph.facebook.com business.facebook.com *.klevu.com *.kaptcha.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com google.com analytics.google.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.voltlighting.com/; report-to report-endpoint; 1 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.googleapis.com *.alothemes.com *.magepow.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com https://seo.mageplaza.com 'self' connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net www.facebook.com *.richcall.io *.getflowbox.com *.hotjar.com creativecdn.com *.cookiebot.com *.criteo.net *.criteo.com *.datatrics.com *.meubelo.nl *.multisafepay.com https://pay.google.com connect.facebook.net graph.facebook.com business.facebook.com js.mollie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com 'self' data: *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com www.apptrian.com *.cloudfront.net *.hipex.cloud *.bing.com *.cheqzone.com *.pinterest.com *.clarity.ms *.yahoo.com *.criteo.net *.criteo.com *.datatrics.com *.meubelo.nl *.multisafepay.com *.alothemes.com *.magepow.com connect.facebook.net graph.facebook.com business.facebook.com https://www.mollie.com ts.tradetracker.net www.magmodules.eu data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com www.apptrian.com *.richcall.io *.getflowbox.com *.cookiebot.com *.pinimg.com *.criteo.net *.hotjar.com *.zdassets.com *.bing.com *.cheqzone.com *.clarity.ms *.criteo.com *.datatrics.com unpkg.com *.unpkg.com *.adcalls.nl *.meubelo.nl 'self' data: *.multisafepay.com https://pay.google.com *.googleapis.com *.fontawesome.com *.avada.io *.alothemes.com *.magepow.com connect.facebook.net graph.facebook.com business.facebook.com js.mollie.com tm.tradetracker.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com *.multisafepay.com *.google.com *.alothemes.com *.magepow.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com *.zdassets.com *.meubelo.nl 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com www.facebook.com *.facebook.net *.google.com www.apptrian.com *.richcall.io *.getflowbox.com *.zendesk.com *.zdassets.com *.pinterest.com *.clarity.ms *.cheqzone.com *.hotjar.com *.zopim.com *.datatrics.com *.doubleclick.net *.adcalls.nl wss://widget-mediator.zopim.com/ *.meubelo.nl 'unsafe-inline' data: 'unsafe-inline' blob: *.multisafepay.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; child-src *.richcall.io *.getflowbox.com *.meubelo.nl http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 child-src blob:; frame-src ct.pinterest.com www.facebook.com vars.hotjar.com 8978011.fls.doubleclick.net player.vimeo.com td.doubleclick.net; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' pylotprod.mooseknucklescanada.com bam.nr-data.net www.googletagmanager.com js-agent.newrelic.com static.zdassets.com cdn.listrakbi.com connect.facebook.net ajax.googleapis.com s1.listrakbi.com mooseknucklescanada1654097205.zendesk.com at1.listrakbi.com *.yotpo.com script.hotjar.com static.doubleclick.net static.hotjar.com www.google-analytics.com www.youtube.com onsite-api.listrak.com mooseknuckles.attn.tv ct.pinterest.com maps.googleapis.com na-library.playground.klarnaservices.com www.gstatic.com www.recaptcha.net x.klarnacdn.net widget-mediator.zopim.com www.paypal.com player.vimeo.com sitegainer.com www.googleadservices.com googleads.g.doubleclick.net s.pinimg.com cdnjs.cloudflare.com na-library.klarnaservices.com bat.bing.com www.clarity.ms www.gstatic.cn www.google.ca www.google.com unpkg.zhimg.com cdn.mcfarland.cn v.mcfarland.cn show-3.mediav.com 1.safecdn01.com cdn.cqxcbb.cn www.paypalobjects.com tpc.googlesyndication.com ssl.google-analytics.com out.adyen.com bl.listrakbi.com cdn4.forter.com *.cdn4.forter.com t.contentsquare.net app.contentsquare.com 8978011.fls.doubleclick.net vars.hotjar.com www.facebook.com s.apprl.com cdn.noibu.com gtm.mooseknucklescanada.com analytics.tiktok.com onsite-api.listrakbi.com; worker-src blob: www.mooseknucklescanada.com; report-uri /.webscale/csp-report 1 object-src 'none';base-uri 'self';script-src 'nonce-FDbzU8vruwxIHH0AE8b1Lw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://cdn.syndication.twimg.com https://www.google-analytics.com https://www.googletagmanager.com https://siteimproveanalytics.com https://w.usabilla.com https://cdn.jsdelivr.net https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://platform.twitter.com https://cdn.syndication.twimg.com https://ton.twimg.com https://www.google-analytics.com https://www.googletagmanager.com https://siteimproveanalytics.com https://w.usabilla.com https://cdn.jsdelivr.net https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com; style-src 'self' 'unsafe-inline' https://platform.twitter.com https://ton.twimg.com https://w.usabilla.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri https://www.provincie-utrecht.nl/report-uri/reportOnly 1 font-src *.fontawesome.com *.gstatic.com https://fonts.gstatic.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.trustedshops.com *.typekit.net *.s3.amazonaws.com *.doogma.com https://sourpatchkids.com *.sourpatchkids.com *.onlinewebfonts.com http://db.onlinewebfonts.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.snapchat.com *.facebook.com *.bolt.com fonts.gstatic.com https://maxcdn.bootstrapcdn.com/ https://privacyportalde-cdn.onetrust.com/ 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.twitter.com *.snapchat.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.google.com *.twitter.com *.doubleclick.net *.snapchat.com *.sandbox.paypal.com *.kaptcha.com *.demdex.net *.sourpatchkids.com 'self' data: 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' 'unsafe-inline' www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com maps.gstatic.com *.cloudflare.com *.twitter.com www.google.com bid.g.doubleclick.net *.twimg.com *.usercentrics.eu *.lytics.io *.amazonaws.com *.klarna.com *.ytimg.com *.lightemporium.com *.google.co.in *.doogma.com *.doubleclick.net *.sourpatchkids.com https://sourpatchkids.com *.gstatic.com amasty.com *.aptrinsic.com storage.googleapis.com https://mageme.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com maps.googleapis.com *.google.com *.gstatic.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.doogma.com *.lytics.io *.tiktok.com *.amazonaws.com https://acsbap.com/apps/app/assets/js/acsb.js https://acsbapp.com/apps/app/assets/js/acsb.js https://ss.click2cart.com/assets/js/smartcart_min.js https://sc-static.net/scevent.min.js https://sc-static.net/js-sha256-v1.min.js https://cdne2im.doogma.com/smartmobile-v2/loader.js *.klaviyo.com 'self' 'unsafe-inline' https://www.googletagmanager.com tagmanager.google.com https://cdne2im.doogma.com/ https://www.googleoptimize.com/ https://www.mczbf.com/ https://tr.snapchat.com/ *.aptrinsic.com http://cdne2im.doogma.com/ https://privacyportalde-cdn.onetrust.com/ https://static.ads-twitter.com/ 'self' 'unsafe-eval' 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com https://static.klaviyo.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.trustedshops.com *.doogma.com *.lytics.io *.amazonaws.com *.usercentrics.eu *.typekit.net *.promo.eprize.com *.myfonts.net *.merkleinc.com *.onlinewebfonts.com tagmanager.google.com *.aptrinsic.com fonts.googleapis.com https://click2cart.co/ https://maxcdn.bootstrapcdn.com/ https://privacyportalde-cdn.onetrust.com/ 'self' 'unsafe-inline' 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.klaviyo.com/ *.doogma.com *.acsbapp.com *.doubleclick.net *.snapchat.com *.tiktok.com https://www.google-analytics.com https://www.mczbf.com/ *.aptrinsic.com https://click2cart.co/ https://sc-api.click2cart.com/ https://privacyportalde-cdn.onetrust.com/ https://privacyportal-de.onetrust.com/request/v1/privacyNotices/stats/views 'self' 'unsafe-inline' 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 base-uri 'self'; child-src 'self'; connect-src 'self' https://*.stickerapp.com https://j99h97vrz5.kameleoon.eu https://data.kameleoon.io https://checkoutshopper-live.adyen.com https://*.googletagmanager.com https://pagead2.googlesyndication.com https://*.google.com https://adservice.google.com https://*.adservice.google.com https://googleadservices.com https://*.googleadservices.com https://*.g.doubleclick.net https://*.analytics.google.com https://*.google-analytics.com https://fast.a.klaviyo.com https://a.klaviyo.com https://static-forms.klaviyo.com https://stats.g.doubleclick.net https://node.fileapp.io https://tools.fileapp.io https://www.paypal.com https://www.facebook.com https://d6ce0no7ktiq.cloudfront.net https://translate.googleapis.com https://bat.bing.com https://analytics.tiktok.com https://px.ads.linkedin.com https://script.crazyegg.com https://assets-tracking.crazyegg.com https://tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://analytics.stickerapp.se https://analytics.stickerapp.dk https://analytics.stickerapp.co.uk https://analytics.stickerapp.de https://analytics.stickerapp.no https://analytics.stickerapp.nl https://analytics.stickerapp.fi https://analytics.stickerapp.com https://analytics.stickerapp.it https://analytics.stickerapp.fr https://analytics.stickerapp.jp https://analytics.stickerapp.es https://analytics.stickerapp.pt https://analytics.stickerapp.pl; default-src 'self'; font-src 'self' https://d6ce0no7ktiq.cloudfront.net https://use.typekit.net https://fonts.gstatic.com https://static.klaviyo.com https://cdnjs.cloudflare.com 'self' data:; form-action 'self' https://checkoutshopper-live.adyen.com https://www.facebook.com; frame-src https://www.youtube.com https://www.google.com https://www.gstatic.com https://player.vimeo.com https://www.googletagmanager.com https://td.doubleclick.net https://bid.g.doubleclick.net https://checkoutshopper-live.adyen.com https://www.paypal.com https://www.paypalobjects.com https://www.facebook.com; img-src 'self' data: https://*.stickerapp.com https://s3-eu-west-1.amazonaws.com https://s3.eu-west-1.amazonaws.com https://d6ce0no7ktiq.cloudfront.net https://checkoutshopper-live.adyen.com https://fileapp-eu-north-1.s3.eu-north-1.amazonaws.com https://fileapp-eu-central-1.s3.eu-central-1.amazonaws.com https://fileapp-us-east-1.s3.us-east-1.amazonaws.com https://fileapp-us-west-1.s3.us-west-1.amazonaws.com https://fileapp-ap-southeast-2.s3.ap-southeast-2.amazonaws.com https://fileapp-ap-northeast-1.s3.ap-northeast-1.amazonaws.com https://www.google.se https://www.paypalobjects.com https://t.paypal.com https://www.googleadservices.com https://www.facebook.com https://*.googlesyndication.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://google.com https://*.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://connect.facebook.net https://i.ytimg.com https://translate.googleapis.com https://bat.bing.com https://px.ads.linkedin.com https://d3k81ch9hvuctc.cloudfront.net https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://analytics.stickerapp.se https://analytics.stickerapp.dk https://analytics.stickerapp.co.uk https://analytics.stickerapp.de https://analytics.stickerapp.no https://analytics.stickerapp.nl https://analytics.stickerapp.fi https://analytics.stickerapp.com https://analytics.stickerapp.it https://analytics.stickerapp.fr https://analytics.stickerapp.jp https://analytics.stickerapp.es https://analytics.stickerapp.pt https://analytics.stickerapp.pl; object-src 'self'; script-src 'self' self 'unsafe-inline' 'unsafe-eval' https://j99h97vrz5.kameleoon.eu https://www.google.com https://www.gstatic.com https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://d6ce0no7ktiq.cloudfront.net https://static.klaviyo.com https://static-tracking.klaviyo.com https://googleads.g.doubleclick.net https://www.paypal.com https://www.googleadservices.com https://connect.facebook.net https://pagead2.googlesyndication.com https://www.paypalobjects.com https://translate-pa.googleapis.com https://www.google-analytics.com https://bat.bing.com https://www.dwin1.com https://snap.licdn.com https://script.crazyegg.com https://analytics.tiktok.com; style-src 'self' self 'unsafe-inline' https://p.typekit.net https://use.typekit.net https://fonts.googleapis.com https://googletagmanager.com https://tagmanager.google.com https://static-tracking.klaviyo.com https://static.klaviyo.com https://www.gstatic.com; report-uri https://api.stickerapp.com/log/csp_report; 1 font-src *.typography.com *.listrakbi.com *.espssl.com/ *.livechatinc.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.livechatinc.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.bing.com *.google.com *.facebook.com *.kaptcha.com *.criteo.com *.criteo.net *.doubleclick.net *.trustpilot.com *.livechatinc.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io store.paradoxlabs.com *.bing.com *.google.com *.facebook.com *.listrakbi.com *.stickyadstv.com *.criteo.com *.tapad.com *.pubmatic.com *.bidswitch.net *.revcontent.com *.addthis.com *.clmbtech.com *.smaato.net *.smartadserver.com *.liadm.com *.postrelease.com *.tremorhub.com *.emxdgt.com *.taboola.com *.sharethrough.com *.360yield.com *.mediavine.com *.yieldmo.com *.outbrain.com *.3lift.com *.media.net *.casalemedia.com *.teads.tv *.adnxs.com *.turn.com pippio.com *.rlcdn.com *.agkn.com *.company-target.com *.bluekai.com *.krxd.net *.rubiconproject.com *.opera.com *.yahoo.com *.jivox.com *.doubleclick.net *.1rx.io *.adsymptotic.com *.nextdoor.com *.tpmn.co.kr *.mediawallahscript.com *.adscale.de *.yieldlab.net *.socdm.com *.omnitagjs.com *.ivitrack.com *.contextweb.com *.rqtrk.eu *.livechatinc.com *.hdis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typography.com *.ywxi.net *.trustpilot.com *.googletagmanager.com *.google-analytics.com *.bing.com *.kaptcha.com *.pepperjam.com *.listrakbi.com *.criteo.com *.criteo.net *.facebook.net *.doubleclick.net *.nextdoor.com *.clarity.ms *.livechatinc.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.typography.com *.listrakbi.com *.espssl.com/ *.livechatinc.com *.hdis.com maxcdn.bootstrapcdn.com unsafe-inline *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.livechatinc.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazonaws.com *.kaptcha.com *.listrakbi.com *.listrak.com *.doubleclick.net *.criteo.com *.google-analytics.com *.clarity.ms *.facebook.com *.livechatinc.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com t.elasticsuite.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com accounts.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com accounts.google.com https://accounts.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com accounts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com accounts.google.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.googleapis.com *.gstatic.com *.livechatinc.com email.filmtools.com *.contivio.com *.akamaized.net use.fontawesome.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://www.shopperapproved.com *.facebook.com email.filmtools.com *.punchout2go.com *.tradecentric.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ https://static.addtoany.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.affirm.com *.affirm.ca *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.google.com *.facebook.com *.eventbrite.com docs.google.com *.livechatinc.com email.filmtools.com *.weltpixel.com *.punchout2go.com *.tradecentric.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.affirm.com *.affirm.ca *.trackedlink.net https://www.shopperapproved.com *.payments-amazon.com *.amazon-adsystem.com *.filmtools.com *.facebook.net *.facebook.com maps.googleapis.com maps.gstatic.com *.zmags.com bam.nr-data.net email.filmtools.com *.contivio.com *.shopperapproved.com *.answerbase.com assets.instantsearchplus.com ping-dot-acp-magento.appspot.com *.akamaized.net *.instantsearchplus.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.addtoany.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.affirm.com *.affirm.ca *.acp-magento.appspot.com *.akamaized.net *.instantsearchplus.com *.fastsimon.com fastsimon-grid.akamaized.net *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://www.shopperapproved.com https://direct.shopperapproved.com *.livechatinc.com connect.facebook.net *.eventbrite.com *.zmags.com bam.nr-data.net email.filmtools.com *.contivio.com *.shopperapproved.com *.answerbase.com acp-magento.appspot.com ping-dot-acp-magento.appspot.com https://unpkg.com *.punchout2go.com *.tradecentric.com https://www.googletagmanager.com tagmanager.google.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.zmags.com email.filmtools.com *.contivio.com *.shopperapproved.com *.answerbase.com *.akamaized.net *.fastsimon.com use.fontawesome.com *.punchout2go.com *.tradecentric.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.livechatinc.com email.filmtools.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com https://stats.addtoany.com/menu api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.affirm.com *.affirm.ca *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.doubleclick.net maps.googleapis.com *.zmags.com bam.nr-data.net *.livechatinc.com email.filmtools.com *.shopperapproved.com *.answerbase.com *.akamaized.net *.fastsimon.com https://www.google-analytics.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self'; font-src 'self' data:; img-src 'self' data:; script-src 'self'; style-src 'self'; report-uri https://teratorium.uriports.com/reports/report; report-to default 1 script-src 'self' 'unsafe-eval' 'unsafe-inline' *.benjaminairguns.com *.centerpointarchery.com *.cloudflare.com *.cloudmaestro.com *.crosman.com *.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.sezzle.com *.youtube.com acsbapp.com cdn.cookielaw.org cdn.jsdelivr.net cdn.sitesearch360.com cloudflare.com code.jquery.com fontawesome.com forms.hsforms.com googleapis.com jquery.com js.hsforms.net jsdelivr.net jstest.authorize.net kit.fontawesome.com mczbf.com unpkg.com www.googlecommerce.com www.gstatic.com www.mczbf.com js.sitesearch360.com js.hs-scripts.com js.hsleadflows.net js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net googleads.g.doubleclick.net js.hsadspixel.net static.hotjar.com c1.rfihub.net script.hotjar.com *.clarity.ms bat.bing.com *.ravincrossbows.com js.usemessages.com js.authorize.net plugins.experticity.com *.googlesyndication.com *.vimeo.com stockist.co ravincrossbows.com www.ravincrossbows.com *.elfsight.com widget.tagembed.com *.helloextend.com *.sharethis.com js.smct.io smct.co cdn.ckeditor.com *.envolvetech.com *.googlecommerce.com *.tiktok.com *.iubenda.com *.stamped.io *.tailwindcss.com *.mountain.com vimeo.com *.klaviyo.com *.incontact.com home-c9.incontact.com *.redditstatic.com js.smct.co delivery.gettopple.com static.klaviyo.com static-tracking.klaviyo.com facebook.com; style-src 'self' 'unsafe-inline' *.benjaminairguns.com *.centerpointarchery.com *.crosman.com *.googleapis.com *.sezzle.com acsbapp.com cdn.cookielaw.org cdn.jsdelivr.net forms.hsforms.com js.hsforms.net jstest.authorize.net mczbf.com unpkg.com www.mczbf.com cdn.sitesearch360.com *.typekit.net js.sitesearch360.com js.hs-scripts.com js.hsleadflows.net js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net googleads.g.doubleclick.net js.hsadspixel.net static.hotjar.com c1.rfihub.net script.hotjar.com *.clarity.ms bat.bing.com *.ravincrossbows.com ravincrossbows.com www.ravincrossbows.com *.bootstrapcdn.com *.stamped.io *.smct.io *.tailwindcss.com vimeo.com *.klaviyo.com cdn.ckeditor.com; report-uri /.webscale/csp-report 1 object-src 'none';base-uri 'self';script-src 'nonce-NxdPtb4Utn6mXOLmUmWVnA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'unsafe-eval' 'unsafe-inline' blob blob: data: https: wss:; block-all-mixed-content; report-uri /csp.php?h=f743080d&v=4 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.gstatic.com *.facebook.net www.cartaoriocard.com.br *.googleapis.com ssl.google-analytics.com newassets.hcaptcha.com *.doubleclick.net www.riocard.com cdn.cookielaw.org analytics.google.com www.googletagmanager.com s3.amazonaws.com www.google.com riocard-crr-5339.twil.io adservice.google.com *.riocardmais.com.br *.licdn.com use.typekit.net www.google.com.br *.linkedin.com www.youtube.com *.onetrust.com www.google-analytics.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 default-src 'self'; connect-src 'self' *.chase.com cdn.cookielaw.org geolocation.onetrust.com *.google-analytics.com static.chasecdn.com analytics.google.com; font-src 'self' data: fonts.gstatic.com static.chasecdn.com www.chase.com use.typekit.net; frame-src 'self' www.youtube.com platform.twitter.com player.vimeo.com; img-src 'self' blob: data: frosch.com cdn.cookielaw.org *.google-analytics.com www.googletagmanager.com i.ytimg.com *.bp.blogspot.com *.googleusercontent.com; media-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org www.chase.com www.google.com www.googletagmanager.com; script-src-elem 'self' 'unsafe-inline' cdn.cookielaw.org www.chase.com www.google.com *.google-analytics.com www.googletagmanager.com ajax.googleapis.com cdnjs.cloudflare.com connect.facebook.net platform.twitter.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.cookielaw.org www.chase.com www.google.com www.googletagmanager.com; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com p.typekit.net; worker-src blob:; report-uri https://www.frosch.com/collector.php 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: browser-update.org share.transistor.fm scor.matomo.cloud a.tile.openstreetmap.org www.youtube.com b.tile.openstreetmap.org c.tile.openstreetmap.org ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 img-src https://higherlogicdownload.s3.amazonaws.com/AAPOS/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AAPOS/ https://img.youtube.com/vi/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/AAPOS/ https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ fonts.googleapis.com https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AAPOS/ https://higherlogicdownload.s3.amazonaws.com/AAPOS/ https://higherlogiclongterm.s3.amazonaws.com/AAPOS/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ higherlogiccloudfront.s3.amazonaws.com fonts.googleapis.com https://higherlogicdownload.s3.amazonaws.com/AAPOS/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AAPOS/ 'self' https://higherlogiclongterm.s3.amazonaws.com/AAPOS/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; media-src https://higherlogiclongterm.s3.amazonaws.com/AAPOS/ https://higherlogicdownload.s3.amazonaws.com/AAPOS/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AAPOS/ https://higherlogicstream.s3.amazonaws.com/AAPOS/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/AAPOS/ https://higherlogicdownload.s3.amazonaws.com/AAPOS/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d132x6oi8ychic.cloudfront.net cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AAPOS/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; script-src-elem https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d3uf7shreuzboy.cloudfront.net/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; worker-src 'self'; frame-src https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; default-src 'self'; base-uri 'self'; connect-src 'self' hl-managedservices.informz.net; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 1 default-src https: wss://ws.tsarvar.com; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 1 font-src fonts.gstatic.com use.typekit.net https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.cloudflare.com fonts.googleapis.com cl.avis-verifies.com https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2 https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.ttf *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com v2.zopim.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.bolt.com https://www.google.com/recaptcha/ *.pagaleve.io *.pagaleve.com.br gum.criteo.com static.criteo.net *.google.com vars.hotjar.com www.facebook.com platform.twitter.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.gstatic.com *.pagaleve.com.br *.cloudflare.com s3.amazonaws.com v2.zopim.com static.bringit.com.br www.facebook.com px.ads.linkedin.com *.ads.linkedin.com www.google.com.br p.adsymptotic.com forms.hsforms.com track.hubspot.com *.paypal.com https://s.ytimg.com via.placeholder.com newimgebit-a.akamaihd.net api.siteblindado.com cl.avis-verifies.com cm.everesttech.net bat.bing.com x.bidswitch.net cm.g.doubleclick.net ib.adnxs.com r.casalemedia.com ad.360yield.com contextual.media.net exchange.mediavine.com sync.outbrain.com simage2.pubmatic.com pixel.rubiconproject.com dis.criteo.com criteo-sync.teads.tv gum.criteo.com criteo-partners.tremorhub.com sync-criteo.ads.yieldmo.com usersync.octillion.tv match.sharethrough.com rtb-csync.smartadserver.com sync-t1.taboola.com eb2.3lift.com ups.analytics.yahoo.com ad.yieldlab.net tg.socdm.com visitor.omnitagjs.com ads.stickyadstv.com matching.ivitrack.com c.bing.com trends.revcontent.com s.ad.smaato.net ade.clmbtech.com tags.bluekai.com accounts.google.com www.mercadolivre.com www.bringit.com.br conectiva.io pinterest.com assets.pinterest.com syndication.twitter.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com tagmanager.google.com https://www.googletagmanager.com *.pagaleve.com.br *.cloudflare.com static.bringit.com.br static.criteo.net snap.licdn.com www.dwin1.com tag.rmp.rakuten.com js.hs-scripts.com/ *.onesignal.com imgs.ebit.com.br selo.siteblindado.com *.google.com static.zdassets.com googletagmanager.com v2.zopim.com d10lpsik1i8c69.cloudfront.net s3.amazonaws.com js.hscollectedforms.net js.hs-banner.com cdn.onesignal.com onesignal.com js.hsadspixel.net js.hs-analytics.net js-agent.newrelic.com bam.nr-data.net g2w.cloudnexcore.com.br g2w.cloudnexcore.com.br:3002/nchatsdk.js bat.bing.com static.hotjar.com script.hotjar.com *.gstatic.com sslwidget.criteo.com device.clearsale.com.br *.cartstack.com.br conectiva.io *.demoup.com *.avada.io connect.facebook.net twitter.com platform.twitter.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.cloudflare.com static.bringit.com.br snap.licdn.com www.dwin1.com tag.rmp.rakuten.com js.hs-scripts.com/ onesignal.com googleads.g.doubleclick.net www.google-analytics.com imgs.ebit.com.br selo.siteblindado.com static.zdassets.com googletagmanager.com v2.zopim.com d10lpsik1i8c69.cloudfront.net s3.amazonaws.com js.hscollectedforms.net js.hs-banner.com cdn.onesignal.com js.hsadspixel.net js.hs-analytics.net js-agent.newrelic.com *.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css https://cdn.jsdelivr.net *.fontawesome.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com static.zdassets.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com static.bringit.com.br 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net *.bolt.com qa-api.magedevteam.com https://www.google-analytics.com *.cloudflare.com static.bringit.com.br iosite.reclameaqui.com.br ekr.zdassets.com *.zopim.com widget-mediator.zopim.com settings.luckyorange.net stats.g.doubleclick.net forms.hubspot.com api.hubapi.com awsapis3.netreviews.eu *.paypal.com bam.nr-data.net *.mercadolibre.com in.hotjar.com api.performa.ai *.siteblindado.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com https://apisandbox.cieloecommerce.cielo.com.br/ https://apiquerysandbox.cieloecommerce.cielo.com.br/ https://api.cieloecommerce.cielo.com.br/ https://apiquery.cieloecommerce.cielo.com.br/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-XEhYzoeDZLhr-e7aL4oQ2A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-JsYx1x14OmnMGhztlTLE_A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-GfyCSstd1x6J4qxL7RGIug' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-HldjN7WYWG6oUmgnaTyTQg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self'; img-src 'self' ddvadk8a7qlv6.cloudfront.net d3dznqlyykxbqi.cloudfront.net d14bnm3v6f1aqe.cloudfront.net res.cloudinary.com data: *.google.com www.google-analytics.com www.facebook.com www.google.co.uk bam-cell.nr-data.net www.googletagmanager.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' minnesota-orchestra.s3.eu-west-1.amazonaws.com ddvadk8a7qlv6.cloudfront.net d3dznqlyykxbqi.cloudfront.net *.ximasoftware.com my.minnesotaorchestra.org *.googletagmanager.com *.amazonaws.com *.newrelic.com www.googleadservices.com googleads.g.doubleclick.net www.google-analytics.com connect.facebook.net bam-cell.nr-data.net www.google.com/pagead/conversion_async.js; script-src-elem 'self' 'unsafe-inline' *.gstatic.com *.nr-data.net *.google.com minnesota-orchestra.s3.eu-west-1.amazonaws.com ddvadk8a7qlv6.cloudfront.net d3dznqlyykxbqi.cloudfront.net *.ximasoftware.com *.googletagmanager.com *.amazonaws.com *.newrelic.com www.googleadservices.com googleads.g.doubleclick.net www.google-analytics.com connect.facebook.net bam-cell.nr-data.net my.minnesotaorchestra.org; style-src 'self' 'unsafe-inline' *.typekit.net *.ximasoftware.com minnesota-orchestra.s3.eu-west-1.amazonaws.com ddvadk8a7qlv6.cloudfront.net d3dznqlyykxbqi.cloudfront.net d14bnm3v6f1aqe.cloudfront.net; style-src-elem 'self' 'unsafe-inline' *.typekit.net *.ximasoftware.com minnesota-orchestra.s3.eu-west-1.amazonaws.com ddvadk8a7qlv6.cloudfront.net d3dznqlyykxbqi.cloudfront.net d14bnm3v6f1aqe.cloudfront.net; font-src 'self' *.typekit.net minnesota-orchestra.s3.eu-west-1.amazonaws.com ddvadk8a7qlv6.cloudfront.net d3dznqlyykxbqi.cloudfront.net d14bnm3v6f1aqe.cloudfront.net; connect-src 'self' sqs.us-east-1.amazonaws.com *.google-analytics.com my.minnesotaorchestra.org api.swiftype.com *.ximasoftware.com analytics.google.com bam-cell.nr-data.net bam.nr-data.net *.doubleclick.net www.google-analytics.com www.facebook.com; media-src 'self' *.ximasoftware.com; frame-src 'self' *.google.com *.doubleclick.net open.spotify.com; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.googleapis.com *.facebook.net www.googletagmanager.com *.gstatic.com region1.google-analytics.com *.cne.gob.ec www.google-analytics.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 object-src 'none';base-uri 'self';script-src 'nonce-tyIFxqE-Mf517hmeQtUGTg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.co.uk www.google.com www.google.com.co playerserver.walkme.com service.maxymiser.net dc.services.visualstudio.com region1.analytics.google.com cdn.walkme.com www.google.com.ph www.google.es www.google.com.do customer.experience.cemex.com *.hotjar.com ec.walkme.com www.google.com.pa cemex.count.ly c.contentsquare.net www.google-analytics.com conf.rollout.io img04.en25.com www.google.ae *.facebook.com *.doubleclick.net www.google.pl ec-playback.walkme.com *.bluekai.com jqtmdiy716.execute-api.us-east-1.amazonaws.com *.eloqua.com cdn.agentbot.net papi.walkme.com conversation-user.aivo.co *.azure-api.net count.personyze.com cdn.personyze.com sentry.aivo.co csxd.contentsquare.net *.gstatic.com agentcore.s3.amazonaws.com *.googleapis.com *.qualtrics.com gateway.zscalertwo.net counter.personyze.com counter2.personyze.com statestore.rollout.io s3.amazonaws.com www.google.de analytics.google.com analytic.rollout.io adapter.aivo.co www.google.com.mx www.google.com.gt www.google.com.pe wss://api.cobrowse.io *.dynatrace.com *.linkedin.com www.google.fr *.facebook.net tags.bkrtx.com push.rollout.io www.googletagmanager.com content.hotjar.io cdn.jsdelivr.net *.licdn.com t.contentsquare.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 object-src 'none';base-uri 'self';script-src 'nonce-gpb1U3Z96QV9no787Su9PA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.googleapis.com *.gstatic.com data: https://static.lyra.com/static/ *.fontawesome.com *.stamped.io 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://secure.lyra.com/vads-payment/ https://api.lyra.com/api-payment/ https://static.lyra.com/static/ www.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com https://secure.lyra.com/vads-payment/ https://static.lyra.com/static/ https://www.googletagmanager.com/ www.youtube.com *.livechatinc.com *.paypal.com pay.google.com *.braintreegateway.com *.kaptcha.com www.paypalobjects.com *.affirm.com www.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.gstatic.com *.googleapis.com https://secure.lyra.com/static/latest/images/type-carte/ https://static.lyra.com/static/ https://secure.lyra.com/vads-payment/ data: http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ maps.googleapis.com maps.gstatic.com www.facebook.com *.cloudfront.net *.googleusercontent.com *.gstatic.com *.stamped.io *.paypal.com *.amazonaws.com *.userway.org verify.authorize.net scontent.cdninstagram.com *.affirm.com *.routeapp.io *.avis-verifies.com *.groupe-samse.fr *.samse.fr *.cartocdn.com *.nr-data.net axeptio.imgix.net img.tokywoky.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com f.vimeocdn.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.polyfill.io *.googleapis.com www.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://browser.sentry-cdn.com https://api.lyra.com/api-payment/ https://static.lyra.com/static/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ maps.googleapis.com maps.gstatic.com connect.facebook.net *.google.com http://translate.google.com translate.googleapis.com includes.ccdc02.com static.zdassets.com cdn.inspectlet.com *.stamped.io *.livechatinc.com *.userway.org *.paypal.com pay.google.com www.klarnapayments.com *.affirm.com *.routeapp.io *.gstatic.com js-agent.newrelic.com *.nr-data.net static.axept.io api.ipify.org *.vo.msecnd.net cdnjs.cloudflare.com *.hotjar.com polyfill.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.lyra.com/static/ *.fontawesome.com *.googleapis.com *.stamped.io www.klarnapayments.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.googleapis.com https://*.ingest.sentry.io https://secure.lyra.com/vads-payment/ https://api.lyra.com/api-payment/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.paypal.com *.authorize.net ekr.zdassets.com *.zendesk.com wss://widget-mediator.zopim.com hn.inspectlet.com stamped.io *.braintree-api.com *.braintreegateway.com www.paypalobjects.com *.livechatinc.com *.userway.org graph.instagram.com *.affirm.com *.route.com t.elasticsuite.io *.google-analytics.com *.nr-data.net client.axept.io api.axept.io www.facebook.com graph.facebook.com api-adresse.data.gouv.fr 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://secure.lyra.com/vads-payment/ https://api.lyra.com/api-payment/ https://static.lyra.com/static/ *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-n-0kekUUTL4DwSZXswsjxg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' https: ; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' ; script-src-elem 'self' https: 'unsafe-inline' 'unsafe-eval' ; style-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data: ; form-action 'self' https: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https: wss://*.decibelinsight.net:* wss://ubot.care/* 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob: ; 1 object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-hashes' 'report-sample' *.hubo.nl www.googletagmanager.com cdn.speedcurve.com *.cloudflareinsights.com *.cookiebot.eu *.bing.com *.licdn.com *.datatrics.com *.mouseflow.com *.adcrowd.com *.clarity.ms https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; report-uri https://www.hubo.nl/report-uri/reportOnly 1 default-src 'none'; block-all-mixed-content; child-src vars.hotjar.com; connect-src 'self' api.foyer.lu www.foyer.lu analytics.foyer.lu saf-api.foyer.lu stats.g.doubleclick.net googleads.g.doubleclick.net www.googletagmanager.com www.google-analytics.com *.analytics.google.com analytics.google.com ssl.google-analytics.com adservice.google.com www.google.com maps.googleapis.com pagead2.googlesyndication.com api.iadvize.com halc.iadvize.com static.iadvize.com www.facebook.com consentcdn.cookiebot.com *.hotjar.com:* vc.hotjar.io:* surveystats.hotjar.io wss://*.hotjar.com; font-src 'self' data: static.foyer.lu fonts.gstatic.com use.fontawesome.com; frame-src 'self' halc.iadvize.com www.google.com www.googletagmanager.com www.facebook.com www.youtube.com vars.hotjar.com consentcdn.cookiebot.com; img-src 'self' data: *; manifest-src 'self'; media-src 'self' data:; object-src www.foyer.lu www.cmpli.lu; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: analytics.foyer.lu www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com maps.googleapis.com developers.google.com translate.googleapis.com www.googleoptimize.com stats.g.doubleclick.net translate.googleapis.com opt-out.ferank.eu code.jquery.com tarteaucitron.io halc.iadvize.com static.iadvize.com npmcdn.com cdn.jsdelivr.net static.cdn.prismic.io tarteaucitron.io track.adform.net connect.facebook.net snap.licdn.com s2.adform.net actorssl-5637.kxcdn.com halc.iadvize.com consent.cookiebot.com consentcdn.cookiebot.com script.hotjar.com static.hotjar.com platform.twitter.com cdnjs.cloudflare.com ajax.googleapis.com cdn.svgator.com; style-src 'unsafe-inline' 'self' static.foyer.lu fonts.googleapis.com translate.googleapis.com cdn.jsdelivr.net opt-out.ferank.eu tarteaucitron.io cdn.jsdelivr.net platform.twitter.com; worker-src 'self'; report-uri https://api.foyer.lu/sentry/api/237/security/?sentry_key=29cea24f640d436fa4430bc6d0195cb9&sentry_environment=ir-CSP-php-p&sentry_release=1.0.19; 1 font-src *.googleapis.com *.gstatic.com data: *.bglobale.com *.global-e.com *.typekit.net *.typenetwork.com *.fontawesome.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com *.bglobale.com *.global-e.com *.abtasty.com *.abstasty.net csxd.izipizi.com *.cloudfront.net *.criteo.com *.criteo.net *.facebook.com *.facebook.net *.salecycle.com *.salecycle.net *.tiktok.com *.tiktok.net secure-gateway.hipay-tpp.com *.hipay.com www.youtube.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io camo.githubusercontent.com *.gstatic.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.bglobale.com *.global-e.com *.3lift.com *.360yield.com *.adform.com *.adnxs.com *.assets.sc-trc.com *.nr-data.net *.bing.com *.bidswitch.net *.casalemedia.com *.clarity.ms *.contentsquare.net *.criteo.com *.doubleclick.com *.doubleclick.net *.facebook.com *.facebook.net *.ivitrack.com *.izipizi.com *.krxd.net *.media.net *.mediavine.com *.omnitagjs.com *.outbrain.com *.pubmatic.com *.salecycle.com *.sharethrough.com *.smartadserver.com *.splio3.fr *.taboola.com *.teads.com *.teads.tv *.thebrighttag.com *.tiktok.com *.tiktok.net *.tremorhub.com *.vo.msecnd.net.com *.yahoo.com *.yieldlab.net *.yieldmo.com *.rubiconproject.com *.adform.net *.sync.com *.emxdgt.com *.adobedtm.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.google.fr https://api.mapbox.com *.tile.openstreetmap.org https://maps.googleapis.com https://maps.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.bglobale.com *.global-e.com *.abtasty.com *.abstasty.net acsbapp.com *.beyable.com *.bing.com *.clarity.ms *.criteo.com *.criteo.net *.contentsquare.com *.privacy-center.org *.doubleclick.net *.elitrack.com *.facebook.com *.facebook.net *.fittingbox.com *.fittingbox.net *.hotjar.com *.jquery.com *.msecnd.net *.salecycle.com *.salecycle.net t.contentsquare.net *.tiktok.com *.vimeo.com *.tiktok.net *.windows.net *.zdasets.com secure-gateway.hipay-tpp.com *.hipay.com mpsnare.iesnare.com www.youtube.com player.vimeo.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://cdnjs.cloudflare.com https://maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.bglobale.com *.global-e.com *.typekit.net *.zdassets.com *.typenetwork.com *.hipay.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com data: mpsnare.iesnare.com *.amazonaws.com *.googleapis.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.abtasty.com *.abstasty.net *.acsbapp.com bat.bing.com *.bing.com *.clarity.ms *.contentsquare.net *.criteo.com *.criteo.net *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.google.fr *.google-analytics.com *.googlesyndication.com *.hotjar.io *.izipizi.com *.privacy-center.org *.salecycle.com wss://ws.salecycle.com *.sentry.io *.tiktok.com *.tiktok.net *.vimeo.com *.windows.net *.zdassets.com *.zendesk.com *.zopim.com *.hipay.com wss://mpsnare.iesnare.com cdn.plyr.io noembed.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://nominatim.openstreetmap.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com maps.googleapis.com 'self' 'unsafe-inline'; child-src blob: assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src data: 'self' 'unsafe-inline' 'unsafe-eval' 735-rtx-941.mktoresp.com 735-rtx-941.mktoutil.com abrtp2.marketo.com abrtp2-cdn.marketo.com app-ab42.marketo.com rtp-static.marketo.com munchkin.marketo.net app.addsearch.com addsearch.com adservice.google.com maxcdn.bootstrapcdn.com a.clarity.ms b.clarity.ms c.clarity.ms d.clarity.ms e.clarity.ms f.clarity.ms g.clarity.ms h.clarity.ms i.clarity.ms j.clarity.ms k.clarity.ms l.clarity.ms m.clarity.ms n.clarity.ms o.clarity.ms p.clarity.ms q.clarity.ms r.clarity.ms s.clarity.ms t.clarity.ms u.clarity.ms v.clarity.ms w.clarity.ms x.clarity.ms y.clarity.ms z.clarity.ms www.clarity.ms bat.bing.com ajax.aspnetcdn.com ajax.googleapis.com translate.googleapis.com analytics.google.com www.google-analytics.com www.googletagmanager.com cdn.callrail.com js.callrail.com cdn01.basis.net code.jquery.com connect.facebook.net d.adroll.com s.adroll.com x.adroll.com *.deltadentalia.com fonts.googleapis.com googleads.g.doubleclick.net stats.g.doubleclick.net td.doubleclick.net pixel-a.basis.net pixel.sitescout.com px.ads.linkedin.com edge.quantserve.com secure.quantserve.com rules.quantcount.com pixel.quantcount.com snap.licdn.com s7.addthis.com secure.deltadentalia.com *.spinutech.com www.youtube.com static.cloudflareinsights.com test.secure.deltadentalia.com unpkg.com www.gstatic.com www.google.com www.google.ca www.google.co.in www.google.co.uk; img-src 'self' blob data: *.deltadentalia.com *.spinutech.com addsearch.com stats.addsearch.com stats.g.doubleclick.net ad.doubleclick.net pixel-a.basis.net pixel.sitescout.com bat.bing.com c.bing.com d.adroll.com s.adroll.com x.adroll.com a.clarity.ms b.clarity.ms c.clarity.ms d.clarity.ms e.clarity.ms f.clarity.ms g.clarity.ms h.clarity.ms i.clarity.ms j.clarity.ms k.clarity.ms l.clarity.ms m.clarity.ms n.clarity.ms o.clarity.ms p.clarity.ms q.clarity.ms r.clarity.ms s.clarity.ms t.clarity.ms u.clarity.ms v.clarity.ms w.clarity.ms x.clarity.ms y.clarity.ms z.clarity.ms www.clarity.ms clickserv.sitescout.com www.google-analytics.com translate.google.com www.facebook.com px.ads.linkedin.com px4.ads.linkedin.com pixel.quantserve.com fonts.gstatic.com www.googletagmanager.com www.google.com www.google.ca www.google.co.in www.google.co.uk; media-src 'self' data: s3.amazonaws.com; frame-ancestors 'self'; object-src 'none'; form-action 'self' accounts.google.com *.spinutech.com secure.deltadentalia.com test.secure.deltadentalia.com; font-src 'self' data: fonts.gstatic.com static.zip.co maxcdn.bootstrapcdn.com; base-uri 'self'; report-uri /csp/; 1 default-src 'self'; connect-src 'self' https://*.hotjar.com:* https://aggregator.service.usercentrics.eu https://analytics.tiktok.com https://api.omappapi.com https://api.trustpilot.com https://api.usercentrics.eu https://bat.bing.com https://ct.pinterest.com https://graphql.usercentrics.eu https://pagead2.googlesyndication.com https://services.ottonova.de https://ssl.google-analytics.com https://sst.ottonova.de https://stats.g.doubleclick.net https://*.hotjar.io https://trc-events.taboola.com https://www.google-analytics.com wss://*.hotjar.com; font-src 'self' data: https://fonts.gstatic.com https://script.hotjar.com; frame-src 'self' https://gum.criteo.com https://hal9000.redintelligence.net https://static.criteo.net https://tr.snapchat.com https://www.awin1.com https://vars.hotjar.com https://www.youtube.com; img-src 'self' data: https:; script-src 'self' 'nonce-89c9d302ce58b7a773801032a080000d' 'unsafe-eval' 'report-sample' 'strict-dynamic'; style-src 'self' 'unsafe-inline' 'report-sample' https://fonts.googleapis.com; base-uri 'none'; report-uri https://ottonova.report-uri.com/r/d/csp/reportOnly 1 object-src 'none';base-uri 'self';script-src 'nonce-eCe-TKXb5bzLcRtfOC03eQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-HbLG0ZrTX9mbd3kbasy8jg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-59PYR1bJA1RoPCMfuLUcNw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-MduAVUgu9IOnkR6t49wvyg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-I1JALgepBC3l1-jz-xKb7Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-h9KaWwYVYCyc8mFUN4vGYg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-LbSzau7DWOkx92pkdhEXpw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-PMP9KbIAyCeCB1vqHmxUeg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-XASJnCVttQ9V6xoYNbexEg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-izLhyE8553gxJykZnNNowg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 upgrade-insecure-requests; sandbox allow-forms allow-modals allow-orientation-lock allow-popups allow-presentation allow-same-origin allow-scripts allow-top-navigation allow-top-navigation-by-user-activation; frame-ancestors 'self' chat.serverius.net *.youtube.com; style-src translate.googleapis.com 'report-sample' 'unsafe-inline' *.gstatic.com 'self' chat.serverius.net *.serverius.net translate.google.com *.youtube.com; default-src chat.serverius.net *.youtube.com; frame-src tel: mailto: 'self' chat.serverius.net *.youtube.com; media-src 'self' chat.serverius.net *.youtube.com; script-src-elem translate.googleapis.com 'report-sample' 'unsafe-inline' 'self' chat.serverius.net *.google-analytics.com *.serverius.net serverius.net translate.google.com; style-src-elem translate.googleapis.com 'report-sample' 'unsafe-inline' 'self' fonts.googleapis.com chat.serverius.net *.serverius.net translate.google.com; connect-src 'self' chat.serverius.net *.serverius.net *.wpforms.com *.youtube.com; font-src *.typekit.net *.gstatic.com 'self' fonts.googleapis.com chat.serverius.net data: *.serverius.net *.youtube.com; form-action 'self' chat.serverius.net; img-src telegram.org *.ytimg.com *.gstatic.com 'self' chat.serverius.net *.youtube.com data: *.serverius.net translate.google.com; script-src translate.googleapis.com 'report-sample' 'unsafe-inline' 'self' chat.serverius.net *.google-analytics.com *.serverius.net serverius.net translate.google.com 'unsafe-eval' *.youtube.com; base-uri 'self' chat.serverius.net *.youtube.com; report-uri /.well-known/csp/e5a0feaa-d6de-4d31-80f7-710621f76cc8 1 object-src 'none';base-uri 'self';script-src 'nonce-lWs0S3PFiJC4U-i2RpO7pA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-yVOZ02omPP-w0TK28l1mhw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-IWPsmdi3kBR8xne35CTyzg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-1MabMh4xT8exsW37eNZLGw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-1XmHKbgDW2Hv7DA3OEEtZA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' https: data: 'unsafe-inline'; frame-ancestors 'self'; base-uri 'none'; object-src 'none'; script-src 'self' 'nonce-ntdeJALz8NWAldrCawOLqbd1FpTikFPO' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https:;img-src 'self' data: https:; frame-src 'self' https:; connect-src https:; font-src https: data:; report-uri /_CSP/ 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: *.slachtofferhulp.nl apps.mypurecloud.com dhqbrvplips7x.cloudfront.net *.gstatic.com fonts.googleapis.com vimeo.com *.vimeo.com *.typekit.net *.hotjar.com wss://*.hotjar.com dc.services.visualstudio.com *.vo.msecnd.net www.googletagmanager.com *.google.com *.google.nl googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com;script-src 'nonce-JvnBO5uoy0eA1Z9cyTmePcSyXP6GmTnX0OSm/qNMvrM=' 'strict-dynamic' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-d32qvfTyej_vYa0FWgeJKQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' *.aswo.com *.euras.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.aswo.com *.euras.com https://player.vimeo.com https://cdn.loadbee.com ; style-src 'self' 'unsafe-inline' *.aswo.com *.euras.com ; img-src 'self' 'unsafe-inline' download-standby.aswo.com download.aswo.com *.aswo.com *.euras.com https://i.vimeocdn.com data: ; font-src 'self' 'unsafe-inline' *.aswo.com *.euras.com ; connect-src 'self' *.aswo.com *.euras.com https://availability.loadbee.com ; object-src 'self' 'unsafe-inline' *.aswo.com *.euras.com *.aswo.net ; frame-src 'self' *.aswo.com *.euras.com *.aswo.net https://player.vimeo.com https://service.loadbee.com ; child-src 'self' *.aswo.com *.euras.com *.aswo.net https://player.vimeo.com ; media-src https://vimeo.com ; report-uri /log881.php; 1 default-src 'self'; script-src https://assets.learn.groklearning-cdn.com 'nonce-cck0gXNl15DwtPNDvL9Wesd7' 'sha256-t93bEnpSQphNRjbA+eRvDn8nLMoPVYwxUs/hhTR2+Ms=' 'unsafe-hashes' https://groklearning.com https://vendor.learn.groklearning-cdn.com https://beacon-v2.helpscout.net https://d12wqas9hcki3z.cloudfront.net https://d33v4339jhl8k0.cloudfront.net connect.facebook.net https://snippet.maze.co/ https://pa.grokacademy.org https://mt.grokacademy.org https://wc.grokacademy.org https://www.google-analytics.com https://www.googletagmanager.com; style-src https://assets.learn.groklearning-cdn.com 'unsafe-inline' https://fonts.googleapis.com https://beacon-v2.helpscout.net https://djtflbt20bdde.cloudfront.net https://snippet.maze.co/ https://vendor.learn.groklearning-cdn.com; img-src 'self' data: https://groklearning-cdn.com https://wc.grokacademy.org https://assets.learn.groklearning-cdn.com https://oldpreview.comp.gl www.facebook.com web.facebook.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.paypal.com https://www.paypalobjects.com https://d33v4339jhl8k0.cloudfront.net https://beacon-v2.helpscout.net https://snippet.maze.co/ https://www.gravatar.com https://www.google.com.au/ads/ga-audiences https://www.google.com/ads/ga-audiences; connect-src 'self' https://groklearning-cdn.com https://wc.grokacademy.org https://assets.learn.groklearning-cdn.com wss://realtime.groklearning.com wss://dualsite-terminal.comp.gl wss://terminal.problemrunner.grokacademy.org wss://sandbox.comp.gl wss://*.sandbox.comp.gl https://*.sandbox.comp.gl https://dualsite-preview.comp.gl https://dualsite-preview.comp.gl https://www.google-analytics.com https://stats.g.doubleclick.net https://analytics.google.com https://sentry.groklearning.io https://beaconapi.helpscout.net https://chatapi.helpscout.net https://d3hb14vkzrxvla.cloudfront.net wss://*.pusher.com *.sumologic.com sentry.io https://docs.groklearning.io https://api.maze.co/ https://prompts.maze.co/ https://pa.grokacademy.org https://mt.grokacademy.org https://jspreadsheet.com/v8/formulas/g; font-src https://assets.learn.groklearning-cdn.com https://vendor.learn.groklearning-cdn.com data: https://fonts.gstatic.com https://snippet.maze.co/; object-src https://beacon-v2.helpscout.net; media-src https://assets.learn.groklearning-cdn.com https://groklearning-cdn.com https://wc.grokacademy.org https://beacon-v2.helpscout.net; frame-src 'self' https://vendor.learn.groklearning-cdn.com dualsite-cybersecurity.comp.gl dualsite-pxtmicrobit.comp.gl dualsite-scratch.comp.gl testing.vmviewer.fifthdomain.com.au https://beacon-v2.helpscout.net staticxx.facebook.com *.sandbox.comp.gl dualsite-preview.comp.gl *.dualsite-preview.comp.gl https://oldpreview.comp.gl; child-src 'self' dualsite-cybersecurity.comp.gl dualsite-pxtmicrobit.comp.gl dualsite-scratch.comp.gl testing.vmviewer.fifthdomain.com.au *.facebook.com; form-action 'self' https://www.paypal.com; base-uri https://docs.helpscout.com; report-uri /csp/report-violation/ 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: api.dqe.com *.facebook.com touchpoint-sdk.alida.com cdnjs.cloudflare.com www.googletagmanager.com webchat.duquesnelight.com www.google-analytics.com *.doubleclick.net dc.oracleinfinity.io use.typekit.net kendo.cdn.telerik.com rum-collector-2.pingdom.net cdn.cohesionapps.com api-touchpoint.na2.alida.com tools.applemediaservices.com *.azure.com *.gstatic.com accounts.google.com duq.opower.com p.typekit.net play.google.com rum-static.pingdom.net *.googleapis.com nextweb-static.opower.com www.google.com tags.w55c.net *.facebook.net static-content.opower.com dist-touchpoint.na2.alida.com dc.services.visualstudio.com adservice.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 default-src 'self' ; connect-src 'self' https://policy.app.cookieinformation.com ; form-action 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://policy.app.cookieinformation.com https://platform.twitter.com https://dl.episerver.net https://cdn.polyfill.io https://www.googletagmanager.com ;style-src 'self' 'unsafe-inline' ;frame-ancestors 'none';img-src 'self' data: https://pbs.twimg.com https://danskerhverv.imgix.net https://betadanskerhverv.imgix.net;frame-src https://policy.app.cookieinformation.com/ https://platform.twitter.com/ https://eu.video.ibm.com/ https://www.linkedin.com/;report-uri https://daer.report-uri.com/r/d/csp/wizard 1 font-src *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io store.paradoxlabs.com maps.gstatic.com *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.avada.io *.authorize.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com maps.googleapis.com *.yotpo.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.avada.io *.authorize.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 script-src 'nonce-bce296a65c72cf9c184ae7d8347ada2a' 'report-sample' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval'; frame-ancestors 'self' ; object-src 'none'; base-uri 'self'; report-uri https://www.melectronics.ch/jsapi/v1/de/log/csp 1 object-src 'none';base-uri 'self';script-src 'nonce-w5vHZRL-h2X7RTh9XrlmWg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' data: https://openam-densirona-euw3.id.forgerock.io https://*.dscore.com https://*.edge.dscore.com:8443 wss://*.edge.dscore.com:8443 wss://*.dscore.com https://*.share.dentsplysirona.com wss://*.share.dentsplysirona.com https://*.gstatic.com https://*.googleapis.com https://unpkg.com https://www.google-analytics.com https://*.googletagmanager.com https://www.datadoghq-browser-agent.com https://*.datadoghq.eu https://i.ytimg.com https://www.youtube.com https://static.zuora.com https://na.zuora.com https://cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' http://localhost:52090/; 1 frame-ancestors 'self'; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub141debbb5c4dc4c0034c0aedd3e2f56c&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:production 1 object-src 'none'; script-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com https://cse.google.com https://js.hsforms.net https://rebilly.github.io https://use.fontawesome.com https://ws.sharethis.com platform.instagram.com platform.twitter.com; script-src-attr 'self'; style-src 'self' https://cloud.typography.com https://use.fontawesome.com; style-src-attr 'self'; frame-ancestors 'self' 1 base-uri 'none'; style-src 'report-sample' 'self' 'unsafe-inline' ; style-src-elem 'report-sample' 'self' 'nonce-8a9e3111-87' 'sha256-h71+pLfB+YklIcSjqmEwoF2NvObYguzCHD8X0nPQsDc=' ; object-src 'self'; img-src 'self' *.regenwald.org data: ; connect-src 'self' ; block-all-mixed-content; report-uri /csp-violation-report/8a9e3111-87 1 child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://wb.messengerpeople.com https://static.criteo.net https://*.criteo.com https://tpc.googlesyndication.com https://www.zenaps.com https://ct.pinterest.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com https://tr6.snapchat.com https://www.pinterest.com blob: https://*.abtasty.com https://app.qubit.com https://*.attn.tv; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://analytics.tiktok.com https://*.google.com https://*.google.co.uk https://tr.snapchat.com https://*.contentsquare.net https://*.abtasty.com https://*.qubit.com https://*.qubitproducts.com https://horizon-api.www.shuuemura-usa.com https://*.rlcdn.com https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data: https://*.attn.tv https://events.attentivemobile.com https://www.shuuemura-usa.com/e2/ds/relay https://horizon-api.www.shuuemura-usa.com/graphql https://*.ingest.sentry.io https://s1.thcdn.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn blob: data: https://*.abtasty.com https://*.gstatic.com https://*.googleapis.com; form-action 'self' https://www.facebook.com https://www.shuuemura-usa.com https://m.shuuemura-usa.com https://checkout.shuuemura-usa.com https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https: blob:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://remote.captcha.com https://platform.twitter.com https://assets.revlifter.io https://*.akamaihd.net https://recaptcha.net https://*.sciencebehindecommerce.com https://*.hotjar.com https://*.microsofttranslator.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://*.baidu.com https://sc-static.net https://www.google.com https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://analytics.twitter.com https://static.thgcdn.cn https://analytics.tiktok.com https://*.ibytedtos.com https://*.contentsquare.net https://app.contentsquare.com blob: https://*.abtasty.com https://static.goqubit.com https://*.qubit.com https://tr.snapchat.com https://cdn.attn.tv https://s1.thcdn.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://static.thgcdn.cn https://*.abtasty.com https://*.gstatic.com https://s1.thcdn.com; report-to report-endpoint; 1 object-src 'none';base-uri 'self';script-src 'nonce-14c7afqzYBQYGxdVWGzRhg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 base-uri 'none'; object-src 'none'; report-uri https://nellie.booking.com/csp-report-uri?type=report&tag=146&pid=cda007f78f680143&e=UmFuZG9tSVYkc2RlIyh9YYYdGuViorKPAV5YMJATpf--s3kCLakgWmYWq94gr-xY; script-src 'self' 'nonce-FYF9Bb6KSRiIiKN' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: 'sha256-47mKTaMaEn1L3m5DAz9muidMqw636xxw7EFAK/YnPdg=' 'sha256-iry7oJKoKJ+9HSjmU3E1TlRlpSesJWZ1vapuUz2MP38=' 1 connect-src 'self' https://firestore.googleapis.com http://s34573.pcdn.co https://s34573.pcdn.co https://website-gateway.meisterplan.com https://*.calendly.com https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://api.hsforms.com https://maps.googleapis.com *.addsearch.com https://*.google.com https://*.gstatic.com https://website-gateway.meisterplan.io https://emea-en.meisterplan.com www.googletagmanager.com *.google-analytics.com www.googleadservices.com *.doubleclick.net www.googleoptimize.com snap.licdn.com static.ads-twitter.com connect.facebook.net bat.bing.com *.clarity.ms https://*.sentry.io https://cdn.linkedin.oribi.io *.twitter.com *.facebook.com https://api.fpjs.io https://*.api.fpjs.io *.linkedin.com; default-src 'self' data: http://s34573.pcdn.co https://s34573.pcdn.co; font-src 'self' https: data:; script-src 'self' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ http://s34573.pcdn.co https://s34573.pcdn.co https://*.calendly.com https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://api.hsforms.com https://maps.googleapis.com *.addsearch.com 'unsafe-eval' https://*.google.com https://*.gstatic.com www.googletagmanager.com *.google-analytics.com www.googleadservices.com *.doubleclick.net www.googleoptimize.com snap.licdn.com static.ads-twitter.com connect.facebook.net bat.bing.com *.clarity.ms translate.googleapis.com https://dev.visualwebsiteoptimizer.com https://fpnpmcdn.net; style-src https: 'unsafe-inline'; img-src https: data: *.doubleclick.net *.twitter.com; media-src https: data:; frame-src https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://calendly.com https://www.youtube.com https://www.youtube-nocookie.com *.doubleclick.net https://www.google.com https://*.tourial.com https://giphy.com *.facebook.com; report-uri https://meisterplan.report-uri.com/r/d/csp/reportOnly 1 object-src 'none';base-uri 'self';script-src 'nonce-puPSjOHdzaO_9rBGktWp5Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-odlLGZgtzw2z71sGLGdIjw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-lbH3Rh2VyvHM9JpeUGDS-w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.facebook.net use.typekit.net forms.hscollectedforms.net js.hs-banner.com js.hsleadflows.net adservice.google.com *.licdn.com *.googleapis.com *.facebook.com perf-na1.hsforms.com *.linkedin.com js.hsadspixel.net js.hs-scripts.com *.gstatic.com p.typekit.net api.hubapi.com code.jquery.com js.hscollectedforms.net forms.hsforms.com www.googletagmanager.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 font-src fonts.gstatic.com use.typekit.net *.gstatic.com data: fonts.googleapis.com dhv2ziothpgrr.cloudfront.net *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com https://static.zdassets.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * bid.g.doubleclick.net www.xtento.com *.yotpo.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com dhv2ziothpgrr.cloudfront.net www.xtento.com cdn.xtento.com *.yotpo.com t.zip.co static.zipmoney.com.au data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com www.googletagmanager.com polyfill.io *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com googleads.g.doubleclick.net analytics.google.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net https://static.zdassets.com www.xtento.com cdn.xtento.com *.yotpo.com static.zipmoney.com.au zip.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com unsafe-inline assets.braintreegateway.com dhv2ziothpgrr.cloudfront.net *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.snplow.net commerce.adobedc.net api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com www.googleadservices.com analytics.google.com www.googletagmanager.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com https://ekr.zdassets.com https://tedscameras.zendesk.com https://widget-mediator.zopim.com wss://widget-mediator.zopim.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' ; base-uri 'self' ; object-src 'none' ; script-src 'self' 'unsafe-eval' 'nonce-jQlHKduX3HFb+LtNAwAOpg==' *.googleapis.com *.baidu.com *.zohocdn.com *.cloudfront.net *.googletagmanager.com *.youtube.com ; connect-src 'self' *.googleapis.com *.google-analytics.com ws: data: ; font-src 'self' *.gstatic.com *.zohowebstatic.com *.zohostatic.com *.zohocdn.com data: ; style-src 'self' 'unsafe-inline' *.zoho.com *.zohocdn.com ; frame-src 'self' * ; img-src 'self' *.ytimg.com *.zohoexternal.com *.zohocdn.com data: 1 font-src *.fontawesome.com *.alothemes.com *.magepow.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.instagram.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cdninstagram.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.alothemes.com *.magepow.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.instagram.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.avada.io *.alothemes.com *.magepow.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.processout.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com unpkg.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.fontawesome.com *.alothemes.com *.magepow.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src https: data: blob:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; connect-src https: wss:; form-action 'self' www.facebook.com forms.hsforms.com; object-src 'self'; base-uri 'self'; 1 object-src 'none';base-uri 'self';script-src 'nonce-x-tCsPhDhxkHzp39CA3VCQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-Wirutdu7K1YySI8JW7kLcg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src cdn.jsdelivr.net fonts.gstatic.com cdn.almapay.com *.googleapis.com *.gstatic.com *.mauboussin.fr data: * *.fontawesome.com maxcdn.bootstrapcdn.com applepay.cdn-apple.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.google.com *.mauboussin.fr * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com *.getalma.eu *.gstatic.com *.mauboussin.fr * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.googletagmanager.com/ api.payplug.com secure.payplug.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com *.googleapis.com *.gstatic.com *.mauboussin.fr * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com cdn.jsdelivr.net *.googleapis.com *.gstatic.com *.mauboussin.fr * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ api.payplug.com applepay.cdn-apple.com https://cdn.payplug.com/js/integrated-payment/ maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.jsdelivr.net fonts.googleapis.com *.googleapis.com/ *.mauboussin.fr * *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.getalma.eu *.googleapis.com *.mauboussin.fr * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.gstatic.com *.mauboussin.fr *.criteo.net *.pinterest.com *.googletagmanager.com *.snapppt.com *.360yield.com * 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-HRIi0jQsS-YiNFjZARPqyQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-lJRAMrcj6kf9gMNLL4rwog' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-oh2plmM84cRd-D0aEp_hrw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-dCp2xfvW8oHbs3yYpfADzA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-neePebQ4Ap5pPrFCpo0Qzw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-PENeQn7R0cebUy2P5PAQaA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-r_A-pz7MurgnQAliMkj1Bg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src: https: 1 object-src 'none';base-uri 'self';script-src 'nonce-GeutB8Ow-Pc6JQ_7jQXa4w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-83YiYQiHwa0NtxzLu8Jq8Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-WHuKjW9B3RCcSY1ZFcgfLQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-rfdyqqkySZXKPe9Em3ePzA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-t-KVH1i7qfAFbmwczp74UA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-y7NKuqLqml1_z4NDsjFmKQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-BgGqDWUEyMf1wVFIprgyJQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-jw93OWtS-0kMS0cUS3NyLQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-e_uStC7D8EyB-bZreMLwww' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-tb7ol_Dr4CvakfmQjIP1gQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-H8uM3INQUto8MTUHgy4f1A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.zipmoney.com.au *.s3.amazonaws.com *.criteo.net *.zip.co *.iyzipay.com *.gstatic.com *.cloudfront.net *.checkout.com *.zip.co data: 'self' 'unsafe-inline';frame-ancestors 'self';frame-src *.demdex.net *.cloudfront.net *.adyen.com *.euw2.pure.cloud *.salecycle.com *.pure.cloud *.tradedoubler.com *.brightcove.net 'self' 'unsafe-inline';img-src *.dyson.hr *.zipmoney.com.au *.mktgcdn.com *.boldchat.com *.demdex.net *.everesttech.net *.bazaarvoice.com *.dyson.vn *.googletagmanager.com *.adyen.com *.dyson.hr *.afterpay.com *.facebook.com *.euw2.pure.cloud *.assetsadobe2.com *.amazonaws.com *.adobe.com *.google-analytics.com *.riskified.com *.doubleclick.net *.zip.co *.google.com *.google.co.in *.omtrdc.net *.dyson.com.ro *.brightcove.com *.boltdns.net data: 'self' 'unsafe-inline';script-src https://mt.adobe.launch.script.test.js/ *.bambuser.com *.afterpay.com *.queue-it.net *.dyson.com.ro *.zipmoney.com.au *.zip.co *.boldchat.com *.newrelic.com *.googleapis.com *.google-analytics.com *.adobedtm.com *.bazaarvoice.com *.optimizely.com *.nr-data.net *.newrelic.com *.euw2.pure.cloud *.googletagmanager.com *.go-mpulse.net *.doubleclick.net *.channeladvisor.com *.facebook.net *.brightcove.net *.s3.amazonaws.com *.salecycle.com *.afterpay.com *.pure.cloud *.riskified.com *.zip.co *.zencdn.net blob: 'self' 'unsafe-inline' 'unsafe-eval';style-src *.checkout.com *.zip.co *.googleapis.com *.optimizely.com 'self' 'unsafe-inline';object-src *.euw2.pure.cloud *.checkout.com *.zip.co 'self' 'unsafe-inline';child-src *.euw2.pure.cloud blob: 'self' 'unsafe-inline';media-src *.brightcove.com *.s3.amazonaws.com *.assetsadobe.com *.euw2.pure.cloud blob: 'self' 'unsafe-inline';manifest-src 'self' 'unsafe-inline';connect-src *.dyson.hr *.akstat.io *.cloudfront.net *.boldchat.com *.google.com *.bazaarvoice.com wss://websocket.bold360.com wss://webmessaging.euw2.pure.cloud *.pure.cloud *.googleapis.com *.zipmoney.com.au *.zip.co *.adyen.com *.nr-data.net *.amazonaws.com *.newrelic.com *.euw2.pure.cloud *.omtrdc.net *.go-mpulse.net *.google-analytics.com *.doubleclick.net *.demdex.net *.salecycle.com *.pure.cloud *.zip.co *.riskified.com *.pure.cloud *.brightcove.com *.boltdns.net *.akamaihd.net 'self' 'unsafe-inline';base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-yrYYRYyoGdEZKRNX3ZNY4Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-JOcGF6lDFMshq8cTVi0WRg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-BML706CsmyPnSDwvCzxCnw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-QtPKtQIY0wJvPcV3jFvArg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-m-PEpWi1faivHJ7StCGXrw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-5Xzs8fm-miPMrlBvPHqw2Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-vDRVvNUjlimWPOFfyzTmbQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self'; script-src 'self' 'sha256-fowkKyEQi1SMOmkzKHVR3kVRCxAkb7eITj4LYDwWuwE=' 'sha256-NmZgHsyoB9XJ6Wd+G4VMaoO3gnTIG8KiH+uVcxOeeoc=' 'sha256-qwhoBj+FiypvTPR3eQkqsvLUkSeShbVBRVleFpBWM0g=' https://translate.googleapis.com https://cdn.plyr.io/3.4.4/plyr.polyfilled.js https://cdnjs.cloudflare.com/ajax/libs/picturefill/3.0.2/picturefill.min.js https://*.google-analytics.com https://*.googletagmanager.com/gtag/js https://www.youtube.com/iframe_api https://www2.osfound.org/shorten https://*.googletagmanager.com https://*.ingest.sentry.io https://docket.justiceinitiative.org https://justiceinitiative.containers.piwik.pro/; style-src 'unsafe-inline' 'self' https:; object-src 'self'; base-uri 'self'; connect-src 'self' https://translate.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.ingest.sentry.io https://docket.justiceinitiative.org https://justiceinitiative.piwik.pro https://justiceinitiative.containers.piwik.pro; font-src 'self' https:; frame-src 'self' https://www.youtube.com https://*.googletagmanager.com; img-src 'self' data: https: https://www.gstatic.com https://*.googletagmanager.com https://osjicontent.imgix.net https://*.google-analytics.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; report-uri https://opensociety.report-uri.com/r/d/csp/reportOnly; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.doubleclick.net *.googleapis.com www.google-analytics.com *.gstatic.com img.youtube.com *.linkedin.com cdn.linearicons.com analytics.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 object-src 'none';base-uri 'self';script-src 'nonce-mEZe_cCTwqAjatQG2Iq5Zg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' https://gapi.storyblok.com https://api.storyblok.com https://a.storyblok.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.wistia.com https://*.wistia.net netlify-cdp-loader.netlify.app 'unsafe-inline' blob: data:; script-src 'nonce-7M4CFsvXo8F50aJovHjc9h33AGo8/wjK' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 'self' https: http:'nonce-1kHfIls2z3GdtHgCjb6Po1qFrujNwvqG' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 'self' https: http:'self' 'unsafe-inline' 'unsafe-eval' https://*.hotjar.com https://*.storyblok.com https://netlify-rum.netlify.app https://*.wistia.com https://*.wistia.net https://src.litix.io *.visualwebsiteoptimizer.com app.vwo.com https://www.googletagmanager.com https://tagmanager.google.com https://*.onetrust.com https://*.google-analytics.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com googleads.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net https://js.driftt.com https://widget.drift.com *.livechatinc.com *.youtube.com *.google.com *.livechat-static.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.hotjar.com https://fast.wistia.com https://*.onetrust.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com https://www.googletagmanager.com https://tagmanager.google.com *.livechatinc.com *.youtube.com *.google.com blob:; img-src 'self' https://*.hotjar.com https://*.storyblok.com https://*.wistia.com https://*.wistia.net *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com https://*.onetrust.com https://*.doubleclick.net https://*.bing.com https://*.google-analytics.com www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com googleads.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.livechatinc.com *.youtube.com *.google.com *.livechat-files.com *.livechat-static.com data:; connect-src 'self' https://*.storyblok.com https://*.wistia.com https://*.wistia.net https://*.algolia.net *.visualwebsiteoptimizer.com app.vwo.com ingesteer.services-prod.nsvcs.net https://*.onetrust.com https://*.hotjar.com https://*.hotjar.io wss://ws.hotjar.com https://*.google.com https://*.bing.com https://*.litix.io https://*.doubleclick.net https://gapi.storyblok.com https://*.google-analytics.com https://*.analytics.google.com https://www.googletagmanager.com px.ads.linkedin.com px4.ads.linkedin.com www.facebook.com connect.facebook.net www.google.com.au; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://*.hotjar.com https://*.wistia.com data:; object-src 'self' *.livechatinc.com *.youtube.com *.google.com; frame-src 'self' https://gapi.storyblok.com app.netlify.com netlify-cdp-loader.netlify.app https://*.vwo.com https://*.youtube-nocookie.com https://dev.visualwebsiteoptimizer.com https://fast.wistia.com https://fast.wistia.net https://td.doubleclick.net app.vwo.com *.visualwebsiteoptimizer.com https://js.driftt.com https://widget.drift.com https://info.leap.com.au https://secure.livechatinc.com; worker-src 'self' blob:; media-src 'self' https://*.wistia.com https://*.wistia.net *.livechatinc.com *.youtube.com *.google.com *.livechat-static.com https://js.driftt.com https://widget.drift.com blob: data:; base-uri 'self'; form-action 'self'; frame-ancestors 'self' https://app.storyblok.com; script-src-elem 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com; child-src *.livechatinc.com *.youtube.com *.google.com blob:; upgrade-insecure-requests; report-uri /.netlify/functions/__csp-violations 1 object-src 'none';base-uri 'self';script-src 'nonce-KQehLpgMzLTYXX_evS49ow' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src * 'self' 'unsafe-inline' 1 object-src 'none';base-uri 'self';script-src 'nonce-yYWv3H7aLIroAH9jrw3oDA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-JPjwuDku0UmA4TBkHYJgpw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src 'nonce-47cf5b67b19f23e3930e3ed3cbe2da00' 'report-sample' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval'; frame-ancestors 'self' ; object-src 'none'; base-uri 'self'; report-uri https://www.doitgarden.ch/jsapi/v1/de/log/csp 1 font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.midtrans.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.midtrans.com *.mxpnl.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'none'; script-src 'self' https://butterfly-cdn.masterworks.com https://api.cloudsponge.com https://cdn.plaid.com https://d7a97ajcmht8v.cloudfront.net https://cdn.segment.com https://www.googletagmanager.com https://cdn.mxpnl.com https://www.google-analytics.com https://amplify.outbrain.com https://cdn.taboola.com https://trc.taboola.com https://static.ads-twitter.com https://snap.licdn.com https://www.googleadservices.com https://bat.bing.com https://tag.rmp.rakuten.com https://www.redditstatic.com https://s.yimg.com https://www.clickcease.com https://connect.facebook.net https://tr.outbrain.com https://b-code.liadm.com https://d.impactradius-event.com https://www.clarity.ms https://cdn.pdst.fm https://d18p8z0ptb8qab.cloudfront.net https://secure.quantserve.com https://rules.quantcount.com https://tags.srv.stackadapt.com https://www.krishetrk.com https://ext.chtbl.com https://pixel.visitiq.io https://collector-31806.tvsquared.com https://cdn-assets-prod.s3.amazonaws.com https://cdn.addevent.com 'sha256-9NSB+DllU3BlD34AIE9bDhybGzPQuNOyfx//ClMfQ9w='; connect-src 'self' https://account.masterworks.com https://api.masterworks.com/graphql wss://api.masterworks.com/graphqlws https://pricedb.ms.masterworks.io/graphql wss://bgro41vnmb.execute-api.us-east-2.amazonaws.com/production https://butterfly-cdn.masterworks.com https://butterfly-api.masterworks.com https://sonic.masterworks.com https://*.ingest.sentry.io https://api.cloudsponge.com https://collect.cloudsponge.com https://d7a97ajcmht8v.cloudfront.net https://cdn.segment.com https://api.segment.io https://www.google-analytics.com https://*.google-analytics.com https://trc.taboola.com https://bat.bing.com https://s.yimg.com https://rp.liadm.com/ https://f.clarity.ms https://tags.srv.stackadapt.com https://us-central1-adaptive-growth.cloudfunctions.net https://t.getletterpress.com/ https://tag.simpli.fi https://stats.g.doubleclick.net https://masterworks.536u.net https://cdn.addevent.com; img-src 'self' data: https://s3.amazonaws.com/works.masterworks.io/* https://images.ctfassets.net https://api.cloudsponge.com https://d7a97ajcmht8v.cloudfront.net https://www.google-analytics.com https://bat.bing.com https://tr.outbrain.com https://ciqtracking.com/ https://ad.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com https://adservice.google.com https://q.quora.com https://trkn.us https://data.adxcel-ec2.com https://ups.analytics.yahoo.com https://sp.analytics.yahoo.com https://us-u.openx.net https://t.co https://analytics.twitter.com https://alb.reddit.com https://px.ads.linkedin.com https://www.facebook.com https://x.bidswitch.net https://ib.adnxs.com https://aa.agkn.com https://pxl.qccerttest.com https://pixel.quantcount.com https://pixel.visitiq.io https://collector-31806.tvsquared.com; style-src 'self' https://api.cloudsponge.com https://d7a97ajcmht8v.cloudfront.net https://tags.srv.stackadapt.com https://cdn.addevent.com; frame-ancestors 'none'; form-action 'self' https://www.facebook.com; manifest-src 'self'; font-src 'self'; frame-src https://cdn.plaid.com https://d7a97ajcmht8v.cloudfront.net https://www.facebook.com https://cdn.addevent.com; upgrade-insecure-requests; report-uri https://csp.ms.masterworks.io/ 1 object-src 'none';base-uri 'self';script-src 'nonce-VYS4LciACnQDCFWUAh1-pA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src fonts.gstatic.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.typekit.net *.hotjar.com *.audioeye.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de api.bazaarvoice.com stg.api.bazaarvoice.com https://plumrocket.com *.authorize.net 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.affirm.com *.affirm.ca display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.weltpixel.com https://www.gstatic.com/ https://plumrocket.com *.authorize.net https://*.online-metrix.net https://imgs.signifyd.com *.doubleclick.net *.leasestation.com *.kaptcha.com *.google.com *.google.co.in *.networkmerchants.com *.paypalobjects.com *.cdn-btsg.com *.audioeye.com *.milwaukeetool.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com *.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com www.apptrian.com *.affirm.com *.affirm.ca display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.googletagmanager.com *.google-analytics.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com store.paradoxlabs.com https://redchamps.com https://imgs.signifyd.com https://*.online-metrix.net *.ohiopowertool.com https://seal-centralohio.bbb.org *.google.com *.google.co.in *.bing.com *.clarity.ms *.amazonaws.com *.shareasale.com *.nexmart.com *.noibu.com *.cdn-btsg.com *.quickspark.com *.bazaarvoice.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com cdn.ampproject.org raw.githubusercontent.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com *.affirm.com *.affirm.ca apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.googletagmanager.com tagmanager.google.com *.authorize.net sandbox-assets.secure.checkout.visa.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://www.dwin1.com https://seal-centralohio.bbb.org *.bing.com *.quickspark.com *.doubleclick.net *.clarity.ms *.nr-data.net *.newrelic.com *.google.com *.networkmerchants.com *.milwaukeetool.com *.noibu.com *.cdn-btsg.com *.pricespider.com *.hotjar.com *.audioeye.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com display.ugc.bazaarvoice.com downloads.mailchimp.com tagmanager.google.com fonts.google.com *.mailchimp.com *.bootstrapcdn.com *.quickspark.com *.networkmerchants.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com cdn.ampproject.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com *.affirm.com *.affirm.ca api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.authorize.net https://imgs.signifyd.com *.doubleclick.net *.clarity.ms *.nr-data.net *.networkmerchants.com *.bing.com *.noibu.com wss://*.noibu.com *.cdn-btsg.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com *.audioeye.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com strict-dynamic http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.google.com *.stripe.com *.opayo.eu.elavon.com *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.stripe.com *.google.com *.opayo.eu.elavon.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.stripe.com *.google.com *.opayo.eu.elavon.com account.fetchify.com *.klarna.com *.mention-me.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.sweetanalytics.com *.brooktaverner.us *.stripe.com *.google.com ebizmarts-website.s3.amazonaws.com *.paypal.com *.opayo.eu.elavon.com *.klarna.com *.klarnaevt.com *.klarnacdn.net data: 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trustpilot.com *.glopal.com *.sweetanalytics.com *.ometria.com *.stripe.com *.google.com *.opayo.eu.elavon.com *.klarna.com *.klarnaservices.com *.avada.io *.mention-me.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.glopal.com *.google.com *.stripe.com *.opayo.eu.elavon.com cc-cdn.com *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.ometria.com *.sweetanalytics.com *.stripe.com *.google.com *.paypal.com *.opayo.eu.elavon.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.klarnaevt.com *.klarnaservices.com *.mention-me.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-Mu0DJBi8d1E42JaoDe8YXw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-8hLhPxBN2KnHSVn3rSNKjw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src 'nonce-92379aef377db93b8cc50bf2036af825' 'report-sample' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval'; frame-ancestors 'self' ; object-src 'none'; base-uri 'self'; report-uri https://www.micasa.ch/jsapi/v1/de/log/csp 1 script-src https: 'strict-dynamic' 'report-sample' 'nonce-x0xAZWx3cNTYWpvIsX9/nZGL9Rnh06dNjQPt5cDJbIM='; base-uri 'self';report-to csp-endpoint 1 font-src *.gstatic.com maxcdn.bootstrapcdn.com *.nexcesscdn.net *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://www.googletagmanager.com/ *.google.com *.google.com.ua *.google.co.uk *.nexcesscdn.net *.doubleclick.net *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.google.com *.google.com.ua *.google.co.uk *.gstatic.com *.doubleclick.net *.nexcesscdn.net *.zonos.com *.facebook.com *.bing.com *.bizrate.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.google.com *.google.com.ua *.google.co.uk *.gstatic.com *.googletagmanager.com *.doubleclick.net maps.googleapis.com *.nexcesscdn.net *.zonos.com *.mailchimp.com *.list-manage.com chimpstatic.com *.facebook.net *.nextopia.net *.iglobalstores.com *.listrakbi.com *.bing.com *.bizrate.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline cdn.dnky.co webchat.dotdigital.com *.googleapis.com *.googletagmanager.com maxcdn.bootstrapcdn.com *.nexcesscdn.net *.nextopia.net cdn.listrakbi.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com sessions.bugsnag.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.google-analytics.com *.google.com *.nexcesscdn.net *.zonos.com *.googleadservices.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.nexcesscdn.net http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 connect-src https://www.overstockgovernment.com http://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.com:* https://*.hotjar.io https://bam.nr-data.net https://stats.g.doubleclick.net https://www.google-analytics.com wss://*.hotjar.com;default-src 'self' https://www.overstockgovernment.com 'unsafe-inline' http://www.googletagmanager.com/ https://stats.g.doubleclick.net https://www.google-analytics.com;font-src http://*.hotjar.com http://*.hotjar.io https://*.hotjar.com https://*.hotjar.io https://fonts.gstatic.com;frame-src http://*.hotjar.io https://*.hotjar.com https://*.hotjar.io;img-src https://www.overstockgovernment.com data: http://*.hotjar.com http://*.hotjar.io https://listen.audiohook.com https://*.hotjar.com https://*.hotjar.io https://ak1.ostkcdn.com https://p.adsymptotic.com https://px.ads.linkedin.com https://www.google-analytics.com https://www.google.com;object-src 'none';report-uri https://api.bedbathandbeyond.com/contentsecurity/report;script-src 'self' 'unsafe-inline' http://*.hotjar.com http://*.hotjar.io http://js-agent.newrelic.com http://www.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://bam.nr-data.net https://js-agent.newrelic.com https://snap.licdn.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.googletagmanager.com;style-src-elem https://www.overstockgovernment.com 'unsafe-inline' https://fonts.googleapis.com 1 object-src 'none';base-uri 'self';script-src 'nonce-FI6u0-Ky_-k0M8JsLkSh7g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-mnuuQKuSABFmsflN3ZZShQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src https://fonts.gstatic.com *.gstatic.com data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com *.fontawesome.com *.authorize.net *.klevu.com *.googletagmanager.com *.pinterest.com *.cloudflare.com *.listrakbi.com *.twitter.com *.typekit.net *.turnto.com *.pixlee.co *.resellerratings.com *.videoly.co *.ksearchnet.com maxcdn.bootstrapcdn.com www.gunbuyer.com *.klarnacdn.net data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.authorize.net *.klevu.com *.googletagmanager.com *.pinterest.com *.twitter.com *.listrakbi.com *.turnto.com *.pixlee.co *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.gunbuyer.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.authorize.net www.gunbuyer.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com cdn.dnky.co *.hotjar.com *.google.com/ *.facebook.com *.trustpilot.com *.criteo.com *.authorize.net *.addthis.com *.paypal.com *.google.com *.klevu.com *.googletagmanager.com *.pinterest.com *.twitter.com *.listrakbi.com *.turnto.com *.pixlee.co *.livechatinc.com *.addtoany.com *.resellerratings.com *.videoly.co *.youtube-nocookie.com *.weltpixel.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.xtento.com www.gunbuyer.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.googleapis.com *.google.com *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.linkedin.com *.googletagmanager.com gallery.mailchimp.com *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net *.paypal.com *.magentocommerce.com *.ytimg.com *.klevu.com *.googleadservices.com certify.alexametrics.com *.gunbuyer.com *.pinterest.com *.cloudflare.com *.listrakbi.com *.edgecastcdn.net *.klarna.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.paypalobjects.com *.a2z.com *.livechatinc.com *.turnto.com *.pixlee.co *.resellerratings.com *.espssl.com *.videoly.co *.ksearchnet.com *.google.com.ua *.google.co.uk *.google.be *.google.de *.doubleclick.net https://www.magezon.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cdninstagram.com *.fbcdn.net maps.googleapis.com www.xtento.com cdn.xtento.com www.gunbuyer.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.paypal.com *.google.com *.googletagmanager.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com graph.facebook.com *.feedbackcompany.com *.google-analytics.com *.trustpilot.com *.newrelic.com *.nr-data.net cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com *.youtube.com cdn.mouseflow.com *.authorize.net *.klevu.com certify-js.alexametrics.com *.addthis.com z.moatads.com *.addthisedge.com *.pinterest.com *.cloudflare.com *.listrakbi.com *.credova.com *.paypalobjects.com *.cloudflareinsights.com *.addtoany.com *.livechatinc.com *.turnto.com *.pixlee.co *.resellerratings.com *.videoly.co *.youtube-nocookie.com js.klevu.com *.ksearchnet.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net *.google.com/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com maps.googleapis.com www.xtento.com cdn.xtento.com www.gunbuyer.com *.tumblr.com *.salesfire.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net *.authorize.net *.klevu.com *.googletagmanager.com *.pinterest.com data: *.cloudflare.com *.listrakbi.com *.gstatic.com *.typekit.net *.livechatinc.com *.turnto.com *.pixlee.co *.resellerratings.com *.videoly.co *.ksearchnet.com *.addtoany.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com tagmanager.google.com www.gunbuyer.com 'self' 'unsafe-inline'; object-src www.gunbuyer.com 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com *.cdninstagram.com www.gunbuyer.com 'self' 'unsafe-inline'; manifest-src www.gunbuyer.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.paypal.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.nr-data.net *.clarity.ms *.facebook.com *.datatrics.com *.authorize.net *.klevu.com *.googletagmanager.com *.pinterest.com *.cloudflare.com *.listrakbi.com *.twitter.com *.livechatinc.com *.turnto.com *.credova.com *.pixlee.co *.resellerratings.com *.analytics.google.com *.g.doubleclick.net *.google.com *.videoly.co *.ksearchnet.com http://dpm.demdex.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com https://www.google-analytics.com *.instagram.com *.googleusercontent.com www.gunbuyer.com *.salesfire.co.uk *.smartmetrics.co.uk 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.gunbuyer.com http: https: blob: 'self' 'unsafe-inline'; default-src www.gunbuyer.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri www.gunbuyer.com 'self' 'unsafe-inline'; report-uri https://www.gunbuyer.com/; 1 font-src * *.typekit.net fonts.gstatic.com use.typekit.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com https://plumrocket.com *.sagepay.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ * *.braintreegateway.com *.paypal.com *.lpsnmedia.net *.liveperson.net *.hotjar.com *.bragard.ca *.dotdigital-pages.com *.dotdigital.com https://plumrocket.com *.sagepay.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com www.facebook.com platform.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com * *.paypal.com *.typekit.net p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net *.linkedin.com bat.bing.com *.powerreviews.com dev.visualwebsiteoptimizer.com seal.digicert.com https://www.google.com/pagead/1p-user-list/ https://www.google.co.jp/pagead/1p-user-list/ https://www.google.com/ads/ https://www.google.co.jp/ads/ https://*.adsymptotic.com/d/px/ *.liquifire.com *.weglot.com *.bragard.ca *.trackedlink.net www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ * *.typekit.net amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net seal.digicert.com dev.visualwebsiteoptimizer.com js-agent.newrelic.com bam.nr-data.net code.jquery.com *.lpsnmedia.net *.liveperson.net *.hotjar.com *.resultspage.com *.resultsdemo.com *.powerreviews.com *.g.doubleclick.net https://snap.licdn.com/li.lms-analytics/ bat.bing.com *.weglot.com *.bragard.ca *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal player.vimeo.com *.sagepay.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com connect.facebook.net twitter.com platform.twitter.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com * fonts.googleapis.com use.fontawesome.com *.resultspage.com *.resultsdemo.com *.powerreviews.com *.weglot.com *.bragard.ca cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com * 'self' 'unsafe-inline'; manifest-src * 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com * *.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.powerreviews.com bam.nr-data.net *.g.doubleclick.net wss://*.hotjar.com https://*.hotjar.com *.hotjar.io bat.bing.com *.weglot.com *.bragard.ca *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.sagepay.com webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src * 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/waze-wfe; 1 script-src 'unsafe-eval' 'unsafe-inline' *.dca0.com https://script.crazyegg.com maps.google.com *.avmws.com bam.nr-data.net *.cloudmaestro.com d3b4i635mede5k.cloudfront.net cdn.jsdelivr.net www.apex.live www.googletagmanager.com www.google-analytics.com ajax.googleapis.com www.youtube.com s.ytimg.com d.adroll.mgr.consensu.org www.google.com ssl.avmws.com cdn.avmws.com www.gstatic.com connect.facebook.net display.ugc.bazaarvoice.com maps.googleapis.com *.adroll.com *.bazaarvoice.com cdn-scripts.signifyd.com imgs.signifyd.com wileyx.com *.wileyx.com js-agent.newrelic.com cdn.mouseflow.com downloads.mailchimp.com staticw2.yotpo.com mc.us14.list-manage.com bam-cell.nr-data.net static.klaviyo.com fast.a.klaviyo.com static.zdassets.com assets.zendesk.com *.paypal.com *.paypalobjects.com embedsocial.com f.vimeocdn.com *.googleadservices.com *.vimeo.com bat.bing.com static-tracking.klaviyo.com www.googleoptimize.com *.googleoptimize.com static.criteo.net sslwidget.criteo.com dynamic.criteo.com assets.adobedtm.com www.ordertracker.com static.fittingbox.com cdn.yottaa.com www.clarity.ms clarity.ms tags.srv.stackadapt.com widget.us.criteo.com www.snippet.maze.co *.snippet.maze.co; report-uri /.webscale/csp-report 1 script-src 'self' 'unsafe-inline' 'unsafe-hashes' cdn.timebro.com cdn.memtime.com cdn.timebro.de *.googletagmanager.com *.google-analytics.com connect.facebook.net timebro.refersion.com www.google-analytics.com js-eu1.hs-scripts.com js-eu1.hs-analytics.net js-eu1.hsadspixel.net js-eu1.usemessages.com js-eu1.hscollectedforms.net js-eu1.hs-banner.com lftracker.leadfeeder.com snap.licdn.com bat.bing.com www.gstatic.com www.google.com googleads.g.doubleclick.net js.chargebee.com assets.calendly.com; frame-src 'self' player.vimeo.com www.google.com www.facebook.com timebro-public-documentation.s3.eu-central-1.amazonaws.com calendly.com timebro.chargebee.com app-eu1.hubspot.com td.doubleclick.net; object-src 'none'; frame-ancestors 'none'; report-uri https://h4gd777d.uriports.com/reports/report; report-to default 1 connect-src 'self' https://b.clarity.ms https://bat.bing.com https://ekr.zdassets.com https://numberbarn.zendesk.com wss://api.smooch.io; default-src 'none'; font-src 'report-sample' 'self' https://fonts.gstatic.com; form-action 'report-sample' 'self'; frame-ancestors 'report-sample' 'self'; frame-src 'self' https://js.stripe.com https://www.google.com; img-src 'report-sample' 'self' data: https://bat.bing.com https://px.ads.linkedin.com https://static.zdassets.com https://www.facebook.com https://www.google.com; report-to default; report-uri https://www.tierra.net/special/report/csp; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://api.smooch.io https://bat.bing.com https://connect.facebook.net https://googleads.g.doubleclick.net https://js.stripe.com https://snap.licdn.com https://static.zdassets.com https://www.clarity.ms https://www.clearhello.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com; style-src 'report-sample' 'self' 'unsafe-inline' https://fonts.googleapis.com 1 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/health_google 1 object-src 'none';base-uri 'self';script-src 'nonce-Du1Xpo7CIu3gONbOAIpeEA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-7gRgj_9l6MmhhdKw3LyknA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.fontawesome.com *.klarnacdn.net *.acsbapp.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.klarna.com *.playground.klarna.com *.google.com *.hotjar.com *.facebook.com *.criteo.com calendly.com *.doubleclick.net *.cookiebot.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com *.klarnacdn.net *.klarnaservices.com *.playground.klarnaservices.com *.klarnaevt.com *.googletagmanager.com *.amazonaws.com *.googleapis.com *.gstatic.com pixel.quantserve.com *.google.com *.facebook.com *.cloudfront.net cx.atdmt.com *.clerk.io *.criteo.com *.adsymptotic.com *.bing.com *.google.it *.doubleclick.net *.clarity.ms *.calendly.com *.bidswitch.net *.adnxs.com *.adscale.de *.omnitagjs.com *.casalemedia.com *.360yield.com *.yieldlab.net *.media.net *.mediavine.com *.pubmatic.com *.outbrain.com *.rubiconproject.com *.sharethrough.com *.smartclip.net *.tremorhub.net *.tremorhub.com *.3lift.com *.acsbapp.com *.equalweb.com *.smartadserver.com *.taboola.com *.teads.tv *.yahoo.com *.emxdgt.com *.adform.net id5-sync.com *.ivitrack.com *.yieldmo.com *.krxd.net *.thebrighttag.com *.cookiebot.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.klarnacdn.net *.klarnaservices.com *.playground.klarnaservices.com *.klarna.com *.avada.io https://cdn.scalapay.com *.googleapis.com *.gstatic.com *.clerk.io *.googletagmanager.com *.google-analytics.com *.doubleclick.net/ *.google.com *.quantserve.com rules.quantcount.com *.adform.net snap.licdn.com 127.0.0.1 *.nr-data.net *.newrelic.com *.hotjar.com *.jsdelivr.net commerce.adobedc.net *.aptrinsic.com *.iubenda.com *.cloudfront.net *.tremorhub.com *.criteo.com acsbapp.com *.acsbapp.com *.equalweb.com *.calendly.com *.myfeelback.com *.facebook.net *.bing.com *.clarity.ms *.cookiebot.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.klarnacdn.net *.calendly.com *.equalweb.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://corneliani.eu-central-1.linodeobjects.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.klarnaevt.com *.playground.klarnaevt.com *.klarnaservices.com *.playground.klarnaservices.com *.klarnacdn.net *.klarna.com https://get.geojs.io *.avada.io *.google-analytics.com *.doubleclick.net *.nr-data.net commerce.adobedc.net *.iubenda.com acsbapp.com *.acsbapp.com *.equalweb.com *.myfeelback.com *.googlesyndication.com *.criteo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-NMwiK5oEbNIfhqBYtAQ38Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-j9uALtIeHbaD7Ifw1h3VgQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.adroll.com *.googleapis.com forms.hsforms.com *.hubspot.com lh3.ggpht.com *.adsrvr.org cdn.userway.org unpkg.com www.google.com victra.com stats.wp.com app.five9.com www.victra.com js.hsforms.net *.doubleclick.net maps.google.com amplify.review-alerts.com pixel.wp.com forms-na1.hsforms.com forms.hscollectedforms.net *.facebook.com api.hubapi.com perf.hsforms.com js.hs-scripts.com *.gstatic.com api.ipify.org *.facebook.net cdn77.api.userway.org api.userway.org analytics.google.com rtx-source-icons.s3.amazonaws.com www.googletagmanager.com js.hsadspixel.net adservice.google.com api.omappapi.com js-na1.hs-scripts.com js.hsleadflows.net js.hs-banner.com a.omappapi.com js.hscollectedforms.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 font-src *.fontawesome.com script.hotjar.com hyfin.app data: maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.wesupply.xyz https://wesupplylabs.com vars.hotjar.com maps.googleapis.com stats.g.doubleclick.net *.fls.doubleclick.net cdn.evgnet.com hyfin.app *.globalpay.com *.verygoodvault.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io static.hotjar.com script.hotjar.com maps.googleapis.com stats.g.doubleclick.net cdn.evgnet.com hyfin.app *.globalpay.com *.verygoodvault.com *.cdninstagram.com *.fbcdn.net * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.cloudflare.com script.hotjar.com static.hotjar.com maps.googleapis.com stats.g.doubleclick.net cdn.evgnet.com *.us-6.evergage.com hyfin.app *.globalpay.com *.verygoodvault.com *.smartystreets.com * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com static.hotjar.com script.hotjar.com cdn.evgnet.com hyfin.app *.globalpay.com *.verygoodvault.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.hotjar.com *.hotjar.io wss://*.hotjar.com bam.nr-data.net stats.g.doubleclick.net cookie-cdn.cookiepro.com maps.googleapis.com cdn.evgnet.com *.us-6.evergage.com wss://*.hyfin.app hyfin.app *.globalpay.com *.verygoodvault.com *.smartystreets.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com *.instagram.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 base-uri 'self'; default-src 'none'; child-src; connect-src 'self' https://myaccount.sure.com http://myaccount.sure.com myaccount.sure.com https://myaccounttest.sure.com:2087 http://myaccounttest.sure.com:2087 myaccounttest.sure.com:2087 https://rec.smartlook.com http://rec.smartlook.com rec.smartlook.com https://ekr.zdassets.com http://ekr.zdassets.com ekr.zdassets.com https://*.zopim.com http://*.zopim.com *.zopim.com wss://widget-mediator.zopim.com https://*.searchiq.co http://*.searchiq.co *.searchiq.co; font-src 'self' https://fonts.gstatic.com http://fonts.gstatic.com fonts.gstatic.com https://use.typekit.net http://use.typekit.net use.typekit.net https://*.zopim.com http://*.zopim.com *.zopim.com https://*.searchiq.co http://*.searchiq.co *.searchiq.co data:; form-action 'self' https://*.twitter.com http://*.twitter.com *.twitter.com; frame-ancestors 'none'; frame-src https://youtube.com http://youtube.com youtube.com https://*.twitter.com http://*.twitter.com *.twitter.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net; img-src 'self' https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://www.google.com http://www.google.com www.google.com https://www.google.co.uk http://www.google.co.uk www.google.co.uk https://t.co http://t.co t.co https://www.facebook.com http://www.facebook.com www.facebook.com https://v2.zopim.com http://v2.zopim.com v2.zopim.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net https://*.twitter.com http://*.twitter.com *.twitter.com https://*.twimg.com http://*.twimg.com *.twimg.com https://*.searchiq.co http://*.searchiq.co *.searchiq.co blob: data:; media-src https://youtube.com http://youtube.com youtube.com; object-src 'none'; manifest-src 'self'; script-src 'self' https://myaccount.sure.com http://myaccount.sure.com myaccount.sure.com https://myaccounttest.sure.com:2087 http://myaccounttest.sure.com:2087 myaccounttest.sure.com:2087 https://www.googletagmanager.com http://www.googletagmanager.com www.googletagmanager.com https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://www.googleadservices.com http://www.googleadservices.com www.googleadservices.com https://*.googleapis.com http://*.googleapis.com *.googleapis.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net https://v2.zopim.com http://v2.zopim.com v2.zopim.com https://static.zdassets.com http://static.zdassets.com static.zdassets.com https://*.twitter.com http://*.twitter.com *.twitter.com https://static.ads-twitter.com http://static.ads-twitter.com static.ads-twitter.com https://*.facebook.net http://*.facebook.net *.facebook.net https://rec.smartlook.com http://rec.smartlook.com rec.smartlook.com https://*.twimg.com http://*.twimg.com *.twimg.com https://*.searchiq.co http://*.searchiq.co *.searchiq.co 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.typekit.net http://*.typekit.net *.typekit.net https://*.googleapis.com http://*.googleapis.com *.googleapis.com https://*.twitter.com http://*.twitter.com *.twitter.com https://*.twimg.com http://*.twimg.com *.twimg.com https://*.searchiq.co http://*.searchiq.co *.searchiq.co 'unsafe-inline' 1 object-src 'none';base-uri 'self';script-src 'nonce-JhrZC9Ieu9xdGPDvOPe0bw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src client.crisp.chat fonts.googleapis.com fonts.gstatic.com data: checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai storage.googleapis.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payfort.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.payfort.com checkout.tabby.ai *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com image.crisp.chat www.google.com.sa www.google.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.visa.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.payfort.com checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com static.cloudflareinsights.com client.crisp.chat business.facebook.com sc-static.net analytics.tiktok.com googleads.g.doubleclick.net js-agent.newrelic.com bam.eu01.nr-data.net maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.visa.com *.mastercard.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com checkout.tabby.ai widgets.tabby.ai cdn.segment.com www.googletagmanager.com www.google.com cdn.sift.com score.jcsc.online seondf.com deviceinf.com getdeviceinf.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com client.crisp.chat www.google.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com stats.g.doubleclick.net wss://client.relay.crisp.chat analytics.tiktok.com tr.snapchat.com bam.eu01.nr-data.net analytics.google.com client.crisp.chat maps.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.payfort.com checkout.tabby.ai widgets.tabby.ai cdn.segment.com api.segment.com api.segment.io api.amplitude.com *.seondfresolver.com *.deviceinfresolver.com *.getdeviceinfresolver.com https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.seondnsresolve.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 connect-src 'self' https://hyperreal.info https://koks.hyperreal.top; default-src 'none'; font-src 'self'; img-src 'self' https://koks.hyperreal.top https://hyperreal.info; script-src 'self' 'unsafe-inline' https://hyperreal.info; style-src 'self' 'unsafe-inline'; manifest-src 'self' https://hyperreal.info; 1 object-src 'none';base-uri 'self';script-src 'nonce-ZlL2bp8n2DpAhB8gUzdZEg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src fonts.googleapis.com fonts.gstatic.com *.fontawesome.com use.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.dotdigital-pages.com *.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com landofcoder.com www.facebook.com secure.livechatinc.com tst.kaptcha.com amc.demdex.net *.freshchat.com *.giftflick.com.au *.wisernotify.com *.azurewebsites.net *.wisermapp.com bid.g.doubleclick.net ct.pinterest.com *.tillpayments.com www.tickcounter.com *.tickcounter.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://static.afterpay.com https://site-assets.afterpay.com/ *.trackedlink.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://img.youtube.com www.googletagmanager.com www.facebook.com ct.pinterest.com dev.visualwebsiteoptimizer.com www.google.com www.google.com.au www.gstatic.com static.zipmoney.com.au hnd.stats.paypal.com connect.facebook.net www.magebees.com cdn.klarna.com www.mageworx.com *.freshchat.com *.giftflick.com.au *.wisernotify.com *.azurewebsites.net *.wisermapp.com googleads.g.doubleclick.net bid.g.doubleclick.net analytics.google.com usage.trackjs.com www.google.co.uk forms.hsforms.com bam.nr-data.net *.hsforms.com www.google.com.ua *.yotpo.com t.zip.co data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com https://api.addressfinder.io https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com landofcoder.com s7.addthis.com static.zipmoney.com.au s.pinimg.com connect.facebook.net dev.visualwebsiteoptimizer.com api.livechatinc.com js-agent.newrelic.com bam.nr-data.net cdn.livechatinc.com t.cfjump.com player.vimeo.com cfjump.dusk.com.au *.freshchat.com *.giftflick.com.au *.wisernotify.com *.azurewebsites.net *.wisermapp.com googleads.g.doubleclick.net analytics.google.com gateway.tillpayments.com api.sandbox.zipmoney.com.au cdn.trackjs.com js.hs-scripts.com static.hotjar.com cdn.jsdelivr.net script.hotjar.com js.hsleadflows.net js.hs-banner.com js.hscollectedforms.net js.hs-analytics.net trx-cdn.zip.co d1nv5i00u1m742.cloudfront.net www.tickcounter.com *.tickcounter.com js.hsforms.net admin.revenuehunt.com static.afterpay.com site-assets.afterpay.com www.magebees.com www.mageworx.com www.gstatic.com www.google.com www.google.com.au img.youtube.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com zip.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://api.addressfinder.io static.afterpay.com/ *.squarecdn.com unsafe-inline fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.fontawesome.com use.typekit.net static.zipmoney.com.au p.typekit.net *.freshchat.com *.giftflick.com.au *.wisernotify.com *.azurewebsites.net *.wisermapp.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com videodelivery.net blob: * 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.addressfinder.io static.afterpay.com static.sandbox.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.clearpay.co.uk *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de webchat.dotdigital.com webchat.staging.dotdigital.com landofcoder.com ekr.zdassets.com/ maps.googleapis.com stats.g.doubleclick.net ct.pinterest.com api.sandbox.zipmoney.com.au t.labs.au.edge.zip.co dev.visualwebsiteoptimizer.com bam.nr-data.net api.zipmoney.com.au t.zip.co api.livechatinc.com *.freshchat.com *.giftflick.com.au *.wisernotify.com *.azurewebsites.net *.wisermapp.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.tillpayments.com *.zipmoney.com.au videodelivery.net capture.trackjs.com forms.hscollectedforms.net wss://wsp10.hotjar.com/ wss://wsp25.hotjar.com/ wss://*.hotjar.com/ content.hotjar.io forms.hubspot.com in.hotjar.com *.cloudfront.net *.cylindo.com forms.hsforms.com *.hsforms.com *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-lInErrQllRiVV-rPwzkpeg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src 'nonce-HIyOZXshvbUaPGv12urv8g==' 'strict-dynamic' https: 'unsafe-inline' 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=UELS4b0KSYWm42aVXCSWhghxK7Zc2_UGTnANBzcFH3Mm_YhmbHD7aBdf4c0tURljRu3x&policy_id=9&user_id=&request_id=274cf02e-e947-4c93-b330-3fe3f31627ec; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1 font-src *.googleapis.com *.gstatic.com *.klarnaservices.com/ playground.klarnaservices.com/ https://fonts.gstatic.com/ https://cardinalcommerce.com/ https://eadn-wc03-106342.nxedge.io https://www.paypal.com/ https://www.purechat.com/ maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 0merchantacsstag.cardinalcommerce.com https://eadn-wc03-106342.nxedge.io https://www.purechat.com/ 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * js.stripe.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.klarnaservices.com https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/ https://testflex.cybersource.com/ https://cybersource.com/ https://songbirdstag.cardinalcommerce.com/ 0merchantacsstag.cardinalcommerce.com https://bid.g.doubleclick.net/ https://eadn-wc03-106342.nxedge.io https://www.google.com/ https://www.paypal.com/ https://assets.braintreegateway.com/ https://ssl.kaptcha.com/ https://c.paypal.com/ https://www.purechat.com/ https://www.googletagmanager.com/ https://checkout.paypal.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.klarnaservices.com https://cdn.wisepops.com https://www.google.us/ https://www.google.de/ https://www.google.se/ https://www.google.co.nz/ https://www.google.rs https://analytics.sleeknote.com https://prod.purechatcdn.com https://eadn-wc03-106342.nxedge.io https://b.stats.paypal.com/ https://dub.stats.paypal.com/ https://d2ldlvi1yef00y.cloudfront.net/ https://c.paypal.com/ https://www.paypal.com/ https://sleeknotestaticcontent.sleeknote.com/ https://www.google.com/ https://www.purechat.com/ https://forms.hsforms.com/ https://track.hubspot.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.googleapis.com https://www.gstatic.com js.stripe.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de chimpstatic.com downloads.mailchimp.com *.list-manage.com klarnaservices.com/ https://consent.cookiebot.com/ http://container.pepperjam.com/ https://na-library.playground.klarnaservices.com/ http://loader.wisepops.com/ http://cdn.wisepops.com/ https://cdn.wisepops.com/ https://fonts.googleapis.com https://js-agent.newrelic.com/ https://bam.nr-data.net https://bam.nr-data.net/ https://h.online-metrix.net https://testflex.cybersource.com/ https://cybersource.com/ https://songbirdstag.cardinalcommerce.com/ https://cardinalcommerce.com/ https://static.trackedweb.net/ http://static.trackedweb.net/js/ https://www.google.com/recaptcha/api.js https://www.google-analytics.com/ https://r1-t.trackedlink.net/ https://r1-t.trackedlink.net/_dmpt.js https://www.googletagmanager.com/ http://sleeknotecustomerscripts.sleeknote.com/ https://app.purechat.com/ https://googleads.g.doubleclick.net/ http://sleeknotestaticcontent.sleeknote.com http://ajax.googleapis.com/ https://prod.purechatcdn.com/ https://eadn-wc03-106342.nxedge.io https://www.google.com/ https://c.paypal.com/ https://www.paypal.com/ https://www.purechat.com/ http://js.hs-scripts.com/ https://js.hs-analytics.net/ https://js.hs-banner.com/ https://js.hscollectedforms.net/ https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com downloads.mailchimp.com https://fonts.googleapis.com https://eadn-wc03-106342.nxedge.io https://www.paypal.com/ https://www.purechat.com/ maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com https://fonts.googleapis.com/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de klarnaservices.com/ *.klarnauserservices.com *.klarnaevt.com/ http://container.pepperjam.com/ https://na-library.playground.klarnaservices.com/ http://popup.wisepops.com/ https://tracking.wisepops.com/ https://bam.nr-data.net/ https://cardinalcommerce.com/ https://geostag.cardinalcommerce.com/ https://r1.trackedweb.net/ https://www.google-analytics.com/ https://r1-t.trackedlink.net/ https://www.googletagmanager.com/ https://widgetapi.purechat.com/ https://api-cdn.purechat.com/ https://stats.g.doubleclick.net https://eadn-wc03-106342.nxedge.io https://payments.braintree-api.com https://client-analytics.braintreegateway.com https://www.paypal.com/ https://sleeknotestaticcontent.sleeknote.com/ http://sleeknotestaticcontent.sleeknote.com/ https://workers-203821.appspot.com/ https://www.google.com/ https://www.purechat.com/ https://api.braintreegateway.com https://forms.hubspot.com/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://pmjsulxvuv1wvuwvesziy6jt.httpschecker.net/report 1 default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://cwi.shell.451.io/ https://embed-forms.451.io/ https://js.hubspot.com/ https://maps.googleapis.com/ https://25livepub.collegenet.com/ https://ai.ocelotbot.com/ https://ajax.googleapis.com/ajax/libs/ https://analytics.tiktok.com/ https://analytics.tiktok.com/i18n/pixel/events.js https://api3.libcal.com/ https://cdn.jsdelivr.net/npm/ https://cdn.jsdelivr.net/gh/snowplow/ https://cdnjs.cloudflare.com/ajax/libs/ https://collector-16905.us.tvsquared.com/tv2track.js https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/ https://cwi.edu/ https://cwidaho.libanswers.com/ https://embed.financialaidtv.com/ https://embed.ocelotbot.com/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1027274136/ https://googleads.g.doubleclick.net/pagead/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1027274136/ https://h5p.org/ https://imageserver.ebscohost.com/ https://js-agent.newrelic.com/ https://js.hs-analytics.net/analytics/1692888000000/21023521.js https://js.hs-analytics.net/analytics/ https://js.hs-banner.com/ https://js.hs-scripts.com/21023521.js https://js.hsadspixel.net/fb.js https://js.hscollectedforms.net/ https://js.hsforms.net/ https://js.hscta.net/cta/ https://cta-service-cms2.hubspot.com/ https://lgapi.libapps.com/ https://live.cwid7.lndo.site/ https://us2.siteimprove.com/ https://*.clarity.ms/ https://wufoo.com/scripts/embed/form.js https://www.google-analytics.com/ https://www.google.com/jsapi/ https://www.google.com/recaptcha/ https://www.google.com/pagead/ https://translate.google.com/ https://translate.googleapis.com/ https://dev.visualwebsiteoptimizer.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.googleadservices.com/ https://unpkg.com/ https://*.googlesyndication.com/ https://app.vwo.com/ https://static.kuula.io/ https://use.typekit.net/; style-src 'report-sample' 'self' 'unsafe-inline' https://cwi.edu https://ai.ocelotbot.com https://fonts.googleapis.com https://p.typekit.net https://stackpath.bootstrapcdn.com https://use.typekit.net https://www.gstatic.com https://app.vwo.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.google-analytics.com https://analytics.google.com https://*.451.io/ https://*.hsforms.com https://api.hubapi.com/ https://cta-service-cms2.hubspot.com/ https://25livepub.collegenet.com https://ai.ocelotbot.com https://analytics.tiktok.com https://api3.libcal.com https://bam.nr-data.net https://*.siteimprove.com https://forms.hscollectedforms.net https://hubspot-forms-static-embed.s3.amazonaws.com https://live.cwid7.lndo.site https://*.clarity.ms https://*.doubleclick.net https://use.typekit.net https://pubsub.googleapis.com https://translate.googleapis.com/ https://www.facebook.com https://www.googletagmanager.com https://adservice.google.com https://www.google.com https://*.googlesyndication.com https://maps.googleapis.com https://*.visualwebsiteoptimizer.com/ wss://live.cwid7.lndo.site; font-src 'self' data: https://fonts.gstatic.com https://stackpath.bootstrapcdn.com https://use.typekit.net; frame-src 'self' https://cwi.messenger.451.io https://ctl.h5p.com https://*.hsforms.com https://embed-forms.451.io https://cwi.maps.arcgis.com https://cwi.wufoo.com https://cwilibrary.wufoo.com https://cwidaho.libanswers.com https://docs.google.com https://e.issuu.com https://embed.ocelotbot.com https://maps.google.com https://player.vimeo.com https://www.facebook.com https://www.google.com https://www.youtube.com https://yoshki.com https://*.doubleclick.net https://25livepub.collegenet.com https://*.googlesyndication.com https://www.googletagmanager.com https://creatorapp.zohopublic.com https://creator.zohopublic.com https://app.vwo.com https://kuula.co/ https://cwidaho.viewin360.co/; img-src https: data:; manifest-src 'self'; media-src 'self' data:; report-uri https://64dcbe2ca068cd9821c1af0b.endpoint.csper.io?v=33; worker-src 'self' blob:; 1 object-src 'none';base-uri 'self';script-src 'nonce-f9M8fkjaNwWbJlmdBOgUZw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'nonce-10b9a2b9247de07aaadd2047c0bc998b' 'self'; img-src * data:; style-src 'self' 'unsafe-inline' *.cassiecloud.com *.itv.com; style-src-elem 'self' 'unsafe-inline' *.cassiecloud.com *.itv.com; font-src 'self' *.itv.com; connect-src 'self' *.amplitude.com *.akamaihd.net *.amazonaws.com *.cassiecloud.com *.conviva.com *.facebook.net *.facebook.com *.analytics.google.com *.google-analytics.com *.hotjar.com *.hotjar.io *.irdeto.com *.2cnt.net *.itv.com https://http-inputs-itv.splunkcloud.com:443/services/collector *.stripe.com *.syrenis.com *.tiktok.com *.impact.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.amplitude.com *.cassiecloud.com *.facebook.net *.facebook.com *.analytics.google.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.2cnt.net *.itv.com *.stripe.com *.tiktok.com bugcrowd.com assets.bugcrowdusercontent.com *.impactcdn.com ; media-src 'self' blob: *.amplitude.com *.akamaihd.net *.itv.com *.brightcovecdn.com; worker-src 'self' blob:; object-src 'self' data:; frame-src 'self' *.facebook.net *.facebook.com *.flashtalking.com *.stripe.com bugcrowd.com; 1 font-src *.yotpo.com *.googleapis.com *.gstatic.com youngevity.com *.youngevity.com ygyi-stg.com *.ygyi-stg.com data: *.olark.com *.audioeye.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.paymentexpress.com *.windcave.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors secure.networkmerchants.com secure.nmi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com secure.networkmerchants.com secure.nmi.com *.paymentexpress.com *.windcave.com *.yotpo.com https://app.maker.co *.olark.com *.brightcove.net *.socialannex.net *.audioeye.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io mageside.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.yotpo.com *.googleapis.com *.gstatic.com *.brightcove.net *.brightcove.com youngevity.com *.youngevity.com ygyi-stg.com *.ygyi-stg.com *.google.com *.google.com.ua *.boltdns.net *.olark.com *.socialannex.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com secure.networkmerchants.com secure.nmi.com *.yotpo.com youngevity.com *.youngevity.com ygyi-stg.com *.ygyi-stg.com https://app.maker.co *.googleapis.com *.bronto.com *.bm23.com *.brightcove.net *.brightcove.com *.zencdn.net *.celebros.com *.google.com *.gstatic.com *.celebros-analytics.com *.crazyegg.com *.olark.com *.socialannex.com *.jquery.com *.newrelic.com *.nr-data.net *.audioeye.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline secure.nmi.com *.yotpo.com *.googleapis.com youngevity.com *.youngevity.com ygyi-stg.com *.ygyi-stg.com https://ygy1.com *.olark.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.olark.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com secure.networkmerchants.com secure.nmi.com *.yotpo.com *.youngevity.com *.ygyi-stg.com *.brightcovecdn.com *.boltdns.net *.brontops.com *.bronto.com *.google-analytics.com *.doubleclick.net *.akamaihd.net *.crazyegg.com *.olark.com *.googleapis.com *.nr-data.net *.audioeye.com https://app.maker.co 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.gstatic.com use.typekit.net *.cloudflare.com https://fonts.gstatic.com *.google-analytics.com *.gstatic.com *.twitter.com *.typekit.net *.twimg.com *.global-e.com *.yotpo.com *.klevu.com data: *.mention-me.com *.ksearchnet.com *.fontawesome.com *.googleapis.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.twitter.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.twitter.com *.bglobale.com *.hotjar.com *.hotjar.io *.duel.me *.vimeo.com *.shipperhq.com *.google.com *.paypal.com *.ometria.com *.ometria.email *.addtoany.com/ *.pinterest.com *.visualwebsiteoptimizer.com app.vwo.com *.dotdigital-pages.com *.dotdigital.com *.mention-me.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net data: *.adyen.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com *.cloudflare.com *.google.com *.gstatic.com *.google.co.uk maps.googleapis.com *.googleadservices.com *.global-e.com *.yotpo.com yotpo-stool.s3.amazonaws.com *.doubleclick.net *.ometria.com *.postcodeanywhere.co.uk *.shipperhq.com *.klevu.com *.daylesford.com *.kaltura.com *.pinterest.com *.facebook.net *.facebook.com *.sendtric.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com wingify-assets.s3.amazonaws.com chart.googleapis.com *.rakuten.com track.linksynergy.com *.trackedlink.net *.ksearchnet.com https://img.youtube.com https://maps.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com commerce.adobedtm.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.adyen.com *.googletagmanager.com tagmanager.google.com *.cloudflare.com *.google.com *.gstatic.com pay.google.com *.google-analytics.com maps.googleapis.com *.twitter.com *.twimg.com *.bglobale.com *.yotpo.com js-agent.newrelic.com *.doubleclick.net *.ometria.com *.hotjar.com *.hotjar.io *.duel.me *.postcodeanywhere.co.uk *.pcapredict.com *.shipperhq.com *.zdassets.com www.bugherd.com *.klevu.com *.addtoany.com *.payments-amazon.com *.zendesk.com *.kaltura.com *.pinterest.com *.pinimg.com *.facebook.net *.sendtric.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com *.rakuten.com track.linksynergy.com s7.addthis.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal js.klevu.com *.ksearchnet.com https://maps.googleapis.com *.mention-me.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.xtento.com cdn.xtento.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com tagmanager.google.com fonts.google.com *.cloudflare.com *.google.com *.gstatic.com *.google-analytics.com *.googleapis.com 'self' data: *.twitter.com *.typekit.net *.twimg.com getfirebug.com *.yotpo.com *.postcodeanywhere.co.uk *.shipperhq.com *.klevu.com *.myfonts.net *.zendesk.com *.facebook.net *.sendtric.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com s3.amazonaws.com *.rakuten.com track.linksynergy.com *.ksearchnet.com *.fontawesome.com *.addtoany.com unsafe-inline assets.braintreegateway.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com/ *.zendesk.com *.kaltura.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com commerce.adobedtm.com commerce.adobedc.net *.snplow.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io *.adyen.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.yotpo.com stats.g.doubleclick.net *.hotjar.com *.hotjar.io *.postcodeanywhere.co.uk *.shipperhq.com wss://rms.shipperhq.com wss://widget-mediator.zopim.com *.zdassets.com *.ksearchnet.com *.zendesk.com *.pinterest.com *.sendtric.com *.yes track.linksynergy.com ekr.zdassets.com/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.klevu.com http://dpm.demdex.net https://maps.googleapis.com *.mention-me.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-JpaSOKrft_oGWm4bysPQ-w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src https: 'strict-dynamic' 'report-sample' 'nonce-9VxX4gUowHaCeE86ITqfCU3FO3ljwQE5EkA1mh5tirY='; base-uri 'self';report-to csp-endpoint 1 object-src 'none';base-uri 'self';script-src 'nonce-tFdGq53LuFifW4AgjkwhpQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.gstatic.com *.ekomiapps.de *.bootstrapcdn.com *.azureedge.net data: oct8necdneu.azureedge.net *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com sis-t.redsys.es:* sis.redsys.es sis-t.sermepa.es:* sis.sermepa.es *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.demdex.net *.pinterest.com *.facebook.com *.oct8ne.com *.googlesyndication.com *.vimeo.com *.cookiebot.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.googleapis.com *.gstatic.com *.ekomiapps.de *.xtistore.com *.bing.com *.google.com *.google.es *.azureedge.net *.googletagmanager.com *.pinterest.com *.facebook.com *.doubleclick.net *.google.com.br *.google-analytics.com *.g.doubleclick.net oct8necdneu.azureedge.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.googleapis.com *.ekomiapps.de *.connectif.cloud cdn.connectif.cloud *.newrelic.com *.nr-data.net *.bing.com *.oct8ne.com *.g.doubleclick.net *.pinimg.com *.facebook.net *.tiktok.com *.googlesyndication.com *.cloudflare.com polyfill.io *.google.com *.google.es *.google.com.br *.gstatic.com *.googletagmanager.com *.google-analytics.com *.cookiebot.com *.adyen.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.ekomiapps.de *.bootstrapcdn.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.ekomiapps.de *.ekomi.com *.nr-data.net *.doubleclick.net *.oct8ne.com *.google-analytics.com *.connectif.cloud *.pinterest.com *.tiktok.com *.google.com *.google.es *.google.com.br *.googletagmanager.com *.g.doubleclick.net *.adyen.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.facebook.net forms.hscollectedforms.net www.google.com www.google-analytics.com *.hubspot.com www.googletagmanager.com cdnjs.cloudflare.com js.usemessages.com *.doubleclick.net js.hsleadflows.net *.licdn.com *.facebook.com *.linkedin.com js.hs-scripts.com *.gstatic.com js.hscollectedforms.net forms.hsforms.com js.hs-banner.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'self' https: 'nonce-vQNyZ6Rdj9fVIx5FrzWdKA=='; style-src 'self' https: 'nonce-vQNyZ6Rdj9fVIx5FrzWdKA=='; report-uri /csp-violation-report 1 object-src 'none';base-uri 'self';script-src 'nonce-djpAQ87gvBtq_OoMMw7DOg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-wNGWG2lJCskRQj2lNfuBGQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-VRrQCkXZqLcCaS201F5Orw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 frame-ancestors 'self' ;img-src 'self' data: https://s-img.mgid.com https://c.usefulcontentsites.com https://edgecdn.dev https://c.mgid.com https://www.google.com.my https://pagead2.googlesyndication.com https://a.mgid.com https://a.adskeeper.co.uk https://ad.360yield.com https://proxy-hk.rtbsystem.org https://cdn.mgid.com https://cs.admanmedia.com https://beacon-sin1.rubiconproject.com https://tracker.direct.e-volution.ai https://creativecdn.com https://sync.crwdcntrl.net https://prebid.a-mo.net https://cm.idealmedia.io https://cm.rtbsystem.com https://ib.adnxs.com https://cm.g.doubleclick.net https://image8.pubmatic.com https://id5-sync.com https://cdn.adbro.me https://apis.adbro.me https://ps.eyeota.net https://x.bidswitch.net https://img.rtbsystem.org https://blogmalaysia.com https://cdn.libur.com.my https://www.kuantanloka.com https://adrta.com https://themalaysialife.com https://www.google.com.sg https://us2.rtbsystem.org https://syndication.twitter.com https://www.googletagmanager.com https://cdn-js.xyz https://www.google.co.id https://www.google.com.bn https://www.google.ru https://cm.mgid.com https://www.google.de https://beacon-nf.rubiconproject.com https://id.rlcdn.com https://www.google.com.eg https://ap-northeast-1.event.prod.bidr.io https://ade.googlesyndication.com https://bid.g.doubleclick.net https://ad.doubleclick.net blob: https://idsync.rlcdn.com https://sync.e-volution.ai https://www.google.ae https://match.sharethrough.com https://contextual.media.net https://translate.google.com https://cs.krushmedia.com https://media.bidr.io https://cloud-images.s3.eu-west-1.amazonaws.com https://ap.lijit.com https://tps.doubleverify.com https://www.google.nl https://www.gstatic.com https://mykmu.net https://www.google.co.th https://storage.findbulous.info https://crb.kargo.com https://fonts.gstatic.com https://dtech.adtimizer.co https://cdn.doubleverify.com https://www.google.com.au https://match.adsrvr.org https://simage2.pubmatic.com https://selayangpandang.net https://platform-cdn.sharethis.com https://www.pahangtourism.org.my https://assets.hmetro.com.my https://ads.pubmatic.com https://image4.pubmatic.com https://ipds.adrta.com https://clck.mgid.com https://usersync.gumgum.com https://pippio.com https://id.a-mx.com https://ghent-gce-jp.bidswitch.net https://iponweb503341958152.s.moatpixel.com https://px.moatads.com https://aa.agkn.com https://www.google.fr https://lh3.googleusercontent.com https://www.google.com.kh https://www.butterkicap.com https://www.google.co.kr https://t.adx.opera.com https://sspniplus-i.com https://i.w55c.net https://media.siraplimau.com https://d.turn.com https://tps-dn-ae1.doubleverify.com http://themalaysialife.com https://cdn.mingguanwanita.my https://s0.2mdn.net https://pubmatic-match.dotomi.com https://www.google.com.sa https://rtb-usw.mfadsrvr.com https://api.retargetly.com https://dpm.demdex.net https://rtb.gumgum.com https://ups.analytics.yahoo.com https://cm.adform.net https://ads.travelaudience.com https://pixel.tapad.com https://apacerita.com.my https://sync.1rx.io https://sync.srv.stackadapt.com https://uipglob.semasio.net https://visitor.omnitagjs.com https://rtb.openx.net https://c1.adform.net https://apac-jp-sync.bidswitch.net https://www.google.se https://image2.pubmatic.com https://us-u.openx.net https://token.rubiconproject.com https://apac-edge.e-volution.ai https://www.google.com.om https://www.google.com.qa https://www.google.jo https://beacon.sojern.com https://ad.atdmt.com https://www.google.com.vn https://ssum.casalemedia.com https://ads.yieldmo.com https://qvdt3feo.com https://www.malaysiadateline.com https://cdn.vanillakismis.my https://tags.bluekai.com https://www.google.iq https://ads.creative-serving.com https://www.google.la https://www.erabaru.com.my https://ss-sg.appiersig.com https://ad.appier.net https://upscl.b-cdn.net https://vst.c.appier.net https://rcp.c.appier.net https://web14.bernama.com https://view.adjust.com https://cr.adsappier.com https://ss-jp2.appiersig.com https://www.google.com.ua https://rileklah.com https://e1.emxdgt.com https://pm.w55c.net https://dt.adsafeprotected.com https://www.google.co.in https://ad.turn.com https://img.inews.co.id https://bcp.crwdcntrl.net https://s.pubmine.com https://www.google.co.jp https://cdn.fonious.com https://um.simpli.fi https://ml314.com https://rtb-csync.smartadserver.com https://sin.creativecdn.com https://www.google.bt https://www.google.com.hk https://www.google.lk https://inv-nets.admixer.net https://rtd-tm.everesttech.net https://buzzday.info https://sync-tm.everesttech.net https://www.google.com.ph https://sync.targeting.unrulymedia.com https://bh.contextweb.com https://staging-ghent-gce-jp.bidswitch.net https://tr.blismedia.com https://sync.ipredictive.com https://www.google.co.uk https://sync.adkernel.com https://image6.pubmatic.com https://shopee.com.my https://d.agkn.com https://dsp.adfarm1.adition.com https://dsp-ap.upscale.digital https://www.google.co.nz https://tpc.googlesyndication.com https://tpsc-ae1.doubleverify.com https://ssum-sec.casalemedia.com https://spl.zeotap.com https://www.google.com.tw https://eb2.3lift.com https://www.google.cz https://scontent.fkul4-4.fna.fbcdn.net https://6f32696c6157526243306c36-ks.mgid.net https://analytics.adcanvas.com https://pixel.adsafeprotected.com https://imp.rfp.fout.jp https://rfp.dspcdn.com https://js.rfp.fout.jp https://fo-global.dspcdn.com https://secure.gravatar.com https://ts.w.org https://s.w.org https://ps.w.org ; default-src 'self'; script-src 'self' 'unsafe-inline' https://tag.adbro.me https://edgecdn.dev https://jsc.mgid.com https://fundingchoicesmessages.google.com data: https://pagead2.googlesyndication.com https://www.googletagmanager.com https://cdn.usefulcontentsites.com https://www.tiktok.com https://cm.mgid.com https://cdn-js.xyz https://tpc.googlesyndication.com https://servicer.mgid.com https://cdn.id5-sync.com https://ads.pubmatic.com https://cdn.doubleverify.com blob: https://ad.doubleclick.net https://ff.kis.v2.scr.kaspersky-labs.com https://platform.twitter.com https://sf16-website-login.neutral.ttwstatic.com https://googleads.g.doubleclick.net https://s0.2mdn.net https://connect.facebook.net https://cdn.ampproject.org https://yoast.com https://ucads-cdn.ucweb.com https://s.update.rubiconproject.com https://tps.doubleverify.com https://noas.mtrtb.com https://media.bidr.io https://gc.kis.v2.scr.kaspersky-labs.com https://z.moatads.com https://www.instagram.com https://choices.truste.com https://appassets.androidplatform.net https://www.googletagservices.com https://c.bannerflow.net https://6811282.fls.doubleclick.net https://www.gstatic.com https://cr.adsappier.com https://lf16-tiktok-web.tiktokcdn-us.com https://ad.appier.net https://rtb0.doubleverify.com https://www.youtube.com https://choices.trustarc.com https://fw.adsafeprotected.com https://mb.moatads.com https://static.adsafeprotected.com https://tagan.adlightning.com https://www.pagespeed-mod.com https://me.kis.v2.scr.kaspersky-labs.com https://cdn.innity.net https://js.rfp.fout.jp https://cdn.adskeeper.com https://media.adcanvas.com https://fo-global.dspcdn.com https://pixel.adsafeprotected.com 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://tag.adbro.me https://edgecdn.dev https://jsc.mgid.com https://fundingchoicesmessages.google.com data: https://pagead2.googlesyndication.com https://www.googletagmanager.com https://cdn.usefulcontentsites.com https://www.tiktok.com https://cm.mgid.com https://cdn-js.xyz https://tpc.googlesyndication.com https://servicer.mgid.com https://cdn.id5-sync.com https://ads.pubmatic.com https://cdn.doubleverify.com blob: https://ad.doubleclick.net https://ff.kis.v2.scr.kaspersky-labs.com https://platform.twitter.com https://sf16-website-login.neutral.ttwstatic.com https://googleads.g.doubleclick.net https://s0.2mdn.net https://connect.facebook.net https://cdn.ampproject.org https://yoast.com https://ucads-cdn.ucweb.com https://s.update.rubiconproject.com https://tps.doubleverify.com https://noas.mtrtb.com https://media.bidr.io https://gc.kis.v2.scr.kaspersky-labs.com https://z.moatads.com https://www.instagram.com https://choices.truste.com https://appassets.androidplatform.net https://www.googletagservices.com https://c.bannerflow.net https://6811282.fls.doubleclick.net https://www.gstatic.com https://cr.adsappier.com https://lf16-tiktok-web.tiktokcdn-us.com https://ad.appier.net https://rtb0.doubleverify.com https://www.youtube.com https://choices.trustarc.com https://fw.adsafeprotected.com https://mb.moatads.com https://static.adsafeprotected.com https://tagan.adlightning.com https://www.pagespeed-mod.com https://me.kis.v2.scr.kaspersky-labs.com https://cdn.innity.net https://js.rfp.fout.jp https://cdn.adskeeper.com https://media.adcanvas.com https://fo-global.dspcdn.com https://pixel.adsafeprotected.com ; style-src 'self' 'unsafe-inline' https://code.jquery.com https://fonts.googleapis.com https://cdn.adbro.me https://www.opoint.no https://sf16-website-login.neutral.ttwstatic.com https://maxcdn.bootstrapcdn.com https://adblockers.opera-mini.net https://www.themalaysialife.com https://www.gstatic.com data: ; style-src-elem 'self' 'unsafe-inline' https://code.jquery.com https://fonts.googleapis.com https://cdn.adbro.me https://www.opoint.no https://sf16-website-login.neutral.ttwstatic.com https://maxcdn.bootstrapcdn.com https://adblockers.opera-mini.net https://www.themalaysialife.com https://www.gstatic.com data: ; font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com moz-extension https://cdnjs.cloudflare.com data:; frame-src 'self' https://eus.rubiconproject.com https://www.google.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net https://ads.as.criteo.com https://apis.adbro.me https://securepubads.g.doubleclick.net https://ads.pubmatic.com https://secure-assets.rubiconproject.com https://onetag-sys.com https://td.doubleclick.net https://www.tiktok.com https://platform.twitter.com https://www.facebook.com https://sin.creativecdn.com https://match.prod.bidr.io https://crcldu.com https://m.facebook.com https://web.facebook.com https://ssc-cms.33across.com https://cdn.connectad.io https://de.tynt.com https://www.instagram.com https://ghent-gce-jp.bidswitch.net https://s.adroll.com https://hde.tynt.com https://sync.e-volution.ai https://pagead2.googlesyndication.com https://s0.2mdn.net https://www.youtube.com https://ad.doubleclick.net https://www.googleadservices.com https://delivery.advanseads.com https://staging-ghent-gce-jp.bidswitch.net https://www.googletagmanager.com https://track.fader.id https://fo-global.dspcdn.com https://click.rfp.fout.jp https://wap.spritzer.com.my blob:; media-src 'self' blob: https://cl.imghosts.com https://cdn.adbro.me https://themalaysialife.com https://fo-global.dspcdn.com https://fo-global.s3.ap-southeast-1.amazonaws.com; connect-src 'self' https://www.google-analytics.com https://c.mgid.com https://analytics.google.com https://pagead2.googlesyndication.com https://apis.adbro.me https://fundingchoicesmessages.google.com https://stats.g.doubleclick.net https://lb.eu-1-id5-sync.com https://www.google.com.my https://c.ltmsphrcl.net https://csi.gstatic.com https://id5-sync.com https://region1.google-analytics.com https://tpsc-ae1.doubleverify.com https://diagnostics.id5-sync.com https://www.google.com.bn https://region1.analytics.google.com https://s.update.rubiconproject.com https://gjtrack.ucweb.com blob: https://translate.googleapis.com https://yoast.com https://my.yoast.com https://www.google.com.sg https://www.google.co.id https://plugin.ucads.ucweb.com https://api.trongrid.io https://ad.doubleclick.net https://c1.eu-3-id5-sync.com https://c4.eu-3-id5-sync.com https://c2.eu-3-id5-sync.com https://c3.eu-3-id5-sync.com https://c0.eu-3-id5-sync.com https://googleads4.g.doubleclick.net https://ade.googlesyndication.com https://searchaggr-dra.dt.dbankcloud.com https://tpsc-ue1.doubleverify.com https://arm.appiersig.com https://overbridgenet.com https://www.google.com.sa https://lm.serving-sys.com https://www.google.co.th https://c.bannerflow.net https://triptease.ap-northeast-1.stinger-ad.bidr.io https://onboard.triptease.io https://www.google.lk https://c6.eu-3-id5-sync.com chrome-extension://eppiocemhmnlbhjplcgkofciiegomcon https://c7.eu-3-id5-sync.com https://www.google.fr https://googleads.g.doubleclick.net https://www.google.com.ua https://www.google.co.kr https://ad.rfp.fout.jp https://www.google.ru https://dt.adsafeprotected.com; child-src 'self' blob:; worker-src 'self' blob:; report-uri https://www.themalaysialife.com/wp-json/rsssl/v1/csp?rsssl_apitoken=910161050; 1 font-src *.fontawesome.com https://fonts.googleapis.com https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es https://secure.networkmerchants.com https://www.google.com/ https://www.youtube.com *.authorize.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es https://api.searchspring.net https://*.monsterscooterparts.com https://monsterscooterparts.com https://*.cloudfront.net https://*.gstatic.com https://*.gorgias.chat https://*.gorgias.io 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es https://secure.networkmerchants.com https://cdn.searchspring.net https://autocomplete2.searchspring.net https://bat.bing.com https://apis.google.com https://www.googletagmanager.com https://*.monsterscooterparts.com https://*.freshchat.com https://*.gorgias.chat https://*.amplitude.com https://polyfill.io https://*.polyfill.io *.authorize.net sandbox-assets.secure.checkout.visa.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com https://fonts.googleapis.com https://fonts.gstatic.com https://secure.networkmerchants.com https://*.monsterscooterparts.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es https://secure.networkmerchants.com https://beacon.searchspring.io https://*.monsterscooterparts.com https://api.searchspring.net https://*.gorgias.chat wss://*.gorgias.chat *.authorize.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; object-src 'self' blob:; font-src https: data:; report-uri /csp-report 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: vin-checker.info ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 object-src 'none';base-uri 'self';script-src 'nonce-Pyzh1J6UE5nHN5TjuhTOyA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' filesystem: https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://player.vimeo.com/ https://vimeo.com/ https://cdn.cookielaw.org https://maps.googleapis.com; style-src 'self' 'unsafe-inline'; img-src 'self' http: https: data: www.googletagmanager.com www.google-analytics.com www.ssl.google-analytics.com www.google.com https://player.vimeo.com/ https://vimeo.com/ ; connect-src 'self' 'unsafe-inline' https://region1.google-analytics.com https://cdn.cookielaw.org www.google-analytics.com https://yoast.com; font-src 'self' data: https://fonts.gstatic.com; media-src 'self' data: filesystem: https://player.vimeo.com/ https://vimeo.com/; report-uri https://646b8303974ac544f93aac30.endpoint.csper.io?v=1; object-src 'none'; frame-src https://player.vimeo.com/ https://xweb3.xcerra.com/; report-to https://646b8303974ac544f93aac30.endpoint.csper.io?v=1 1 img-src https://higherlogicdownload.s3.amazonaws.com/CFAI/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/CFAI/ https://img.youtube.com/vi/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/CFAI/ https://d132x6oi8ychic.cloudfront.net 'self' www.w3.org/; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ fonts.googleapis.com https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/CFAI/ https://higherlogicdownload.s3.amazonaws.com/CFAI/ https://higherlogiclongterm.s3.amazonaws.com/CFAI/ 'self' https://use.typekit.net https://p.typekit.net; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ higherlogiccloudfront.s3.amazonaws.com fonts.googleapis.com https://higherlogicdownload.s3.amazonaws.com/CFAI/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/CFAI/ 'self' https://higherlogiclongterm.s3.amazonaws.com/CFAI/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data: https://use.typekit.net; media-src https://higherlogiclongterm.s3.amazonaws.com/CFAI/ https://higherlogicdownload.s3.amazonaws.com/CFAI/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/CFAI/ https://higherlogicstream.s3.amazonaws.com/CFAI/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/CFAI/ https://higherlogicdownload.s3.amazonaws.com/CFAI/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d132x6oi8ychic.cloudfront.net cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/CFAI/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; script-src-elem https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d3uf7shreuzboy.cloudfront.net/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline' https://use.fortawesome.com https://cdn.jsdelivr.net/gh/eConverse-Media/ https://higherlogicdownload.s3.amazonaws.com/Theme/ https://cdn.jsdelivr.net/jquery.slick/; worker-src 'self'; frame-src https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; default-src 'self'; base-uri 'self'; connect-src 'self' hl-managedservices.informz.net; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 1 object-src 'none';base-uri 'self';script-src 'nonce-Jk8GWAFCEnwLlPSRFXGoNg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 frame-src 'self' https://werbung.transgourmet.de https://www.youtube.com https://www.google.com www.recaptcha.net *.b2clogin.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com js-agent.newrelic.com www.youtube.com www.google-analytics.com bam.nr-data.net static.dvinci-easy.com maps.googleapis.com bat.bing.com www.gstatic.com connect.facebook.net widget.msgp.pl blob: cdnjs.cloudflare.com https://cdn.kiprotect.com https://cdnjs.cloudflare.com https://unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' www.googletagmanager.com static.dvinci-easy.com unpkg.com js-agent.newrelic.com www.google-analytics.com maps.googleapis.com bam.nr-data.net connect.facebook.net bat.bing.com www.gstatic.com www.youtube.com widget.msgp.pl https://www.xing-events.com/resources/js/amiandoExport.js www.google.com content.syndigo.com www.recaptcha.net js.monitor.azure.com cdnjs.cloudflare.com https://cdn.kiprotect.com https://cdnjs.cloudflare.com https://unpkg.com; style-src 'self' 'unsafe-inline' static.dvinci-easy.com fonts.googleapis.com cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; base-uri 'self'; frame-ancestors 'self' https://werbung.transgourmet.de 1 font-src *.gstatic.com data: *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.adyen.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.affirm.com *.affirm.ca connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com *.dotdigital-pages.com *.dotdigital.com *.adyen.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.affirm.com *.affirm.ca *.adyen.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.affirm.com *.affirm.ca connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.avada.io *.adyen.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com *.fontawesome.com maxcdn.bootstrapcdn.com tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.affirm.com *.affirm.ca connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com sessions.bugsnag.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://get.geojs.io *.avada.io *.adyen.com https://emails.naturepedic.com https://www.google-analytics.com *.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-DGNbY8gk2Y-e03uGl2Arsw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com www.google-analytics.com www.gstatic.com ajax.googleapis.com use.typekit.net www.google.com embed.wized.com cdn.jsdelivr.net d3e54v103j8qbb.cloudfront.net assets-global.website-files.com content.liquidplus.com content.teamliquid.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com use.typekit.net cdn.jsdelivr.net p.typekit.net translate.googleapis.com assets-global.website-files.com; img-src 'self' data: static-cdn.jtvnw.net i.vimeocdn.com i.ytimg.com content.liquidplus.com content.teamliquid.com p.typekit.net https://*.google-analytics.com https://*.googletagmanager.com assets-global.website-files.com; media-src 'self' content.liquidplus.com content.teamliquid.com assets-global.website-files.com; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com server.wized.com; font-src 'self' data: fonts.gstatic.com use.typekit.net; child-src www.google.com player.vimeo.com vimeo.com www.youtube.com cdn.embedly.com; frame-ancestors 'none'; block-all-mixed-content; disown-opener; report-uri https://s1r2d1cd.uriports.com/reports/report 1 object-src 'none';base-uri 'self';script-src 'nonce-5-4NInE9cWP7AIeJl8CYrg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src https://www.amyntagroup.com 'self' https://*.amyntagroup.com https://amyntagroup.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.amyntagroup.com ; 1 object-src 'none';base-uri 'self';script-src 'nonce-UpyPc_U2ve5UhuzTG6df0A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.klarnacdn.net *.gstatic.com 'self' data: *.tawk.to fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.tawk.to 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.klarna.com *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.tawk.to *.trustpilot.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.klarna.com *.sargarme.com *.awd-it.co.uk *.google.com *.google.co.uk *.facebook.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: *.tawk.to cdn.jsdelivr.net *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.net *.klarna.com *.klarnaservices.com *.webgains.io instant.page *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ s7.addthis.com *.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.gstatic.com *.tawk.to cdn.jsdelivr.net *.trustpilot.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.klarnacdn.net https://static.klaviyo.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com *.tawk.to fonts.googleapis.com cdn.jsdelivr.net *.trustpilot.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.imgur.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.klarnaevt.com *.klarnaservices.com *.doubleclick.net *.smartmetrics.co.uk *.klarnacdn.net *.klarna.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.google-analytics.com *.tawk.to wss://*.tawk.to *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-6YGBcJ0nqBg7Kp7TJwoiHQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 frame-ancestors 'self' *.tse-fr.eu *.couleur-citron.com ; frame-src 'self' *.google.com *.youtube.com *.youtube-nocookie.com *.unibuddy.co ; connect-src 'self' *.linkedin.com *.couleur-citron.com *.matomo.cloud *.doubleclick.net *.googleapis.com *.google-analytics.com *.facebook.com *.youtube-nocookie.com *.oribi.io ; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.unibuddy.co *.couleur-citron.com *.googletagmanager.com *.youtube.com *.youtube-nocookie.com *.google.com *.facebook.com *.gstatic.com *.googleapis.com *.facebook.net *.licdn.com *.google-analytics.com *.matomo.cloud *.linkedin.com ; font-src 'self' *.googleapis.com *.gstatic.com ; style-src 'self' 'unsafe-inline' *.googleapis.com *.youtube.com *.youtube-nocookie.com ; 1 object-src 'none';base-uri 'self';script-src 'nonce-IzgZJsVMolVyf2q_aZ-8YQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-e72fe83d477d445092bf3d5da4870876' https://myhealthchart.com 'self';img-src https://* 'self' blob: data:;style-src https://myhealthchart.com 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action 'self';media-src https://* 'self' blob:; 1 font-src fonts.gstatic.com use.typekit.net fonts.googleapis.com data: *.doofinder.com *.sagepay.com *.fontawesome.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.net *.facebook.com *.doofinder.com *.sagepay.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.dotdigital-pages.com *.dotdigital.com www.google.com *.awin1.com *.zenaps.com *.doubleclick.net *.hotjar.com *.yieldify.com *.iubenda.com *.paypal.com *.braintreegateway.com *.kaptcha.com *.doofinder.com *.trustpilot.com *.facebook.net *.facebook.com *.laybuy.com *.salesfire.co.uk cdn.dnky.co webchat.dotdigital.com *.sagepay.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com maps.googleapis.com maps.gstatic.com *.awin1.com *.zenaps.com *.smartmetrics.co.uk *.salesfire.co.uk *.ometria.com *.bing.com *.google.com *.google.co.uk *.google.com.eg *.google-analytics.com *.paypal.com *.facebook.net *.facebook.com *.pinterest.com *.postcodeanywhere.co.uk *.doofinder.com *.laybuy.com eu1-doofinderuser.s3.amazonaws.com us1-doofinderuser.s3.amazonaws.com validate.fishpig.co.uk https://static.afterpay.com *.sagepay.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com *.smartmetrics.co.uk *.salesfire.co.uk *.hotjar.com *.pcapredict.com *.zdassets.com *.ometria.com foursixty.com *.google.com *.gstatic.com *.facebook.net *.zoovu.com *.iubenda.com *.googletagmanager.com *.yieldify.com *.bing.com *.braintreegateway.com *.braintree-api.com *.paypal.com *.newrelic.com *.nr-data.net *.pinimg.com *.pinterest.com *.mention-me.com *.postcodeanywhere.co.uk *.yimg.com *.yahoo.com cdn.doofinder.com https://eu1-search.doofinder.com *.trustpilot.com *.tiktok.com *.noibu.com *.doubleclick.net *.segmentify https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.sagepay.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com foursixty.com *.postcodeanywhere.co.uk *.doofinder.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com cdn.dnky.co webchat.dotdigital.com *.sagepay.com *.fontawesome.com unsafe-inline *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zdassets.com *.vimeo.com *.akamaized.net *.doofinder.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net *.adobe.io performance.typekit.net www.sandbox.paypal.com commerce.adobe.net qa-api.magedevteam.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://the.sciencebehindecommerce.com *.smartmetrics.co.uk *.salesfire.co.uk *.zdassets.com foursixty.com *.hotjar.com *.hotjar.io *.zendesk.com *.zopim.com wss://widget-mediator.zopim.com wss://input.noibu.com *.iubenda.com *.doubleclick.net *.google-analytics.com *.braintreegateway.com *.braintree-api.com *.paypal.com *.nr-data.net *.pinterest.com *.postcodeanywhere.co.uk *.yimg.com *.doofinder.com *.noibu.com *.tiktok.com *.facebook.net *.facebook.com https://www.facebook.com static.afterpay.com js.sandbox.afterpay.com js.afterpay.com api.comapi.com webchat.dotdigital.com *.sagepay.com https://checkout.iwdagency.com https://get.geojs.io *.avada.io www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-m3AR2E9ACSCkAPwLCqnpgw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-Oqjrr-qcLf7D_9eBHf5lWQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-Xyi-IWxw8XPKumY4s3F6Ag' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.klarnacdn.net *.klevu.com *.ksearchnet.com fonts.gstatic.com data: v2.zopim.com js.klevu.com *.wistia.com maxcdn.bootstrapcdn.com fonts.yieldify-production.com acsbapp.com *.hotjar.com x.klarnacdn.net *.narvar.com *.narvar.qa *.gstatic.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.getbread.com *.breadpayments.com *.rbcpayplan.com *.klarna.com vimeo.com *.criteo.com *.criteo.net *.doubleclick.net *.trustpilot.com *.paypalobjects.com *.wistia.net button.aftership.com *.sharethis.com *.zendesk.com *.zdassets.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.adroll.com *.attn.tv *.yieldify.com *.kaptcha.com *.sirv.com *.katapult.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.getbread.com *.breadpayments.com *.rbcpayplan.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com https://img.youtube.com https://* insight.adsrvr.org vimeo.com bat.bing.com js.klevu.com *.klaviyo.com v2.zopim.com maps.googleapis.com *.criteo.com *.criteo.net *.doubleclick.net *.wistia.com *.attn.tv *.klarnaservices.com *.narvar.com *.narvar.qa store.paradoxlabs.com maps.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.getbread.com *.breadpayments.com *.rbcpayplan.com x.klarnacdn.net *.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com *.kaptcha.com s7.addthis.com *.visualwebsiteoptimizer.com *.mida.so *.omniconvert.com *.convertexperiments.com *.metrics.convertexperiments.com *.liadm.com *.getgobot.com solutions.invocacdn.com v2.zopim.com static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com *.trustpilot.com bat.bing.com button.aftership.com *.criteo.com *.criteo.net *.klaviyo.com *.attn.tv *.doubleclick.net acsbapp.com *.wistia.com *.wistia.net *.steelhousemedia.com *.mouseflow.com *.sharethis.com js-agent.newrelic.com *.nr-data.net *.zendesk.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.adroll.com www.googleoptimize.com pnapi.invoca.net *.yieldify.com *.noibu.com *.lordoftheentertainingostriches.com *.katapult.com *.sirv.com *.howuku.com *.authorize.net maps.googleapis.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.klarnacdn.net https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.mida.so *.omniconvert.com *.convertexperiments.com *.metrics.convertexperiments.com js.klevu.com *.klaviyo.com *.sharethis.com maxcdn.bootstrapcdn.com wss://*.hotjar.com fonts.googleapis.com *.katapult.com x.klarnacdn.net *.trustpilot.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com blob: embedwistia-a.akamaihd.net *.zendesk.com *.zdassets.com *.narvar.com *.narvar.qa 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.getbread.com *.breadpayments.com *.rbcpayplan.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.kaptcha.com ekr.zdassets.com/ *.mida.so *.omniconvert.com *.convertexperiments.com *.metrics.convertexperiments.com *.liadm.com *.criteo.com *.getgobot.com *.googlesyndication.com *.attentivemobile.com *.invoca.net *.yieldify.com *.dc.yieldify.com *.yieldify-production.com *.zopim.com wss://widget-mediator.zopim.com static.zdassets.com ekr.zdassets.com *.google.com *.acsbapp.com *.doubleclick.net *.klaviyo.com https://bt.signifyd.com:11103/ *.signifyd.com:11103 *.paypal.com *.paypalobjects.com *.wistia.com *.litix.io *.akamaihd.net bat.bing.com *.trustpilot.com *.sharethis.com *.nr-data.net *.mouseflow.com *.attn.tv maps.googleapis.com *.zendesk.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.adroll.com *.lordoftheentertainingostriches.com *.noibu.com wss://*.noibu.com zendesk-eu.my.sentry.io fonts.googleapis.com *.breadgateway.net *.howuku.com *.klarnauserservices.com *.authorize.net *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src vimeo.com *.vimeocdn.com *.getbread.com *.klarna.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 script-src https: 'strict-dynamic' 'report-sample' 'nonce-zIxo/hAfdKyF0tQ17f7WmHUpEbrCrw7JLga2g7rPMbM='; base-uri 'self';report-to csp-endpoint 1 default-src 'self'; script-src 'self' https://www.googletagmanager.com; script-src-elem 'self' https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net; font-src 'self' https://use.typekit.net https://p.typekit.net; img-src * 'self' data:; 1 script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' ltoh41-fmgbjh75j6hc.cloudmaestro.com www.googletagmanager.com 5c2z2n-fmgbjh75j6hc.cloudmaestro.com translate.google.com script.hotjar.com js.hs-banner.com js.hscollectedforms.net js.hs-analytics.net js.usemessages.com webscalehelp.zendesk.com static.hotjar.com www.google-analytics.com js.hs-scripts.com tags.srv.stackadapt.com translate.googleapis.com js.hsforms.net translate-pa.googleapis.com *.hotjar.com *.hs-banner.com *.hs-analytics.net *.hsforms.com *.googleapis.com *.srv.stackadapt.com; report-uri /.webscale/csp-report 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: jedonnemonavis.numerique.gouv.fr *.doubleclick.net *.gstatic.com server.seadform.net *.adform.net www.youtube.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 object-src 'none';base-uri 'self';script-src 'nonce-NibF7aWnIheEUUp1g5pMnQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src 'self' 'unsafe-eval' chrome-extension: https://mc.yandex.ru https://yastatic.net https://code.jquery.com https://pn.ru https://cdn.sendpulse.com https://dsp.setl.ru https://app.uiscom.ru https://www.googletagmanager.com https://smartcallback.ru 'unsafe-inline' 'unsafe-inline' https://api-maps.yandex.ru https://www.google-analytics.com 127.0.0.1:8182 127.0.0.1:8888 127.0.0.1:5005; frame-src 'self' https://spbrealty.ru chrome-extension: https://pn.ru https://mc.yandex.ru https://server.comagic.ru https://mc.yandex.md https://td.doubleclick.net; object-src 'self'; report-uri /cspreportonly; 1 object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' https://static.hotjar.com https://script.hotjar.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.googletagmanager.com https://snap.licdn.com https://googleads.g.doubleclick.net https://maps.googleapis.com unpkg.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'self'; report-uri https://www.vopak.com/cspreport 1 object-src 'none';base-uri 'self';script-src 'nonce-aqCCMhupVQuDrHrIvQheKQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' ; script-src 'unsafe-eval' 'unsafe-inline' 'self' player.vimeo.com youtube-nocookie.com youtube.com google-analytics.com googletagmanager.com connect.facebook.net https:;; object-src 'none'; style-src 'unsafe-inline' 'self' googletagmanager.com https:;; img-src 'self' data: https:;; media-src 'self' player.vimeo.com youtube-nocookie.com https:;; frame-src 'self' player.vimeo.com youtube-nocookie.com https:;; frame-ancestors 'self'; child-src 'self' player.vimeo.com youtube-nocookie.com https:;; font-src 'self' data: https:;; connect-src 'self' player.vimeo.com youtube-nocookie.com https:;; report-uri /report-csp-violation 1 default-src 'self'; style-src 'self' 'unsafe-inline' *.corelogic.com https://code.jquery.com/ https://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com/; font-src 'self' https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/ https://ka-f.fontawesome.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.corelogic.com https://code.jquery.com/ https://www.google-analytics.com/analytics.js https://gateway.foresee.com/ http://gateway.foresee.com/ https://www.googletagmanager.com/ https://content.realquest.com/ https://maxcdn.bootstrapcdn.com/ https://h.online-metrix.net/; img-src 'self' data: *.googleapis.com *.google-analytics.com *.online-metrix.net *.corelogic.com https://gateway.foresee.com/ https://maps.gstatic.com/ https://www.google.com/ https://code.jquery.com/ https://content.realquest.com/ https://www.googletagmanager.com/ https://dummyimage.com/ https://lh3.ggpht.com/; connect-src 'self' *.google-analytics.com *.realquest.com https://stats.g.doubleclick.net/ https://maps.googleapis.com/ https://ka-f.fontawesome.com/; frame-src 'self' *.online-metrix.net *.opendns.com *.realquest.com https://play.vidyard.com/ https://players.brightcove.net/; object-src 'none'; frame-ancestors 'self';report-uri /csp/report-uri; 1 object-src 'none';base-uri 'self';script-src 'nonce-9HW9VEFEr2GWvUU5p3Ho_A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 img-src https: data:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline' 1 default-src 'none'; child-src https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; object-src 'self' blob:; img-src 'self' data: https:; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https:; font-src 'self' data: https://*.cloudfront.net *.googleapis.com https://fonts.gstatic.com https://use.typekit.net https://static.olark.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://at.alicdn.com https://www.slant.co; media-src 'self' https://*.cloudfront.net https://storage.googleapis.com https://static.olark.com; connect-src 'self' https:; report-uri https://o115950.ingest.sentry.io/api/4504318134124545/csp-report/?sentry_key=9c71d70b1ee74ce3aa4d0d9c04d772a1&sentry_environment=production&sentry_release=df592a66 1 object-src 'none';base-uri 'self';script-src 'nonce-7Oxf4cYWPyFtOOGljjTCHQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 img-src https://higherlogicdownload.s3.amazonaws.com/AHEAD/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AHEAD/ https://img.youtube.com/vi/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/AHEAD/ https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ fonts.googleapis.com https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AHEAD/ https://higherlogicdownload.s3.amazonaws.com/AHEAD/ https://higherlogiclongterm.s3.amazonaws.com/AHEAD/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ higherlogiccloudfront.s3.amazonaws.com fonts.googleapis.com https://higherlogicdownload.s3.amazonaws.com/AHEAD/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AHEAD/ 'self' https://higherlogiclongterm.s3.amazonaws.com/AHEAD/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; media-src https://higherlogiclongterm.s3.amazonaws.com/AHEAD/ https://higherlogicdownload.s3.amazonaws.com/AHEAD/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AHEAD/ https://higherlogicstream.s3.amazonaws.com/AHEAD/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/AHEAD/ https://higherlogicdownload.s3.amazonaws.com/AHEAD/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d132x6oi8ychic.cloudfront.net cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AHEAD/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; script-src-elem https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d3uf7shreuzboy.cloudfront.net/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; worker-src 'self'; frame-src https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; default-src 'self'; base-uri 'self'; connect-src 'self' hl-managedservices.informz.net; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 1 font-src *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.gstatic.com cdn.jsdelivr.net https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.stripe.com stripe.com 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.kameleoon.eu *.hotjar.com *.iadvize.com *.vimeo.com *.doubleclick.net *.facebook.com *.linkeo.com gjigle.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.kameleoon.eu *.avis-verifies.com *.netreviews.eu *.linkedin.com *.bing.com https://*.google.com *.google.fr *.facebook.com *.pexels.com *.ownpage.fr *.editions-legislatives.fr cdn.jsdelivr.net https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com 'self' data: data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.kameleoon.eu *.tiqcdn.com *.linkeo.com *.licdn.com *.gstatic.com *.hotjar.com *.facebook.net *.bing.com *.avis-verifies.com *.doubleclick.net *.google.com https://*.ggpht.com *.googletagmanager.com *.iadvize.com *.appdynamics.com deploytealium.com *.privacy-center.org *.link-page.info *.ownpage.fr *.tealiumiq.com notifpush.com cdn.jsdelivr.net s7.addthis.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src cdn.jsdelivr.net https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.kameleoon.eu *.eum-appdynamics.com *.iadvize.com *.hotjar.com *.hotjar.io *.googleapis.com *.tealiumiq.com notifpush.com *.editions-legislatives.fr ekr.zdassets.com/ https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://get.geojs.io *.avada.io t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' https://cms.robotiq.com; connect-src 'self' data: https://www.googleapis.com http://maps.googleapis.com embedwistia-a.akamaihd.net *.hubspot.com *.hsforms.com *.litix.io *.wistia.com https://graph.facebook.com https://www.linkedin.com http://mwsserver.com/ https://cms.robotiq.com; font-src 'self' data: fonts.gstatic.com *.wistia.com http://mwsserver.com/; img-src 'self' data: *; media-src 'self' data: blob: *.wistia.com embedwistia-a.akamaihd.net http://mwsserver.com/; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' *.wistia.com *.wistia.net *.litix.io *.hsforms.net *.hsforms.com *.hubspot.com *.hscta.net https://maps.googleapis.com *.googletagmanager.com *.google-analytics.com api.usemessages.com *.hs-scripts.com intelligenc.es *.hs-analytics.net *.linkedin.com *.crazyegg.com http://mwsserver.com/ *.google.com/ *.gstatic.com/ https://unpkg.com/@google/model-viewer/; style-src 'self' 'unsafe-inline' fonts.googleapis.com; child-src blob: *.wistia.com http://mwsserver.com/; frame-src https://s3.amazonaws.com/ *.wistia.com https://forms.hubspot.com/ https://forms.hsforms.com/ http://mwsserver.com/; 1 object-src 'none';base-uri 'self';script-src 'nonce-ZmQnaKKE09f1vYWTfGNgRw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'none'; form-action 'none'; frame-ancestors 'none'; report-uri https://3chillies.report-uri.com/r/d/csp/wizard 1 font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.authorize.net *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.authorize.net *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com checkout.sezzle.com sandbox.checkout.sezzle.com tracking.sezzle.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com media.sezzle.com maps.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io * *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com checkout-sdk.sezzle.com sandbox.checkout-sdk.sezzle.com widget.sezzle.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com maps.googleapis.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io * *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com gateway.sezzle.com sandbox.gateway.sezzle.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 script-src 'unsafe-hashes' 'sha256-5lSQFTOMNNoGBLbrC6eUxpYeuyBQW52hLO9rR85ASEA=' https: http: 'nonce-+MAbnEPkagXyix78AzbAE2NoLTrph4Fx/pY7hqW+PY4=' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic';object-src 'none';frame-ancestors 'none';base-uri 'none';report-uri /api/csp-report 1 object-src 'none';base-uri 'self';script-src 'nonce-_BiofP5g57HKB8IBuY5lig' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src * data: 'unsafe-inline' 'unsafe-eval'; block-all-mixed-content; report-uri /nelmio/csp/report 1 default-src 'self' *.microsoftonline.com www.google-analytics.com *.aristotle.com www.visapac.com cdn.jsdelivr.net; img-src data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net; form-action 'self' *.microsoftonline.com; object-src 'none'; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: use.typekit.net *.facebook.com *.googleadservices.com *.linkedin.com *.googleapis.com www.google-analytics.com app.sharelinktechnologies.com www.google.com.au *.gstatic.com www.googletagmanager.com adservice.google.com *.doubleclick.net *.hub24.com.au *.licdn.com www.google.com *.facebook.net pi.pardot.com analytics.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 default-src 'none'; script-src 'self'; script-src-elem 'self' 'unsafe-inline' connect.facebook.net dtm-dre.platform.hicloud.com s.adroll.com sc.lfeeder.com snap.licdn.com trk.adbutter.net widget.intercom.io www.googleoptimize.com www.googletagmanager.com js.intercomcdn.com www.google.com cdn.segment.com www.gstatic.com www.google-analytics.com www.redditstatic.com cdn.mxpnl.com d.adroll.com static.hotjar.com script.hotjar.com sc-static.net static.ads-twitter.com; script-src-attr 'unsafe-inline'; style-src 'self'; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com; style-src-attr 'unsafe-inline'; img-src * 'self' data:; font-src 'self' data: fonts.intercomcdn.com cdn.bayzat.com fonts.gstatic.com static.codat.io; connect-src 'self' api-iam.intercom.io wss://nexus-websocket-a.intercom.io region1.google-analytics.com api.bayz.at api.segment.io cdn.linkedin.oribi.io cdn.segment.com stats.g.doubleclick.net in.hotjar.com vc.hotjar.io; media-src js.intercomcdn.com; frame-src www.google.com vars.hotjar.com; frame-ancestors 'self'; form-action 'self'; base-uri 'self'; manifest-src 'self'; report-uri https://bayzat.report-uri.com/r/t/csp/wizard; report-to default 1 font-src fonts.gstatic.com *.gstatic.com data: fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com cdn.trustami.com widgets.trustedshops.com *.yotpo.com assets.bounceexchange.com events.bouncex.net use.fontawesome.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.cookielaw.org *.facebook.net *.pinimg.com assets.bounceexchange.com events.bouncex.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.weltpixel.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com assets.bounceexchange.com track2.trbo.com ad4m.at ad4mat.net pixel.bsmartdata.com bid.g.doubleclick.net secure.pay1.de https://payments.amazon.de *.google.com t.adcell.com googleads.g.doubleclick.net *.google.de *.google.com.de *.facebook.com *.braintreegateway.com *.kaptcha.com *.doubleclick.net calendly.com *.pinterest.com *.authorize.net events.bouncex.net *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com www.feedoptimise.com cdn.feedoptimise.com http://img.riskified.com/ https://beacon.flow.io/ https://cdn.flow.io/ https://flowcdn.io/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com api.bounceexchange.com hello.zonos.com *.pinterest.com google.com www.google.com.ua cdn.trustami.com *.trbo.com *.google.com *.billiger.de bat.bing.com c.bing.com www.googletagmanager.com widgets.trustedshops.com app.usercentrics.eu *.doubleclick.net ad4m.at piwik.seoswisswirtz.ch www.lampenonline.de ih.adscale.de business.trustedshops.de *.adform.net *.cloudfront.net cdn.klarna.com https://payments.amazon.de marketing.net.idealopartner.com billiger.de t.adcell.com www.gstatic.com *.google.de *.google.com.de *.adition.com *.magentocommerce.com *.clarity.ms e.cdnwidget.com assets.bounceexchange.com events.bouncex.net media.sailthru.com cdn.cookielaw.org *.cdninstagram.com *.fbcdn.net www.xtento.com cdn.xtento.com *.yotpo.com swellrewards.com *.swellrewards.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.feedoptimise.com cdn.feedoptimise.com http://cdn.flow.io/ https://cdn.flow.io/ http://beacon.riskified.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com tag.wknd.ai assets.bounceexchange.com api.bounceexchange.com t.adcell.com rns.matelso.de *.google.com www.gstatic.com googleads.g.doubleclick.net cdn.trustami.com widgets.trustedshops.com static.trbo.com piwik.seoswisswirtz.ch app.usercentrics.eu www.adcell.de app.trustami.com bat.bing.com www.billiger.de api.trbo.com ad4m.at *.adform.net www.ad4mat.de r.df-srv.de *.payments-amazon.com https://payments.amazon.de cdn.klarna.com secure.pay1.de *.jquery.com hello.zonos.com *.sail-horizon.com *.pinimg.com *.pingdom.net *.iglobalstores.com pinterest.com *.newrelic.com *.nr-data.net *.calendly.com *.cookielaw.org *.adobedtm.com *.onetrust.com *.clarity.ms cdn.attn.tv events.bouncex.net https://www.googletagmanager.com tagmanager.google.com ajax.googleapis.com *.instagram.com js.go2sdk.com www.xtento.com cdn.xtento.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com unsafe-inline assets.braintreegateway.com maxcdn.bootstrapcdn.com cdn.trustami.com https://payments.amazon.de assets.bounceexchange.com events.bouncex.net tagmanager.google.com *.yotpo.com swellrewards.com *.swellrewards.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://api.flow.io/ https://c.riskified.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com hello.zonos.com *.pinterest.com *.sail-personalize.com *.pingdom.net api.usercentrics.eu rns.matelso.de graphql.usercentrics.eu *.amazon.com https://payments.amazon.de *.doubleclick.net t.adcell.com *.trustedshops.com *.etrusted.com *.sail-track.com *.nr-data.net *.cookielaw.org *.clarity.ms geolocation.onetrust.com data.cdnbasket.net page.cdnbasket.net view.cdnbasket.net ids.cdnwidget.com privacyportal.onetrust.com maps.googleapis.com image.cdnbasket.net events.attentivemobile.com assets.bounceexchange.com events.bouncex.net ss.chilewich.com analytics.google.com https://www.google-analytics.com *.instagram.com *.googleusercontent.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self'; img-src 'self' data: http: https: *.fia-tech.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' http: https: fonts.googleapis.com; font-src 'self' data: http: https: fonts.googleapis.com themes.googleusercontent.com; 1 font-src *.gstatic.com data: *.googleapis.com fonts.googleapis.com fonts.gstatic.com *.stape.io *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cookiebot.com business.facebook.com libs.hipay.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.stape.io c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com www.google.com www.google.it *.cookiebot.com business.facebook.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net *.stape.io flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.matomo.cloud *.cookiebot.com business.facebook.com cdn.lordicon.com chimpstatic.com js-agent.newrelic.com bam.nr-data.net secure-gateway.hipay-tpp.com mpsnare.iesnare.com libs.hipay.com downloads.mailchimp.com *.list-manage.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.googletagmanager.com *.doubleclick.net *.stape.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com libs.hipay.com downloads.mailchimp.com *.googleapis.com *.googletagmanager.com *.stape.io *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google.com stats.g.doubleclick.net googleads.g.doubleclick.net *.google-analytics.com *.googlesyndication.com *.matomo.cloud *.analytics.tiktok.com business.facebook.com cdn.lordicon.com stage-data.hipay.com bam.nr-data.net *.doubleclick.net *.stape.io www.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 script-src https: 'strict-dynamic' 'report-sample' 'nonce-YJgvQDV3FRzo2Jorx4N6nU6OWjAifuy+BqXNOoxNLOo='; base-uri 'self';report-to csp-endpoint 1 default-src 'self' wss://ws23.hotjar.com/ https://www.google-analytics.com https://sdir-p-cdnep-apsminsidesjofolk.azureedge.net https://sdir-p-apim-common.azure-api.net https://sdirpstapplication.blob.core.windows.net https://portal.sjofartsdir.no https://api.pirsch.io; script-src https://www.google-analytics.com https://static.hotjar.com https://sdir-p-cdnep-apsminsidesjofolk.azureedge.net https://sdir-p-cdnep-minsidefartoy.azureedge.net https://sdir-p-cdnep-apsminsidekvalifikasjoner.azureedge.net https://sdir-p-cdnep-etingportal.azureedge.net https://sdir-p-cdnep-paymentportal.azureedge.net https://api.pirsch.io 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample'; style-src 'self' 'unsafe-inline' https://sdir-p-cdnep-apsminsidesjofolk.azureedge.net https://sdir-p-cdnep-minsidefartoy.azureedge.net https://sdir-p-cdnep-apsminsidekvalifikasjoner.azureedge.net https://sdir-p-cdnep-etingportal.azureedge.net https://sdir-p-cdnep-paymentportal.azureedge.net 'report-sample'; img-src 'self' https://www.google.no https://www.google.com data: blob:; frame-src 'self' https://sdir-p-apim-common.azure-api.net; report-uri https://gate.rapidsec.net/g/r/csp/935437bd-15fd-48dc-ab1d-930a31146380/0/1/3?sct=4bd0bb63-fc90-40ff-bb6c-4baa452152ba&dpos=report 1 object-src 'none';base-uri 'self';script-src 'nonce-HX-C5FZTPMl_TLaO0fFmXQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 report-uri /Api/CspReport; report-to csp-endpoint; default-src 'self' 'unsafe-inline'; frame-ancestors 'self'; object-src 'self' *.youtube.com; media-src 'self' *.youtube.com data:; connect-src 'self' *.google-analytics.com *.paypal.com www.facebook.com bat.bing.com *.doubleclick.net *.google.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com; font-src 'self' *.googleapis.com *.gstatic.com *.paypalobjects.com; frame-src 'self' *.facebook.com *.paypalobjects.com *.paypal.com *.youtube.com *.youtube-nocookie.com *.google.com *.amazon.com; img-src 'self' *.googletagmanager.com *.googleapis.com *.gstatic.com *.google-analytics.com *.ytimg.com *.paypal.com *.facebook.com *.fbcdn.net *.youtube.com *.googleadservices.com *.ssl-images-amazon.com bat.bing.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com *.gstatic.com *.google-analytics.com *.googleadservices.com *.facebook.net *.facebook.com *.paypalobjects.com *.paypal.com *.loginwithamazon.com *.google.com bat.bing.com *.affirm.com; 1 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/chrome-cloudcast 1 block-all-mixed-content; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.onet.pl::R_APROD_3_8_0 1 object-src 'none';base-uri 'self';script-src 'nonce-EKkps1YjlIQDnmM4FDQGmw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' blob:; base-uri 'self'; connect-src 'self' api2.raisin.co.uk api2.raisin.com about: *.sentry.io content.hotjar.io 1531320666.rsc.cdn77.org api.clean-blocker.com api.video-adblock.com bam.nr-data.net cdn.raisin.co.uk *.kaspersky-labs.com *.google.com tr.outbrain.com www.google.ca www.google.co.id www.google.co.il www.google.co.nz www.google.co.th www.google.co.tz www.google.co.uk www.google.co.za www.google.com www.google.com.au www.google.com.br www.google.com.mx www.google.com.my www.google.com.ph www.google.com.sg www.google.de www.google.ee www.google.es www.google.fr www.google.ie www.google.it www.google.jo www.google.lk www.google.pl www.google.pt www.google.ro www.google.se logger.service.usercentrics.eu consent-api.service.consent.usercentrics.eu service-proxy-logger-wfcmkywozq-ey.a.run.app www.google-analytics.com ws6.hotjar.com www.raisin.co.uk www.googletagmanager.com ws44.hotjar.com api.smooch.io bat.bing.com in.hotjar.com collector.raisin.com region1.google-analytics.com stats.g.doubleclick.net pagestates-tracking.crazyegg.com assets-tracking.crazyegg.com vc.hotjar.io tracking.crazyegg.com www.facebook.com raisinuk.zendesk.com api.usercentrics.eu app.launchdarkly.com clientstream.launchdarkly.com ekr.zdassets.com events.launchdarkly.com privacy-proxy.usercentrics.eu api.weltsparen.de api.raisin.co.uk raisin-api.exponea.com script.crazyegg.com bam.eu01.nr-data.net com-raisin-prod1.mini.snplow.net graphql.usercentrics.eu aggregator.service.usercentrics.eu raisin-eu.zendesk.com static.zdassets.com s3.eu-central-1.amazonaws.com auth.raisin.co.uk sdk-tracing.exponea.com *.google.com translate.googleapis.com api2.weltsparen.de; font-src about: 'self' pouch-global-font-assets.s3.eu-central-1.amazonaws.com account.affilitizer.com themes.googleusercontent.com at.alicdn.com script.hotjar.com data: www.raisin.co.uk fonts.gstatic.com cdn.raisin.co.uk www.raisin.co.uk in.hotjar.com; frame-ancestors 'self'; frame-src 'self' td.doubleclick.net aax-eu.amazon-adsystem.com www.youtube.com xg.nsgltd.com app.usercentrics.eu auth.weltsparen.de online-acquisition-pw-public-assets.s3.eu-central-1.amazonaws.com www.raisin.co.uk vars.hotjar.com auth.raisin.co.uk aax-eu.amazon-adsystem.com tpc.googlesyndication.com www.linkbux.com eu-app.contentstack.com; img-src *; manifest-src 'self'; media-src 'self' data: www.raisin.co.uk; object-src 'none'; report-uri /_/reports; script-src 'self' about: 'unsafe-inline' 'unsafe-eval' bam.eu01.nr-data.net bat.bing.com c.amazon-adsystem.com connect.facebook.net d1y068gyog18cq.cloudfront.net data1.bmi-result.com data1.howlogin.me *.kaspersky-labs.com 'unsafe-inline' js-agent.newrelic.com *.usercentrics.eu raisin-api.exponea.com script.crazyegg.com static.zdassets.com tpc.googlesyndication.com *.outbrain.com www.google.com www.googleadservices.com www.googletagmanager.com *.raisin.co.uk www.google-analytics.com connect.facebook.net cdn.raisin.co.uk bat.bing.com cdn.raisin.bank d1y068gyog18cq.cloudfront.net www.google-analytics.com amplify.outbrain.com tr.outbrain.com js.hs-scripts.com s.d.adup-tech.com webanalytics.btelligent.net js.hs-analytics.net connect.facebook.net js.hs-banner.com tr.outbrain.com blob: snap.licdn.com app.usercentrics.eu privacy-proxy.usercentrics.eu raisin-api.exponea.com static.zdassets.com www.googletagmanager.com static.hotjar.com script.hotjar.com js-agent.newrelic.com bam.eu01.nr-data.net script.crazyegg.com www.raisin.co.uk cdnjs.cloudflare.com wave.outbrain.com; style-src 'self' 'unsafe-inline' cdn.raisin.co.uk cdn.jsdelivr.net fonts.googleapis.com *.kaspersky-labs.com translate.googleapis.com www.raisin.co.uk cdnjs.cloudflare.com 1 object-src 'none';base-uri 'self';script-src 'nonce-nSvQ8xhHkqDnD3eHRxTfSQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-UWvUqTgggKhf1ct19QzyAQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: data.amped.io imgs.signifyd.com content.hotjar.io *.onetrust.com adservice.google.com www.google.com *.tvsquared.com maxcdn.bootstrapcdn.com *.mookie1.com events.tryamped.com region1.analytics.google.com cdn-loyalty.yotpo.com *.criteo.com *.gstatic.com www.viviscal.com data.tryamped.com *.pinimg.com cdnjs.cloudflare.com p.typekit.net *.facebook.com *.pinterest.com www.google.ca *.doubleclick.net *.bazaarvoice.com staticw2.yotpo.com api.subscribepro.com loyalty.yotpo.com *.igodigital.com assets.braintreegateway.com *.tiktok.com p.yotpo.com vc.hotjar.io app.amped.io baoyrdvw77cqt7lzaragzaeuqa0iyefu.lambda-url.us-east-1.on.aws settings.luckyorange.net use.fontawesome.com cdn.cquotient.com tag.tapad.com client-analytics.braintreegateway.com p.cquotient.com bat.bing.com *.paypal.com tags.w55c.net cdn-widgetsrepository.yotpo.com aacdn.nagich.com *.optimizely.com um.simpli.fi cdn.tapad.app *.online-metrix.net amped-prod-uploadsc5d9e923-stnmnwldfzjn.s3.amazonaws.com ib.adnxs.com *.hotjar.com js.braintreegateway.com use.typekit.net cdn-scripts.signifyd.com www.google.com.sa *.adsrvr.org *.amazon-adsystem.com www.googletagmanager.com analytics.google.com cdn.cookielaw.org cddv3p.digitaltargetonline.com cdn-swell-assets.yotpo.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 font-src fonts.googleapis.com fonts.gstatic.com *.gstatic.com 'self' data: https://widgets.trustedshops.com https://integrations.etrusted.com *.tradetracker.net *.tradetracker.com *.hotjar.com *.kickbite.io *.useinsider.com *.trackedlink.net *.ftz.io *.fitizzy.com *.xandres.com *.geojs.io data: 'self' 'unsafe-inline'; form-action www.facebook.com sc-static.net *.onetrust.com *.useinsider.com *.cookiepro.com *.doubleclick.net tr.snapchat.com *.tradetracker.net *.tradetracker.com *.hotjar.com *.kickbite.io *.trackedlink.net *.ftz.io *.fitizzy.com *.xandres.com *.geojs.io 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com js.mollie.com www.google.com *.weltpixel.com *.hotjar.com www.facebook.com *.criteo.com view.publitas.com sc-static.net *.eu.freshchat.com *.eu.webpush.freshchat.com static.criteo.net *.onetrust.com *.useinsider.com *.cookiepro.com *.doubleclick.net tr.snapchat.com getflowbox.com app.acuityscheduling.com *.tradetracker.net *.tradetracker.com *.kickbite.io *.pinterest.com *.mollie.com *.trackedlink.net *.ftz.io *.fitizzy.com xandres-help.freshchat.com *.xandres.com *.geojs.io *.adform.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com maps.googleapis.com maps.gstatic.com https://www.mollie.com https://api.mapbox.com 'self' data: https://widgets.trustedshops.com https://integrations.etrusted.com *.doubleclick.net *.cdninstagram.com www.google.be connect.facebook.net www.facebook.net connect.facebook.com www.facebook.com ct.pinterest.com *.pinterest.com *.adform.net *.yieldmo.com *.smaato.net *.rubiconproject.com *.outbrain.com *.bidswitch.net *.adnxs.com *.teads.tv *.yahoo.com *.casalemedia.com *.contextual.media.net *.smartadserver.com *.360yield.com *.openx.net *.pubmatic.com *.taboola.com *.3lift.com *.advertising.com *.adscale.de *.omnitagjs.com *.criteo.com *.socdm.com *.yieldlab.net *.mail.ru *.cloudfront.net *.mollie.com *.ivitrack.com *.media.net *.sharethrough.com ade.clmbtech.com cm.mgid.com sync.e-planning.net ads.stickyadstv.com i.liadm.com ad.sxp.smartclip.net pixel.tapad.com dpm.demdex.net tags.bluekai.com s.thebrighttag.com a.twiago.com sync-tm.everesttech.net idsync.rlcdn.com cdn.stickyadstv.com sync.ad-stir.com jadserve.postrelease.com *.onetrust.com *.useinsider.com *.cookiepro.com bat.bing.com tr.snapchat.com *.getflowbox.com *.wisepops.com *.tradetracker.net *.tradetracker.com *.hotjar.com *.kickbite.io *.google-analytics.com *.analytics.google.com *.trackedlink.net *.xandres.com *.ftz.io *.fitizzy.com *.geojs.io data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com player.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com s7.addthis.com js.mollie.com *.google.com www.gstatic.com *.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com *.elfsight.com connect.facebook.net connect.facebook.com *.hotjar.com *.pinimg.com *.trackedlink.net *.sumo.com *.criteo.net *.criteo.com *.wisepops.com view.publitas.com sc-static.net wchat.eu.freshchat.com assetscdn-wchat.eu.freshchat.com *.eu.webpush.freshchat.com *.onetrust.com *.useinsider.com *.cookiepro.com *.doubleclick.net bat.bing.com embed.acuityscheduling.com *.getflowbox.com *.tiktok.com *.tradetracker.net *.tradetracker.com *.kickbite.io *.mollie.com *.ftz.io *.fitizzy.com d5yoctgpv4cpx.cloudfront.net vimeo.com xandres-help.freshchat.com *.xandres.com *.geojs.io *.adform.net connect.getflowbox.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.googleapis.com *.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com fonts.gstatic.com embed.acuityscheduling.com *.getflowbox.com *.useinsider.com *.wisepops.com wchat.eu.freshchat.com assetscdn-wchat.eu.freshchat.com *.tradetracker.net *.tradetracker.com *.hotjar.com *.kickbite.io *.trackedlink.net *.ftz.io *.fitizzy.com xandres-help.freshchat.com *.xandres.com *.geojs.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.vimeo.com ekr.zdassets.com/ autocomplete2.postdirekt.de t.elasticsuite.io *.google-analytics.com *.trustedshops.com *.etrusted.com apps.elfsight.com *.analytics.google.com maps.googleapis.com *.doubleclick.net ct.pinterest.com *.hotjar.com wss://*.hotjar.com *.hotjar.io sumo.com api.instacloud.io *.wisepops.com cicptqmkej.execute-api.eu-west-1.amazonaws.com *.onetrust.com *.useinsider.com *.cookiepro.com *.getflowbox.com *.tiktok.com *.tradetracker.net *.tradetracker.com *.kickbite.io *.trackedlink.net *.ftz.io *.fitizzy.com rkkck31tec.execute-api.eu-central-1.amazonaws.com *.xandres.com *.geojs.io *.adform.net connect.getflowbox.com 9mn3sm7015.execute-api.eu-west-1.amazonaws.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-_vimbZzG9yiCI87f7Y7suA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 worker-src blob:; font-src https://*.datatrics.com https://fonts.gstatic.com https://searchserverapi.com *.fontawesome.com maxcdn.bootstrapcdn.com www.searchanise.com *.searchserverapi.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://*.facebook.com https://*.googleapis.com https://searchserverapi.com *.cardinalcommerce.com *.paypal.com www.searchanise.com *.searchserverapi.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.sharethis.com https://*.dialogflow.com https://*.doubleclick.net https://*.facebook.com https://*.hotjar.com https://searchserverapi.com https://*.sharethis.com https://*.snapchat.com *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com www.searchanise.com *.searchserverapi.com *.twitter.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.sharethis.com https://*.datatrics.com https://*.examenoverzicht.nl https://*.facebook.com https://*.facebook.net https://*.google.com https://*.google.nl https://*.g.doubleclick.net https://*.privacysandbox.googleadservices.com https://*.googletagmanager.com https://*.gstatic.com https://*.pay.nl https://*.reddit.com https://*.sharethis.com https://searchserverapi.com https://*.snapchat.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.twitter.com *.twimg.com www.google.com www.google.ru www.searchanise.com *.searchserverapi.com s3.amazonaws.com www.magmodules.eu *.squeezely.tech ts.tradetracker.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com https://cdn.amplitude.com https://*.aptrinsic.com https://*.cloudflareinsights.com https://*.datatrics.com https://*.facebook.com https://*.facebook.net https://*.google.com https://*.google.nl https://*.googleadservices.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.googleapis.com https://sc-static.net https://*.googlesyndication.com https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.jsdelivr.net https://*.redditstatic.com https://searchserverapi.com https://*.sharethis.com https://*.snapchat.com https://*.tiktok.com https://*.youtube.com *.google.com/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com *.searchserverapi.com *.searchanise.com api.amplitude.com *.twitter.com *.twimg.com squeezely.tech www.squeezely.tech *.squeezely.tech tm.tradetracker.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com https://*.datatrics.com https://*.googleapis.com https://searchserverapi.com https://*.sharethis.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline www.searchanise.com *.searchserverapi.com searchanise-ef84.kxcdn.com s3.amazonaws.com *.twitter.com ton.twimg.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com https://*.datatrics.com https://*.examenoverzicht.nl https://*.exovdev.nl https://*.exovtest.nl https://*.facebook.com https://*.feedbackcompany.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.googleapis.com https://*.google.com https://*.googlesyndication.com https://*.hotjar.com https://*.hotjar.io https://*.pangle-ads.com https://*.sharethis.com https://*.snapchat.com https://*.tiktok.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com api.amplitude.com stats.g.doubleclick.net squeezely.tech *.squeezely.tech 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src https:; form-action https:; script-src 'self' 'unsafe-inline' chat.isac.org livechat.isac.org ajax.googleapis.com ssl.google-analytics.com code.highcharts.com cdn.datatables.net connect.facebook.net c0cre132.caspio.com secure.wufoo.com www.wufoo.com www.gstatic.com w.sharethis.com/button/buttons.js static.ctctcdn.com/js/signup-form-widget/current/signup-form-widget.min.js cdnjs.cloudflare.com/ajax/libs/underscore.js/1.8.3/underscore-min.js public.tableau.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com static.ctctcdn.com/js/signup-form-widget/current/signup-form-widget.css c0cre132.caspio.com; img-src 'self' www.collegechangeseverything.org edfinancial.com ssl.google-analytics.com stats.g.doubleclick.net www.facebook.com chat.isac.org livechat.isac.org c0cre132.caspio.com; script-src-elem www.google.com/recaptcha/api.js; report-uri https://7e62cb02868e6169a2cec70f696ffb38.report-uri.com/r/d/csp/reportOnly 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.ideadigitalcontent.com *.marketo.com files.survalyzer.swiss *.facebook.com ideadigitalasset.com *.msecnd.net *.mktoresp.com *.azureedge.net www.cooper-electric.com *.gstatic.com *.facebook.net t.contentsquare.net www.googletagmanager.com go.cooper-electric.com dc.services.visualstudio.com k-us1.az.contentsquare.net www.google-analytics.com cdn.jsdelivr.net *.googleapis.com survalyzer.survalyzer.swiss *.cloudfront.net nexus.ensighten.com media.distributordatasolutions.com runtimeapi.survalyzer-swiss.app *.adsrvr.org analytics.formstack.com c.az.contentsquare.net p.brsrvr.com cdns.brsrvr.com soneparusa.formstack.com munchkin.marketo.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 object-src 'none';base-uri 'self';script-src 'nonce-X-et9eT8JW3FTZ2QIh8YoA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.co.uk *.adsrvr.org epson.ca ib.adnxs.com *.tiktok.com cdn.jsdelivr.net *.ads-twitter.com bat.bing.com *.bazaarvoice.com *.goepson.com pi.pardot.com *.casalemedia.com js.cnnx.link *.demdex.net www.google.com.ph ups.analytics.yahoo.com *.twitter.com cdnssl.clicktale.net cdn.cs.1worldsync.com eb2.3lift.com tag-logger.demandbase.com www.google-analytics.com cdn.pricespider.com *.facebook.com *.epson.com www.googletagmanager.com www.google.ca app.qualified.com cdn.honey.io *.tealiumiq.com tag.demandbase.com id.rlcdn.com *.omtrdc.net unpkg.com *.pinterest.com c.clicktale.net *.everesttech.net api.company-target.com js.qualified.com cdnjs.cloudflare.com *.windows.net *.snapchat.com *.googleadservices.com *.openx.net s.yimg.com www.google.com t.co *.googleapis.com segments.company-target.com *.pinimg.com analytics.google.com tiny.superpinkday.com sc-static.net q-aus1.clicktale.net api.mapbox.com www.youtube.com google.com *.doubleclick.net huge.superpinkday.com *.gstatic.com epson.com bam.nr-data.net *.linkedin.com www.google.fr ssl.kaptcha.com s.company-target.com *.facebook.net wss://ws.qualified.com apex-7-adswizz.attribution.adswizz.com ws.cs.1worldsync.com sp.analytics.yahoo.com embeddedcloud.pricespider.com fast.fonts.net tags.tiqcdn.com simage2.pubmatic.com img.youtube.com k-aus1.clicktale.net *.licdn.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 font-src *.fontawesome.com *.klarnacdn.net *.gstatic.com *.klevu.com 'self' data: *.zopim.com *.wpengine.com *.googleapis.com data: blog.aphrodite1994.com *.adyen.com *.adyenpayments.com *.arcot.com *.kbcard.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.adyen.com *.adyenpayments.com *.arcot.com *.kbcard.com https://cedcommerce.com *.facebook.com *.wpengine.com *.googleapis.com *.zopim.com wss://*.zopim.com *.enfuce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.adyenpayments.com *.arcot.com *.kbcard.com *.cookiebot.com https://cedcommerce.com *.google.co.uk *.google.com *.doubleclick.net *.facebook.net *.facebook.com *.vimeo.com *.google-analytics.com *.googleadservices.com *.paypal.com *.paypalobjects.com *.wpengine.com *.googleapis.com *.zopim.com wss://*.zopim.com *.klarnaservices.com *.klarna.com *.zenaps.com *.demdex.net *.hotjar.com *.reviews.co.uk *.pinterest.com *.sendcloud.sc *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.adyen.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.adyenpayments.com *.arcot.com *.kbcard.com *.salesfire.co.uk *.amasty.com/value *.google.com *.google.co.uk *.google.co.in *.googletagmanager.com *.google-analytics.com *.googleapis.com *.facebook.net *.facebook.com *.zopim.com wss://*.zopim.com *.atdmt.com *.pinterest.com *.postcodeanywhere.co.uk *.zenaps.com *.awin1.com *.klarnacdn.net *.klarnaevt.com *.klevu.com *.klarnaservices.com https://payments.amazon.co.uk https://static-eu.payments-amazon.com https://www.facebook.com https://www.google-analytics.com blog.aphrodite1994.com *.doubleclick.net *.everesttech.net *.trackedlink.net *.gravatar.com.net *.bing.com *.aphrodite1994.com aphrodite1994.com 'self' data: *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com www.google-analytics.com *.adyen.com widget.freshworks.com m2epro.freshdesk.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.facebook.net connect.facebook.net graph.facebook.com business.facebook.com https://unpkg.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klarnacdn.net *.salesfire.co.uk *.dwin1.com *.cookiebot.com *.reviews.co.uk *.newrelic.com *.nr-data.net *.klevu.com *.google.co.in *.google.co.uk *.google.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.g.doubleclick.net *.zopim.com *.zdassets.com assets.pinterest.com/ *.playground.klarnaservices.com *.playground.klarnauserservices.com *.pcapredict.com *.postcodeanywhere.co.uk https://eu-library.klarnaservices.com/ *.paypalobjects.com *.wpengine.com blog.aphrodite1994.com http://html5shim.googlecode.com *.zenaps.com *.cloudflareinsights.com *.adyenpayments.com *.arcot.com *.kbcard.com *.hotjar.com *.bing.com *.googleoptimize.com *.pinimg.com *.avada.io *.sendcloud.sc https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com widget.freshworks.com m2epro.freshdesk.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com https://static.klaviyo.com *.klarnacdn.net *.googleapis.com *.klevu.com *.postcodeanywhere.co.uk *.google-analytics.com *.googleadservices.com *.paypal.com *.paypalobjects.com *.wpengine.com fonts.googleapis.com *.zopim.com wss://*.zopim.com blog.aphrodite1994.com *.adyen.com *.adyenpayments.com *.arcot.com *.kbcard.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.adyen.com widget.freshworks.com m2epro.freshdesk.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.adyenpayments.com *.arcot.com *.kbcard.com *.smartmetrics.co.uk *.google.co.in *.google.co.uk *.google.com *.googleadservices.com *.google-analytics.com *.reviews.co.uk *.nr-data.net *.zdassets.com *.zopim.com wss://*.zopim.com *.postcodeanywhere.co.uk *.paypal.com *.paypalobjects.com *.wpengine.com *.googleapis.com *.klarnaevt.com *.g.doubleclick.net wss://widget-mediator.zopim.com *.playground.klarnaservices.com *.playground.klarnauserservices.com *.hotjar.com https://rcgmal4n.klarnaservices.com https://evt-eu.klarnaservices.com *.klarnaservices.com *.pinterest.com *.cookiebot.com https://get.geojs.io *.avada.io https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.klarna.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://aykoreport.report-uri.com/r/d/csp/reportOnly/; report-to report-endpoint; 1 default-src 'unsafe-eval' 'unsafe-inline' 'self' http: https: data: wss: blob: chrome-extension ; report-uri /cgi-bin/csp-reports.cgi 1 base-uri 'self'; default-src 'self' https://*.google-analytics.com http://*.google-analytics.com *.google-analytics.com https://*.analytics.google.com http://*.analytics.google.com *.analytics.google.com https://stats.g.doubleclick.com http://stats.g.doubleclick.com stats.g.doubleclick.com https://*.searchiq.co http://*.searchiq.co *.searchiq.co https://*.gstatic.com http://*.gstatic.com *.gstatic.com https://*.googleapis.com http://*.googleapis.com *.googleapis.com https://*.cookielaw.com http://*.cookielaw.com *.cookielaw.com https://*.cookielaw.org http://*.cookielaw.org *.cookielaw.org https://*.cloudapi.de http://*.cloudapi.de *.cloudapi.de https://*.onetrust.com http://*.onetrust.com *.onetrust.com 'unsafe-inline' 'unsafe-eval'; child-src; connect-src 'self' https://cdn.cookielaw.org http://cdn.cookielaw.org cdn.cookielaw.org https://privacyportal-eu.onetrust.com http://privacyportal-eu.onetrust.com privacyportal-eu.onetrust.com; font-src 'self' https://privacyportal-eu-cdn.onetrust.com http://privacyportal-eu-cdn.onetrust.com privacyportal-eu-cdn.onetrust.com data:; form-action 'self'; frame-ancestors 'none'; frame-src 'self' https://tools.eurolandir.com http://tools.eurolandir.com tools.eurolandir.com https://*.instagram.com http://*.instagram.com *.instagram.com https://*.searchiq.co http://*.searchiq.co *.searchiq.co https://*.youtube.com http://*.youtube.com *.youtube.com https://*.hypemarks.com http://*.hypemarks.com *.hypemarks.com; img-src 'self' https://*.searchiq.co http://*.searchiq.co *.searchiq.co https://*.google-analytics.com http://*.google-analytics.com *.google-analytics.com https://*.analytics.google.com http://*.analytics.google.com *.analytics.google.com https://stats.g.doubleclick.com http://stats.g.doubleclick.com stats.g.doubleclick.com https://stats.g.doubleclick.net http://stats.g.doubleclick.net stats.g.doubleclick.net https://*.google.com http://*.google.com *.google.com https://*.google.co.uk http://*.google.co.uk *.google.co.uk https://*.cookielaw.org http://*.cookielaw.org *.cookielaw.org https://px.ads.linkedin.com http://px.ads.linkedin.com px.ads.linkedin.com https://*.linkedin.com http://*.linkedin.com *.linkedin.com https://*.facebook.com http://*.facebook.com *.facebook.com blob: data:; media-src https://youtube.com http://youtube.com youtube.com; object-src 'none'; manifest-src 'self'; script-src 'self' https://*.instagram.com http://*.instagram.com *.instagram.com https://*.licdn.com http://*.licdn.com *.licdn.com https://*.googleapis.com http://*.googleapis.com *.googleapis.com https://*.searchiq.co http://*.searchiq.co *.searchiq.co https://*.youtube.com http://*.youtube.com *.youtube.com https://*.googletagmanager.com http://*.googletagmanager.com *.googletagmanager.com https://*.google-analytics.com http://*.google-analytics.com *.google-analytics.com https://*.analytics.google.com http://*.analytics.google.com *.analytics.google.com https://*.cookielaw.com http://*.cookielaw.com *.cookielaw.com https://*.cookielaw.org http://*.cookielaw.org *.cookielaw.org https://*.hypemarks.com http://*.hypemarks.com *.hypemarks.com https://*.moatads.com http://*.moatads.com *.moatads.com https://*.cloudapi.de http://*.cloudapi.de *.cloudapi.de https://*.onetrust.com http://*.onetrust.com *.onetrust.com https://connect.facebook.net http://connect.facebook.net connect.facebook.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 1 object-src 'none';base-uri 'self';script-src 'nonce-3I6CaePiX0XIIPEEe-4NQw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-8XOpSIaf_C_v5TlyDXd_7A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 base-uri 'none'; connect-src https://stripe.com; default-src 'none'; font-src 'self'; form-action 'none'; frame-ancestors 'none'; img-src 'self' data: https://images.ctfassets.net; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; report-uri https://q.stripe.com/csp-report 1 font-src www.searchanise.com *.searchserverapi.com fonts.gstatic.com v2.zopim.com embed.tawk.to *.commerce-connector.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com www.searchanise.com *.searchserverapi.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com www.searchanise.com *.searchserverapi.com *.twitter.com *.weltpixel.com *.2performant.com *.doubleclick.net *.pinterest.com *.force.com *.facebook.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com cdn.kfea.ro shopmania.ro www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.twitter.com *.twimg.com www.google.ru www.searchanise.com *.searchserverapi.com s3.amazonaws.com *.gstatic.com v2assets.zopim.io *.google.ro *.facebook.com *.widgetwhats.com tawk.link compari.ro ct.pinterest.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com searchserverapi.com *.searchanise.com api.amplitude.com *.twitter.com *.twimg.com https://www.googletagmanager.com tagmanager.google.com *.zdassets.com v2.zopim.com *.facebook.net *.facebook.com attr-2p.com *.widgetwhats.com chimpstatic.com embed.tawk.to *.jsdelivr.net *.hotjar.com *.arukereso.com gstatic.com *.clarity.ms *.themarketer.com *.pinimg.com *.pinterest.com *.enzuzo.com cdn-cookieyes.com *.googlesyndication.com *.commerce-connector.com *.force.com *.salesforceliveagent.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src unsafe-inline www.searchanise.com *.searchserverapi.com searchanise-ef84.kxcdn.com s3.amazonaws.com *.twitter.com ton.twimg.com tagmanager.google.com *.googleapis.com 'self' data: *.widgetwhats.com embed.tawk.to *.googletagmanager.com tpc.googlesyndication.com *.cloudfront.net *.commerce-connector.com *.force.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com api.amplitude.com stats.g.doubleclick.net https://www.google-analytics.com ekr.zdassets.com wss://widget-mediator.zopim.com pagead2.googlesyndication.com *.google.com *.google.ro googleads.g.doubleclick.net region1.analytics.google.com *.2performant.com *.widgetwhats.com zdata-ro-bellabike.s3.eu-west-1.amazonaws.com *.tawk.to kfea.zendesk.com api.edrone.me *.themarketer.com *.pinterest.com *.clarity.ms *.commerce-connector.com *.facebook.com *.hotjar.com *.hotjar.io region1.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src widget-mediator.zopim.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src data: https://fonts.gstatic.com https://static.photoslurp.com https://www.tuinmeubelshop.nl *.fontawesome.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://*.dpdconnect.nl https://gum.criteo.com https://www.googletagmanager.com/ www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://maps.gstatic.com http://maps.gstatic.com https://maps.googleapis.com http://maps.googleapis.com https://cdn.tuinmeubelshop.nl https://cdn-staging.tuinmeubelshop.nl https://squeezely.tech https://t.squeezely.tech https://www.google.com https://v2.zopim.com https://ct.pinterest.com https://www.facebook.com https://www.google.nl https://bat.bing.com https://m.photoslurp.com https://static.photoslurp.com https://www.tuinmeubelshop.nl http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://img.youtube.com www.magmodules.eu *.squeezely.tech https://widgets.trustedshops.com https://widgets-qa.trustedshops.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://*.dpdconnect.nl https://www.google.com https://www.gstatic.com https://ssl.google-analytics.com https://www.google-analytics.com https://maps.googleapis.com https://ecookie.nl https://www.ecookie.nl https://connect.getflowbox.com https://chimpstatic.com https://www.googletagmanager.com http://www.googletagmanager.com https://v2.zopim.com https://www.googleadservices.com http://www.googleadservices.com https://bat.bing.com https://s.pinimg.com https://ct.pinterest.com https://connect.facebook.com https://connect.facebook.net https://squeezely.tech https://t.squeezely.tech https://googleads.g.doubleclick.net https://static.zdassets.com http://static.photoslurp.com https://sslwidget.criteo.com https://static.hotjar.com https://www.googleoptimize.com https://ss.tuinmeubelshop.nl https://unpkg.com https://widget.thuiswinkel-cdn.org https://widget.thuiswinkel.org widget-mediator.zopim.com https://cdn.polyfill.io https://browser.sentry-cdn.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ s7.addthis.com squeezely.tech www.squeezely.tech *.squeezely.tech https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com http://fonts.googleapis.com https://static.photoslurp.com https://www.tuinmeubelshop.nl *.fontawesome.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.zdassets.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.google-analytics.com https://squeezely.tech https://t.squeezely.tech https://api.photoslurp.com https://ct.pinterest.com https://ekr.zdassets.com https://widgetcontent.thuiswinkel-cdn.org https://vdgardetuinmeubelshop.zendesk.com wss://widget-mediator.zopim.com https://*.ingest.sentry.io http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ ekr.zdassets.com/ squeezely.tech *.squeezely.tech *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://127.0.0.1/; report-to report-endpoint; 1 default-src 'self' https:; font-src 'self' use.typekit.net/af/ d1p8b7m2zl7a4f.cloudfront.net d2e0vf92j9kzr0.cloudfront.net/ cdn.myalex.com/ localhost:* host.docker.internal:* data:; img-src 'self' https: d2e0vf92j9kzr0.cloudfront.net/ d1p8b7m2zl7a4f.cloudfront.net cdn.usersnap.com/classic/ localhost:* host.docker.internal:* data:; object-src 'none'; script-src 'self' https: d2e0vf92j9kzr0.cloudfront.net/ d1p8b7m2zl7a4f.cloudfront.net cdn.usersnap.com/classic/ chat.myalex.com/widget.js localhost:* host.docker.internal:* 'unsafe-eval' 'unsafe-inline'; style-src 'self' https: localhost:* host.docker.internal:* p.typekit.net/p.css d2e0vf92j9kzr0.cloudfront.net/ data: d1p8b7m2zl7a4f.cloudfront.net use.typekit.net/nwy7lbs.css cdn.myalex.com/ 'unsafe-inline'; frame-src 'self' https: login.myalex.com localhost:* host.docker.internal:* chat.datatrough.com/; connect-src 'self' https: localhost:* host.docker.internal:* ingest-dev.jellydevs.com/ data: audio.myalex.com/ d2e0vf92j9kzr0.cloudfront.net d1p8b7m2zl7a4f.cloudfront.net; media-src 'self' https: d1p8b7m2zl7a4f.cloudfront.net d2e0vf92j9kzr0.cloudfront.net/; report-uri https://api.honeybadger.io/v1/browser/csp?api_key=952b0e8e&env=production 1 object-src 'none';base-uri 'self';script-src 'nonce-8wh4YXRQTu2-HQgmIPemPQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.fontawesome.com *.cloudflare.com ct.pinterest.com *.googleapis.com *.gstatic.com livechat.alc-crm.com maxcdn.bootstrapcdn.com *.naturalia.fr *.payline.com *.cdn.payline.com *.pinimg.com *.pinterest.com rct-livechat.alc-crm.com s.pinimg.com *.trustedshops.com *.twimg.com *.twitter.com *.typekit.net https://cdnjs.cloudflare.com 'self' data: data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.gstatic.com maxcdn.bootstrapcdn.com *.payline.com *.cdn.payline.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com maxcdn.bootstrapcdn.com *.payline.com *.cdn.payline.com *.twitter.com https://td.doubleclick.net *.criteo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de ct.pinterest.com *.cloudflare.com cdn.cookielaw.org *.google-analytics.com *.googleadservices.com *.google.com *.google.fr *.googletagmanager.com *.klarna.com *.lightemporium.com *.linkedin.com maxcdn.bootstrapcdn.com *.naturalia.fr *.payline.com *.cdn.payline.com *.paypal.com *.pinimg.com *.pinterest.com s.pinimg.com *.twimg.com *.twitter.com *.usercentrics.eu *.ytimg.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.cloudflare.com cdn.cookielaw.org ct.pinterest.com *.doubleclick.net *.facebook.net *.fontawesome.com *.google.com *.google-analytics.com *.googletagmanager.com *.gstatic.com livechat.alc-crm.com maxcdn.bootstrapcdn.com *.naturalia.fr *.payline.com *.cdn.payline.com *.pinimg.com *.pinterest.com rct-livechat.alc-crm.com snap.licdn.com s.pinimg.com *.trustedshops.com *.twimg.com *.twitter.com *.usercentrics.eu *.newrelic.com https://bam.eu01.nr-data.net *.googleoptimize.com *.criteo.com *.actito.com *.aticdn.net https://2453.userly.net https://cdnjs.cloudflare.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.gstatic.com livechat.alc-crm.com maxcdn.bootstrapcdn.com *.naturalia.fr *.payline.com *.cdn.payline.com rct-livechat.alc-crm.com *.trustedshops.com *.twimg.com *.twitter.com *.typekit.net *.usercentrics.eu https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.payline.com *.cdn.payline.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.cloudflare.com cdn.cookielaw.org ct.pinterest.com *.doubleclick.net livechat.alc-crm.com maxcdn.bootstrapcdn.com *.naturalia.fr *.payline.com *.cdn.payline.com *.paypal.com *.pinimg.com *.pinterest.com rct-livechat.alc-crm.com s.pinimg.com *.twimg.com *.twitter.com https://bam.eu01.nr-data.net *.onetrust.com https://cdn.linkedin.oribi.io *.criteo.com https://region1.analytics.google.com *.xiti.com *.reach5.co *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-a6YNFelQ5a-S5cu0YCPytw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' https:; script-src 'self' https: 'nonce-bLjJB/YzVRPp2qzBDH50jA=='; font-src 'self' https: data:; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data:; object-src 'none'; base-uri 'self' https:; frame-src 'self' https: data:; manifest-src 'self' https:; media-src 'self' https:; worker-src 'none'; connect-src 'self' https:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubf39dce81ccd11a5e40c2882e89d410fb&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service%3Amarketplacer%2Cenv%3Aproduction 1 default-src 'self'; script-src 'report-sample' 'self' https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js https://code.jquery.com/jquery-migrate-1.2.1.min.js https://www.paydashboardinfo.com/acton/content/form_embed.js https://ajax.googleapis.com/ajax/libs/webfont/1.5.18/webfont.js https://cc.cdn.civiccomputing.com/9/cookieControl-9.x.min.js https://kit.fontawesome.com/5aa8edd4df.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/PdoyIVkd8v16xl_NMp3H0N1Y/recaptcha__en.js; style-src 'report-sample' 'self' https://fonts.googleapis.com https://www.paydashboardinfo.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://apikeys.civiccomputing.com https://clapi.civiccomputing.com https://ka-p.fontawesome.com https://www.paydashboardinfo.com; font-src 'self' data: https://fonts.gstatic.com https://ka-p.fontawesome.com; frame-src 'self' https://player.vimeo.com https://www.google.com; img-src 'self' https://i.vimeocdn.com https://www.paydashboardinfo.com; manifest-src 'self'; media-src 'self'; report-uri https://6221512bec8a0e581bb6f8f3.endpoint.csper.io/?v=2; worker-src 'none'; 1 default-src 'self' *.cumulusmedia.com 'report-sample'; base-uri 'self'; script-src 'self' *.cumulusmedia.com 'sha256-MhtPZXr7+LpJUY5qtMutB+qWfQtMaPccfe7QXtCcEYc=' *.googletagmanager.com *.google-analytics.com stats.wp.com *.quantcast.com *.quantserve.com *.quantcount.com quantcast.mgr.consensu.org cmp.inmobi.com form.jotform.com cdn.jotfor.ms *.cookielaw.org 'sha256-iqOPaRlwwgtNy7J3vh/+LSW9/QVdN+Fl+YfMS8+GcPo=' *.onetrust.com 'nonce-BzoqwDLh3YVn0HJLpQ+aIsxx' 'report-sample'; style-src 'self' 'unsafe-inline' *.cumulusmedia.com fonts.googleapis.com cdn.jotfor.ms 'report-sample'; img-src 'self' data: *.cumulusmedia.com *.wp.com *.googletagmanager.com *.google-analytics.com *.quantserve.com prreqcroab.icu pixel.quantcount.com *.cookielaw.org; font-src 'self' data: *.cumulusmedia.com fonts.gstatic.com; connect-src 'self' *.cumulusmedia.com *.google-analytics.com *.doubleclick.net *.quantcount.com *.quantcast.com *.inmobi.com submit.jotform.com *.cookielaw.org *.onetrust.com; object-src 'none'; frame-src 'self' *.cumulusmedia.com *.jotform.com; report-uri https://www.cumulusmedia.com/wp-admin/admin-ajax.php?action=wpshr 1 default-src 'self' https://themes.googleusercontent.com/ https://apps.geodan.nl https://acc.apps.geodan.nl https://platform.twitter.com/ https://syndication.twitter.com/ http://www.rovid.nl https://geodata.rivm.nl https://statistiek.rijksoverheid.nl https://mebi.rivm.nl https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://data.rivm.nl/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://statistiek.rijksoverheid.nl http://platform.twitter.com/ https://cdn.syndication.twimg.com https://mebi.rivm.nl https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://data.rivm.nl/ https://apps.rivm.nl; object-src https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/; style-src 'self' 'unsafe-inline' https://platform.twitter.com/ https://ton.twimg.com/ https://mebi.rivm.nl https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/; img-src 'self' https://rivm.nl/ https://*.rivm.nl/ https://statistiek.rijksoverheid.nl/ https://geodata.nationaalgeoregister.nl/ https://syndication.twitter.com/ https://pbs.twimg.com/ https://ton.twimg.com/ https://abs.twimg.com/ https://platform.twitter.com/ http://abs.twimg.com/ data: http://www.rovid.nl https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://service.pdok.nl/ https://data.rivm.nl/ https://*.openstreetmap.org/; frame-src 'self' https://*.vzinfo.nl; frame-ancestors 'self' https://www.atlasleefomgeving.nl https://*.gezondeleefomgeving.nl https://*.woondossier.nl/ https://roosendaal.incijfers.nl https://*.nhnieuws.nl; child-src 'self' https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://data.rivm.nl/ ; font-src 'self' https://rivm.nl/ https://*.rivm.nl/ https://themes.googleusercontent.com/ https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ data: ; connect-src 'self' https://mebi.rivm.nl/* https://statistiek.rijksoverheid.nl/ https://statistiek.rijksoverheid.nl/* https://cstm.rivm.nl/ https://cstm.rivm.nl/* https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://acc-api.rivm.nl https://api.rivm.nl/ https://api.pdok.nl/*; report-uri /report-csp-violation 1 object-src 'none';base-uri 'self';script-src 'nonce-wjKbPwmf-yPtCNoIkN-IAA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 frame-ancestors 'self' https://*.solidpixels.net https://*.solidpixels.com https://*.solidpixels.cz; form-action 'self'; report-uri https://o428203.ingest.sentry.io/api/4505516549210112/security/?sentry_key=6eb445158e4a410c830e7e424f2d7b56 1 object-src 'none';base-uri 'self';script-src 'nonce-s30N_DOuOjtmlNlIGKRQLQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src 'nonce-ad9e4567fe1a53fc77dd6141f76bcc73' 'report-sample' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval'; frame-ancestors 'self' ; object-src 'none'; base-uri 'self'; report-uri https://www.sportx.ch/jsapi/v1/de/log/csp 1 worker-src blob:; font-src *.gstatic.com data: fonts.gstatic.com *.kxcdn.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.google.com facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com store.paradoxlabs.com scontent.cdninstagram.com *.kxcdn.com *.twitter.com google.com https://img.youtube.com *.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ www.google.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ google.com *.gstatic.com cdn.ampproject.org connect.facebook.net googletagmanager.com *.kxcdn.com platform.twitter.com s7.addthis.com *.googletagmanager.com *.facebook.net *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com google.com *.kxcdn.com *.gstatic.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com ekr.zdassets.com/ *.google-analytics.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1 object-src 'none';base-uri 'self';script-src 'nonce-lPKCCrWuxrJPXw90Drf-7A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src fonts.gstatic.com use.typekit.net static.lipscore.com *.klarnacdn.net *.klevu.com *.ksearchnet.com *.bootstrapcdn.com *.kindlycdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.klarna.com *.hotjar.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.klarna.com *.klarnaevt.com *.klarnacdn.net static.lipscore.com blob: img.youtube.com *.klevu.com *.ksearchnet.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.klarna.com *.klarnacdn.net static.lipscore.com *.klarnaservices.com js.klevu.com *.ksearchnet.com *.hotjar.com *.getflowbox.com *.spinnaker-js.com *.facebook.com *.facebook.net *.kindlycdn.com *.newrelic.com *.nr-data.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com static.lipscore.com *.klarnacdn.net *.klevu.com *.ksearchnet.com *.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.klarnaevt.com wapi.lipscore.com users.lipscore.com *.klarnacdn.net *.klarna.com *.klarnaservices.com *.klevu.com *.ksearchnet.com *.hotjar.com *.g.doubleclick.net *.nr-data.net *.spinnaker-js.com *.kindlycdn.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-r5h2JUBjZ9ruwRBv8whHYg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-LezXdImV4lrEUhnUFSOo4Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src higherlogiccloudfront.s3.amazonaws.com https://hl-prod-ca-oc-long-term.s3.amazonaws.com/CNA/ https://hl-prod-ca-oc-download.s3.amazonaws.com/CNA/ https://d1u9edeg3iwvk4.cloudfront.net https://cdn.jsdelivr.net/jquery.slick/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.aspnetcdn.com/ajax/ https://use.fortawesome.com/ cdn.informz.net https://d3uf7shreuzboy.cloudfront.net/ https://static.filestackapi.com 'self' https://hl-prod-ca-oc-holding-pen.s3.amazonaws.com/CNA/ 'unsafe-eval' https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js; font-src https://hl-prod-ca-oc-long-term.s3.amazonaws.com/CNA/ https://d2x5ku95bkycr3.cloudfront.net https://fonts.googleapis.com/ fonts.googleapis.com higherlogiccloudfront.s3.amazonaws.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://hl-prod-ca-oc-download.s3.amazonaws.com/CNA/ https://hl-prod-ca-oc-holding-pen.s3.amazonaws.com/CNA/ 'self' https://fonts.gstatic.com/ https://d1u9edeg3iwvk4.cloudfront.net data: https://cdn.jsdelivr.net/jquery.slick/; script-src-elem https://static.filestackapi.com/filestack-js/ https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline' https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d2x5ku95bkycr3.cloudfront.net/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d3uf7shreuzboy.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'self'; media-src https://hl-prod-ca-oc-long-term.s3.amazonaws.com/CNA/ https://hl-prod-ca-oc-download.s3.amazonaws.com/CNA/ https://hl-prod-ca-oc-stream.s3.amazonaws.com/CNA/ https://d1u9edeg3iwvk4.cloudfront.net https://hl-prod-ca-oc-holding-pen.s3.amazonaws.com/CNA/ 'self'; style-src https://cdnjs.cloudflare.com/ajax/libs/prism/ https://use.fortawesome.com/ 'unsafe-inline' https://cdn.jsdelivr.net/jquery.slick/ https://d3uf7shreuzboy.cloudfront.net/ https://hl-prod-ca-oc-download.s3.amazonaws.com/CNA/ 'self' https://ajax.googleapis.com/ajax/libs/jqueryui/ https://hl-prod-ca-oc-holding-pen.s3.amazonaws.com/CNA/ higherlogiccloudfront.s3.amazonaws.com https://d2x5ku95bkycr3.cloudfront.net/ https://hl-prod-ca-oc-long-term.s3.amazonaws.com/CNA/ https://fonts.googleapis.com/ fonts.googleapis.com https://d1u9edeg3iwvk4.cloudfront.net; manifest-src 'self'; frame-src https://www.youtube.com/embed/ https://api.connectedcommunity.org/ 'self'; img-src https://cdn.jsdelivr.net/jquery.slick/ https://hl-prod-ca-oc-long-term.s3.amazonaws.com/CNA/ https://d1u9edeg3iwvk4.cloudfront.net https://hl-prod-ca-oc-download.s3.amazonaws.com/CNA/ https://img.youtube.com/vi/ 'self' https://d2x5ku95bkycr3.cloudfront.net https://hl-prod-ca-oc-holding-pen.s3.amazonaws.com/CNA/; object-src 'none'; worker-src 'self'; connect-src 'self' hl-managedservices.informz.net; default-src 'self'; base-uri 'self'; frame-ancestors 'self' https://*.connectedcommunity.org/; 1 default-src 'self' 'sha256-CpVHHz+n6VNKGvEMpUD3u2AGcdTa7HC04T0t2E/luRg=' 'sha256-t/TV4mVvsYyRRmzsnJQxH1M3PIzrTM9N75vZsHK6c4M=' 'sha256-CpVHHz+n6VNKGvEMpUD3u2AGcdTa7HC04T0t2E/luRg=' 'sha256-pYWcJjjKJnzi2yBJOfVkAfTNrsK/E+MNH568k1drRPI=' 'sha256-vUydzT54GHFfwMPUOeoneQwFc+pC3UksVfFvuIWzASE=' 'sha256-SoHnkEPpU2G9fb1LfNfymxNjOkYyBXDXjOJ45prpt7M=' 'sha256-oOseNGdaZnme5+nP+y+P0sg6v8Jct4ZgizgbYq+5Xd0=' https://www.googletagmanager.com https://play.libsyn.com https://www.youtube-nocookie.com https://youtu.be/ https://siteimproveanalytics.com https://siteimproveanalytics.com/js/siteanalyze_10597.js *.siteimproveanalytics.com yoshki.com https://watch.wave.video/ https://tourmkr.com/ https://online.fliphtml5.com/ https://docs.google.com doubleclick.net https://siteimproveanalytics.com *.zencdn.net players.brightcove.net fonts.gstatic.com *.googleapis.com s3.amazonaws.com www.google.com *.googletagmanager.com *.gstatic.com *.siteimproveanalytics.io *.doubleclick.net *.google-analytics.com *.siteimproveanalytics.com cwt.vuturevx.com www.youtube.com open.spotify.com vimeo.com directory.libsyn.com html5-player.libsyn.com *.yoshki.com; img-src 'self' data: https://www.google.com/ads/ga-audiences https://www.google-analytics.com/ https://online.fliphtml5.com yoshki.com https://docs.google.com *.boltdns.net *.brightcove.com https://maps.gstatic.com https://maps.googleapis.com/ https://cwt.vuturevx.com/ https://s3.amazonaws.com/ *.siteimproveanalytics.io; media-src 'self' blob: yoshki.com ; font-src 'self' data: https://fonts.gstatic.com https://docs.google.com *.yoshki.com; worker-src 'self' blob: *.yoshki.com; connect-src 'self' https://www.googletagmanager.com https://siteimproveanalytics.com/js/siteanalyze_10597.js *.siteimproveanalytics.com https://stats.g.doubleclick.net yoshki.com *.google-analytics.com *.siteimproveanalytics.com *.brightcove.com *.boltdns.net https://bcbolt446c5271-a.akamaihd.net https://docs.google.com; frame-ancestors 'self' *.siteimproveanalytics.com yoshki.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://siteimproveanalytics.com/js/siteanalyze_10597.js *.google-analytics.com www.gstatic.com *.siteimproveanalytics.com *.google.com;style-src-elem * 'self' 'unsafe-inline' https://fonts.googleapis.com/; 1 default-src 'self'; child-src 'none'; object-src 'none'; script-src http: https: 'strict-dynamic' 'nonce-LLVoYYb63OpDyE6FyN4NvW13aqJWFKvG3mW5FeYa3hk='; connect-src 'self' https://vitruv.uni-tuebingen.de; worker-src blob:; style-src 'self' 'unsafe-inline'; img-src 'self'; font-src 'self'; base-uri 'self'; frame-src 'self'; 1 child-src id.quicklaunch.io www.youtube.com 'self'; connect-src 'self' adservice.google.com ai.ocelotbot.com lcas-dev.lakelandcc.edu lcas.lakelandcc.edu www.facebook.com www.google-analytics.com www.google.com 1.bgbong.xyz [fdbd:dc05:e:a16::32]:9353 [fdbd:dc05:ff:ff:3409:a89a:9bc2:4536]:9374 [fdbd:dc05:ff:ff:7bdb:74be:5012:db11]:9313 [fdbd:dc05:ff:ff:919b:3ba7:439e:b40a]:9396 [fdbd:dc05:ff:ff:a0fe:723a:e150:1021]:9465 [fdbd:dc05:ff:ff:aa8d:2e5c:b21c:a9b6]:9367 [fdbd:dc05:ff:ff:b3e6:81a7:14c4:b78f]:9285 [fdbd:dc05:ff:ff:eff5:fe5f:bf86:47a3]:9302 analytics.google.com api.awesomeblocker.com api.browsekeeper.com api.datacloudstat.com api.extremesecurityadblocker.com api.fbanalytics.org data: easy-dollars.net epicindexer.com fcgt742.com get663.com h-geek.com hackearwats-geek.com id.quicklaunch.io iphone-giveaway.net phone-number-tracer.com region1.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net translate.googleapis.com www.600ct.co.za 1531320666.rsc.cdn77.org [fdbd:dc05:d:92e::26]:9382 [fdbd:dc05:ff:ff:2a3e:4c33:abbe:9cdd]:9228 [fdbd:dc05:ff:ff:489c:126b:ab42:c5d]:9366 [fdbd:dc05:ff:ff:76fd:6600:c8fc:20c7]:9319 [fdbd:dc05:ff:ff:aad2:6975:8ec4:1b60]:9353 [fdbd:dc05:ff:ff:b14a:f1c3:92f1:c067]:9475 [fdbd:dc05:ff:ff:b584:1bdc:6ed3:be86]:9429 [fdbd:dc05:ff:ff:c021:b089:b2aa:a034]:9406 [fdbd:dc05:ff:ff:c10d:fd07:29c1:41d9]:9313 [fdbd:dc05:ff:ff:d568:9ba4:fb08:d9e1]:9377 [fdbd:dc05:ff:ff:f47d:56d4:50ce:9168]:9448 api.adblockertool.com api.adblocking247.com api.daily-guard.net api.highdataanalytics.com api.killadsapi.com api.socialsolutionapp.com file holdgeek.xyz overbridgenet.com play.google.com rum.browser-intake-us5-datadoghq.com static-assets-cdn.i.hosted.panopto.com www.google.com.gh www.googletagmanager.com z0x.top; font-src 'self' fonts.gstatic.com netdna.bootstrapcdn.com cdnjs.cloudflare.com data: static.zip.co www.slant.co aceify.ai chrome-extension://7d7e9767-2579-42b8-9742-125439fcc51a fonts.cdnfonts.com moz-extension://7d7e9767-2579-42b8-9742-125439fcc51a ms-browser-extension p1.answerdash.com sc-static.net; form-action 'self' www.lakelandcc.edu 1.bgbong.xyz bssa.lakelandcc.edu degree.lakelandcc.edu ezproxy.lakelandcc.edu id.quicklaunch.io idp.quicklaunchsso.com lakelandcc.inspire.civitaslearning.com lakeopac.lakelandcc.edu lcas.lakelandcc.edu lkn.lakelandcc.edu search.ebscohost.com data: eds-p-ebscohost-com.ezproxy.lakelandcc.edu h-geek.com mail.google.com myportal.lakelandcc.edu search-ebscohost-com.ezproxy.lakelandcc.edu; frame-ancestors 'self'; frame-src 'self' cse.google.com embed.ocelotbot.com id.quicklaunch.io lcas-dev.lakelandcc.edu lcas.lakelandcc.edu td.doubleclick.net www.adsensecustomsearchads.com www.youtube.com yoshki.com 00672461d1c39914d6326c097abc8a57sync.pacrpc.useast.v1api.securly.com forms.office.com gateway.zscalertwo.net hire.simplicant.com lakeland.maps.arcgis.com lakelandcc.elluciancrmrecruit.com lakelandcc.financialaidtv.com lakelandcc.hosted.panopto.com mozbar.moz.com syndicatedsearch.goog td.doubleclick.net.x.3a978f060a1f604ab0082340db03ccc079dd.d045241e.id.opendns.com td.doubleclick.net.x.3ecec1c709d3104ebc0b3a0058c6c740737e.d045247d.id.opendns.com td.doubleclick.net.x.5f971f1a0c3a204bc90905103c2b6a871ae4.d043d9af.id.opendns.com td.doubleclick.net.x.cc8514340c14304eca086340471a5444df19.d045241e.id.opendns.com uhforceapp02.uhhs.com:8070 useast-www.securly.com www.adsensecustomsearchads.com.x.82da924d0d9150497f094f70e39628eee5ec.9270fa54.id.opendns.com www.adsensecustomsearchads.com.x.b2a49ff1000160449409a300d80695dc8d60.9270fa5e.id.opendns.com www.adsensecustomsearchads.com.x.d76f80b908802042dc085bc01d9a2ce604ed.9270fa53.id.opendns.com www.facebook.com www.google.com www.lakelandcc.edu www.wkyc.com 1.bgbong.xyz app.powerbi.com block.opendns.com bssa.lakelandcc.edu cdn.yoshki.com class.lakelandcc.edu *.securly.com 10.0.1.1:8090 10.186.186.165:15871 [fdbd:dc05:f:944::15]:9494 accounts.google.com corp-bhfpwcg04:8080 h-geek.com mailto myportal.lakelandcc.edu null safe.menlosecurity.com static-assets-cdn.i.hosted.panopto.com td.*.opendns.com uhlakforceapp02.uhhs.com:8070 uhlakforceapp04.uhhs.com:8070 www.adsensecustomsearchads.com.x.f59105520736d044310b33409ae906fddb6d.9270fa46.id.opendns.com www.googletagmanager.com www.youtube.com.x.7d6514ff0bbdd04b3c09b9b0f284ce53f691.d0452015.id.opendns.com www.youtube.com.x.91dee9b504b76045590bc150cd94a6a462f3.d0452015.id.opendns.com www3.lakelandcc.edu; img-src 'self' aa.agkn.com ads.stickyadstv.com b8ssb.lakelandcc.edu bcp.crwdcntrl.net catalog.lakelandcc.edu ce.lijit.com class.lakelandcc.edu clients1.google.com cm.g.doubleclick.net d.agkn.com dpm.demdex.net eb2.3lift.com encrypted-tbn0.gstatic.com encrypted-tbn1.gstatic.com encrypted-tbn2.gstatic.com encrypted-tbn3.gstatic.com fei.pro-market.net googleads.g.doubleclick.net ib.adnxs.com id.ocelotbot.com idp.quicklaunchsso.com idsync.rlcdn.com image2.pubmatic.com insight.adsrvr.org lakelandcc.edu lakelandcc.webex.com lcas.lakelandcc.edu lkn.lakelandcc.edu loadm.exelator.com login.microsoftonline.com mail.google.com myportal.lakelandcc.edu outlook.office.com outlook.office365.com pippio.com pixel.rubiconproject.com pixel.tapad.com pwms.quicklaunchsso.com qlsso.quicklaunchsso.com s.ad.smaato.net simplifi.partners.tremorhub.com ssl.google-analytics.com ssl.gstatic.com stags.bluekai.com support.content.office.net sync.1rx.io sync.bfmio.com sync.intentiq.com sync1.intentiq.com um.simpli.fi ups.analytics.yahoo.com us-u.openx.net usermatch.krxd.net www.facebook.com www.google-analytics.com www.google.ca www.google.co.in www.google.com www.google.com.gh www.googleadservices.com www.googletagmanager.com www.lakelandcc.edu www.livehelpnow.net www.office.com www.onmsft.com www.w3.org 1f2e7.v.fwmrm.net 25live.collegenet.com ad.360yield.com ad.turn.com ads.betweendigital.com ads.servenobid.com ads.us.e-planning.net ads.yieldmo.com adservice.google.com bh.contextweb.com blob: bssa.lakelandcc.edu c1.adform.net cdn.honey.io challenge.livehelpnow.net cm.adgrx.com cms.analytics.yahoo.com community.campuseai.org creativecdn.com cs.lkqd.net cs.media.net cs.videowalldirect.com d.turn.com dailyinfo24.site data: dis.criteo.com dsp.adfarm1.adition.com embed.ocelotbot.com fonts.gstatic.com freewheel.adhaven.com hbx.media.net i.ytimg.com id.quicklaunch.io image4.pubmatic.com image8.pubmatic.com inv-nets.admixer.net live.primis.tech login.dotomi.com match.adsrvr.org match.deepintent.com match.prod.bidr.io match.sharethrough.com myportal-dev.lakelandcc.edu notes.lakelandcc.edu openrtb-us-east-1.axonix.com p.adsymptotic.com pbid.pro-market.net pixel-sync.sitescout.com pm.w55c.net pmp.mxptint.net pr-bh.ybp.yahoo.com pubmatic-match.dotomi.com px.ads.linkedin.com rtb-csync.smartadserver.com rtb.adstanding.com rtb.gumgum.com rtb.mfadsrvr.com s-cs.rmp.rakuten.com s.amazon-adsystem.com segments.company-target.com simage2.pubmatic.com ssbsync-global.smartadserver.com ssc-cms.33across.com sync-dmp.mobtrakk.com sync.crwdcntrl.net sync.ipredictive.com sync.outbrain.com sync.smartadserver.com sync.srv.stackadapt.com sync.taboola.com sync.targeting.unrulymedia.com syncv4.intentiq.com syndicatedsearch.goog tags.rd.linksynergy.com token.rubiconproject.com translate.google.com u.openx.net visitor.omnitagjs.com www.adsensecustomsearchads.com www.google.co.id www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.uk www.google.co.ve www.google.co.vi www.google.co.zm www.google.com.au www.google.com.bd www.google.com.br www.google.com.do www.google.com.mx www.google.com.ng www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.sa www.google.com.ua www.google.de www.google.dz www.google.es www.google.fi www.google.fr www.google.hr www.google.ie www.google.it www.google.jo www.google.lt www.google.ro www.google.se www.google.tg www.ohiohighered.org www.tumblr.com x.bidswitch.net 1.bgbong.xyz [fdbd:dc05:ff:ff:2eaa:986b:2d81:fbaa]:9288 accounts.google.com ads.scorecardresearch.com cdnjs.cloudflare.com dsp.nrich.ai dsum-sec.casalemedia.com fksnk.com hb.yahoo.net id5-sync.com pxl.iqm.com region1.google-analytics.com rtb.adentifi.com secure.adnxs.com sync-tm.everesttech.net sync.adprime.com sync.inmobi.com sync.lemmatechnologies.com tags.bluekai.com us.shb-sync.com www.google.be www.google.bf www.google.bs www.google.co.cr www.google.co.th www.google.co.za www.google.co.zw www.google.com.bh www.google.com.co www.google.com.gt www.google.com.jm www.google.com.lb www.google.com.mm www.google.com.ni www.google.com.np www.google.com.pe www.google.com.sg www.google.com.tr www.google.cv www.google.ee www.google.gy www.google.mu www.google.nl www.google.pl www.google.pt www.google.ru www.google.si; script-src-attr 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' ai.ocelotbot.com ajax.googleapis.com code.jquery.com connect.facebook.net cse.google.com embed.financialaidtv.com googleads.g.doubleclick.net i.simpli.fi lkn.lakelandcc.edu secure.adnxs.com ssl.google-analytics.com tag.simpli.fi www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com apis.google.com asset.goguardian data: digital.films.com embed.ocelotbot.com gc.kis.v2.scr.kaspersky-labs.com get663.com h-geek.com halfstaff.org hire.simplicant.com me.kis.v2.scr.kaspersky-labs.com partner.googleadservices.com sc-static.net seal.thawte.com www.livehelpnow.net www.pagespeed-mod.com holdgeek.xyz localhost:6543 p1.answerdash.com www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' connect.facebook.net googleads.g.doubleclick.net i.simpli.fi lkn.lakelandcc.edu secure.adnxs.com tag.simpli.fi wasm-eval www.google-analytics.com www.googletagmanager.com ai.ocelotbot.com ajax.googleapis.com code.jquery.com cse.google.com embed.financialaidtv.com embed.ocelotbot.com h-geek.com hire.simplicant.com partner.googleadservices.com sc-static.net ssl.google-analytics.com www.google.com www.googleadservices.com www.livehelpnow.net blob:; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' ai.ocelotbot.com fonts.googleapis.com lkn.lakelandcc.edu myportal.lakelandcc.edu netdna.bootstrapcdn.com www.google.com blob: cdn.honey.io cdnjs.cloudflare.com gc.kis.v2.scr.kaspersky-labs.com me.kis.v2.scr.kaspersky-labs.com myportal-dev.lakelandcc.edu adblockers.opera-mini.net p1.answerdash.com www.gstatic.com; style-src 'self' 'unsafe-inline' lkn.lakelandcc.edu myportal.lakelandcc.edu ai.ocelotbot.com cdn.honey.io cdnjs.cloudflare.com fonts.googleapis.com myportal-dev.lakelandcc.edu netdna.bootstrapcdn.com www.google.com www.gstatic.com; worker-src blob: report-uri https://lakeland.report-uri.com/r/t/csp/wizard 1 object-src 'none';base-uri 'self';script-src 'nonce-4Mz6RXZM21OYuyNBuo6yoA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.sofi.com *.amazonaws.com *.yotpo.com *.amplitude.com *.glassboxcdn.com *.facebook.net *.hifiona.com *.evenfinancial.com *.engine.tech *.leaplife.com *.datadoghq-browser-agent.com *.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com *.googleadservices.com *.bing.com https://*.clarity.ms *.doubleclick.net *.googletagservices.com *.googlesyndication.com cdn.embedly.com https://cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.yotpo.com *.googleapis.com d32ijn7u0aqfv4.cloudfront.net cdn.embedly.com *.fontawesome.com; object-src 'none'; base-uri 'self'; connect-src 'self' *.braze.com *.doubleclick.net *.google.com *.amazonaws.com *.yotpo.com *.amplitude.com *.contentful.com *.optimizely.com *.mparticle.com https://report.sofi.glassboxdigital.io *.google-analytics.com *.rollbar.com *.bing.com https://*.clarity.ms *.googlesyndication.com *.facebook.com browser-http-intake.logs.datadoghq.com rum.browser-intake-datadoghq.com session-replay.browser-intake-datadoghq.com cdn.embedly.com api-cdn.embed.ly https://cdn.cookielaw.org *.onetrust.com; font-src 'self' *.gstatic.com *.googleapis.com *.yotpo.com d32ijn7u0aqfv4.cloudfront.net cdn.embedly.com *.fontawesome.com; frame-src 'self' https://embed.evenfinancial.com https://embed.leaplife.com https://www.google.com/ *.googlesyndication.com *.doubleclick.net https://www.facebook.com cdn.embedly.com *.hifiona.com *.googleadservices.com; img-src 'self' data: *.google.com *.githubusercontent.com *.evenfinancial.com *.engine.tech *.yotpo.com https://s3.amazonaws.com https://images.ctfassets.net http://images.ctfassets.net *.facebook.com *.google-analytics.com *.sofi.com *.bing.com https://*.clarity.ms cdn.nextinsure.com *.doubleclick.net www.googletagmanager.com https://s0.2mdn.net https://cdn.cookielaw.org ; manifest-src 'self'; media-src 'self'; frame-ancestors 'self' *.sofi.com ; worker-src 'self' blob:; child-src 'self' blob:; 1 object-src 'none';base-uri 'self';script-src 'nonce-hM5Nt2BQ2DvfPgG4A4btQg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.kvcc.edu p2.kvcc.edu *.gstatic.com www.youtube.com um.simpli.fi www.google.co.ke branding.kvcc.edu ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 font-src *.googleapis.com *.gstatic.com *.fontawesome.com *.simonetti.com.br *.chernobyl.pentagrama:8001 *.smarthint.co https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2 https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.ttf data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors https://h.online-metrix.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://h.online-metrix.net *.cardinalcommerce.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.paypal.com * *.simonetti.com.br *.chernobyl.pentagrama:8001 *.smarthint.co *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com https://h.online-metrix.net *.d.aa.online-metrix.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.simonetti.com.br *.chernobyl.pentagrama:8001 *.smarthint.co *.confi.com.vc maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com https://h.online-metrix.net *.cardinalcommerce.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.simonetti.com.br *.chernobyl.pentagrama:8001 *.smarthint.co *.confi.com.vc *.newrelic.com bam.nr-data.net maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.simonetti.com.br *.chernobyl.pentagrama:8001 *.smarthint.co https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2 https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.ttf *.confi.com.vc 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.simonetti.com.br *.chernobyl.pentagrama:8001 *.smarthint.co *.confi.com.vc 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com https://h.online-metrix.net https://mpisandbox.braspag.com.br/v2/3ds/validate https://writer.cardinalcommerce.com/stag/log https://mpisandbox.braspag.com.br/v2/3ds/enroll https://centinelapistag.cardinalcommerce.com/V1/Order/JWT/Continue *.amazonaws.com *.braspag.com.br https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.simonetti.com.br *.chernobyl.pentagrama:8001 *.smarthint.co *.confi.com.vc *.newrelic.com bam.nr-data.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; media-src https: data:; object-src https: data:; img-src https: data:; font-src https: data:; report-uri /csp-report 1 frame-src 'self' static.addtoany.com; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://ajax.googleapis.com/ajax/libs/jqueryui/1.13.2/jquery-ui.min.js https://ajax.googleapis.com/ajax/libs/jquery/3.7.0/jquery.min.js cdn.jsdelivr.net cdn.rawgit.com https://cdn.jsdelivr.net https://static.addtoany.com mdbootstrap.com; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://ajax.googleapis.com/ajax/libs/jqueryui/1.13.2/jquery-ui.min.js https://ajax.googleapis.com/ajax/libs/jquery/3.7.0/jquery.min.js cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://use.fontawesome.com mdbootstrap.com use.fontawesome.com; frame-ancestors 'self' static.addtoany.com 1 default-src 'self'; img-src * data: blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://gateway.zscloud.net gateway.zscalerthree.net zscaler.net https://*.pcipal.cloud https://*.stripe.com/ blob:; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://*.pcipal.cloud https://www.google.com accounts.google.com https://www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://fonts.googleapis.com/css2 *.walkme.com https://gateway.zscloud.net gateway.zscalerthree.net zscaler.net https://*.cardinalcommerce.com/ https://*.stripe.com/ blob:; frame-src * data: 'report-sample'; style-src 'self' 'unsafe-inline' *.walkme.com; report-uri https://pcipal.report-uri.com/r/d/csp/reportOnly; connect-src 'self' wss://pcipal.cloud wss://*.pcipal.cloud https://*.pcipal.cloud:* *.walkme.com https://kg668dbov0.execute-api.us-east-1.amazonaws.com/stag/log https://*.apm.eu-west-1.aws.found.io:* https://*.cardinalcommerce.com/ https://pcipal.report-uri.com/ https://*.stripe.com/; font-src * data:; object-src 'none'; 1 script-src 'self' 'unsafe-eval' 'unsafe-inline' *.com.imgeng.in *.cloudfront.net v1.addthisedge.com block.opendns.com apps.bazaarvoice.com s.ytimg.com *.avmws.com *.google.com *.auryc.com *.bazaarvoice.com *.listrakbi.com services.listrak.com www.gstatic.com cdn.expertvoice.com secure.rock5rice.com pixel.mathtag.com js-agent.newrelic.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com dmp.truoptik.com xdymhcopnh.execute-api.us-east-1.amazonaws.com www-propper.com.imgeng.in www.googlecommerce.com *.googleadservices.com script.crazyegg.com *.channeladvisor.com *.facebook.net *.ubembed.com *.b1js.com *.callrail.com bat.bing.com googleads.g.doubleclick.net b1img.com *.youtube.com static.doubleclick.net pixel.adacado.com *.googleapis.com www.propper.com s7.addthis.com celebrosnlp.com m.addthis.com www.googletagmanager.com www.adelixir.com staticw2.yotpo.com cdn-vms-video-uploader.yotpo.com bam-cell.nr-data.net cdnapisec.kaltura.com *.youranswer.io support.youramigo.com *.yotpo.com platform.twitter.com propper-search.celebros.com cdn.swellrewards.com *.route.com; report-uri /.webscale/csp-report 1 object-src 'none';base-uri 'self';script-src 'nonce-jAhPzN-K96r4FutC0dJZ9g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-RoO3aAvMrculZtmYrgkK5Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-GySytQ39I8eutOo9M5Of4g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src 'self' 'report-sample' frontend.leon.aero ajax.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ cdn.tiny.cloud blob:; img-src 'self' 'report-sample' leon-downloads.s3-eu-west-1.amazonaws.com api.maptiler.com frontend.leon.aero sp.tinymce.com lsotest2.s3.eu-west-1.amazonaws.com leonfiles.s3.eu-west-1.amazonaws.com data:; style-src-elem 'self' 'unsafe-inline' leon-downloads.s3-eu-west-1.amazonaws.com 'report-sample' frontend.leon.aero fonts.googleapis.com cdn.tiny.cloud lsotest2.s3.eu-west-1.amazonaws.com leonfiles.s3.eu-west-1.amazonaws.com; style-src-attr 'self' 'report-sample' 'unsafe-inline' frontend.leon.aero fonts.googleapis.com cdn.tiny.cloud; font-src 'self' 'report-sample' frontend.leon.aero fonts.gstatic.com; report-uri https://europe-1.leon.aero/webservices/NewrelicLogger/new_relic_logger.php 1 script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' mackenzieltd.com *.mackenzieltd.com impromptugourmet.com *.impromptugourmet.com cbcrabcakes.com *.cbcrabcakes.com *.cloudmaestro.com cdn.attn.tv tags.wdsvc.net www.lightboxcdn.com static.criteo.net *.adroll.com track.securedvisit.com dev.visualwebsiteoptimizer.com staticw2.yotpo.com *.adroll.mgr.consensu.org js.klevu.com connect.facebook.net lightboxapi.azurewebsites.net sslwidget.criteo.com www.google.com www.gstatic.com www.googletagmanager.com *.cloudfront.net bat.bing.com www.googleadservices.com www.google-analytics.com *.yimg.com js.b1js.com js.alocdn.com tag.rmp.rakuten.com jscdn.appier.net script.crazyegg.com googleads.g.doubleclick.net tags.b1js.com cdn.id5-sync.com tags.crwdcntrl.net *.zenclerk.com ut.ra.linksynergy.com b1img.com widget.us.criteo.com js-agent.newrelic.com bam.nr-data.net *.online-metrix.net cdn.inspectlet.com t.p.mybuys.com cdn.evgnet.com magnetic.t.domdex.com ajax.cloudflare.com static.cloudflareinsights.com macke11122.pcapredict.com waves.retentionscience.com *.bluecore.app *.bluecore.com view.publitas.com; worker-src blob:; report-uri /.webscale/csp-report 1 font-src *.fontawesome.com *.bootstrapcdn.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com googleads.g.doubleclick.net secure.livechatinc.com *.weltpixel.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://www.google.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.amazonaws.com bat.bing.com cdn.ywxi.net blob *.instantsearchplus.com *.trackedlink.net *.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ acp-magento.appspot.com *.akamaized.net *.instantsearchplus.com *.fastsimon.com fastsimon-grid.akamaized.net *.fontawesome.com *.livechatinc.com bat.bing.com *.clarity.ms *.newrelic.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.bootstrapcdn.com static-autocomplete.fastsimon.com ping.fastsimon.com settings.fastsimon.com static-grid.fastsimon.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.clarity.ms api.livechatinc.com bat.bing.com api.fastsimon.com suggest.instantsearchplus.com static-autocomplete.fastsimon.com static-grid.fastsimon.com ping.fastsimon.com settings.fastsimon.com stats.g.doubleclick.net bam.nr-data.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src data: 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.jsdelivr.net code.jquery.com *.gstatic.com *.google.com *.bootstrapcdn.com *.googletagmanager.com *.typekit.net *.comeet.co *.zoominfo.com *.bing.com *.clarity.ms *.doubleclick.net *.googleoptimize.com *.google-analytics.com *.callrail.com unpkg.com *.facebook.net *.facebook.com *.libsyn.com up.pixel.ad *.googlesyndication.com *.spinutech.com *.hs-scripts.com up.pixel.ad snap.licdn.com *.hscollectedforms.net *.hsleadflows.net *.hsadspixel.net *.hs-banner.com *.hs-analytics.net *.hsforms.net *.hsforms.com *.usemessages.com *.zi-scripts.com *.hubspot.com *.hubapi.com *.sitescout.com *.youtube.com addsearch.com *.addsearch.com *.cloudfront.net *.searchcdn.com *.browserstack.com wss://*.browserstack.com *.linkedin.oribi.io *.linkedin.com analytics.tiktok.com *.stape.biz; img-src * 'self' data:; media-src 'self' s3.amazonaws.com; frame-ancestors 'self'; object-src 'none'; form-action 'self' *.spinutech.com accounts.google.com *.facebook.com *.hsforms.com; base-uri 'self'; report-uri https://services.spinudev.com/csp/cspreport; 1 object-src 'none';base-uri 'self';script-src 'nonce-pDebVau_Z3G7fhgrMfm95g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-OGyK6gZFo6dW6smvIWHosQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-inline' 'unsafe-eval'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=lhd_mJgKlt0fN_FWj3LQOGul1MRocFH6QTZuGVUwr6w-1711588544-1.0.1.1-xG3vSqWMF3KQDVlLTG1bKsmhVdlCuvxWRAd0zwgjLFgFt52WL8Vfxs8ijy0DJk0b.dEtOu8k3tETraat_c3fPqEY_rS8d5.zCJXypuoCWrlAyByEZJ78OLRhFD6TqtEO9CApFcdutfZ08r4bGBfvPtrZfkICkHjItLtb8i6k.TLj8LfE.EH06KFpMmcJCeJE; report-to cf-ixbsvidlofsyqrtb 1 object-src 'none';base-uri 'self';script-src 'nonce-RdhEow4JTEQOSJdhse3jeg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-QDdiaq6avwMBjm0fmoMP_w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src fonts.gstatic.com 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src *.vimeo.com *.texdecor.test *.texdecor.com www.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com *.vimeocdn.com s.ytimg.com data *.cdninstagram.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.texdecor.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.instagram.com *.texdecor.test *.texdecor.com *.fact-finder.fr www.google-analytics.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'none'; media-src 'self'; frame-src 'self' https://*.autopay.io https://stonly.com https://*.stonly.com https://player.vimeo.com; script-src 'self' cdn.ravenjs.com www.google-analytics.com apis.google.com stonly.com https://player.vimeo.com https://plausible.io 'sha256-fwc0mpDa8OHTVGvj46tzJTK/4veec5TxZJQNTFjzBw0=' 'unsafe-eval'; connect-src 'self' *.autopay.io *.googleapis.com *.google-analytics.com sentry.io https://vimeo.com api.pwnedpasswords.com stonly.com *.stonly.com https://plausible.io; img-src 'self' https://storage.googleapis.com/autopay-test-api.appspot.com/ https://storage.googleapis.com/autopay-qa-api.appspot.com/ https://storage.googleapis.com/autopay-prod-api.appspot.com/ https://*.autopay.io/ *.tile.osm.org www.google-analytics.com https://*.vimeocdn.com data:; style-src 'unsafe-inline' 'self'; font-src data: autopay.io qa.autopay.io test.autopay.io; manifest-src 'self' 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tawk.to cdnjs.cloudflare.com cdn.jsdelivr.net voidlabs.containers.piwik.pro dl.frontapp.com hcaptcha.com; connect-src 'self' wss://*.tawk.to *.tawk.to newassets.hcaptcha.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com embed.tawk.to; frame-src 'self' demo.voxmail.it www.youtube-nocookie.com newassets.hcaptcha.com; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com embed.tawk.to; media-src 'self' embed.tawk.to; report-uri https://catbzhkx.uriports.com/reports/report 1 font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-eval' 'unsafe-inline' *.sentry-cdn.com *.googletagmanager.com *.youtube.com *.doubleclick.net *.google.com formalyzer.com tracking.leadlander.com fonts.gstatic.com t.sf14g.com maxcdn.bootstrapcdn.com fonts.googleapis.com *.google-analytics.com player.vimeo.com 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.paypal.com eydbvk6xrl-dsn.algolia.net api.yotpo.com *.gstatic.com static.klaviyo.com *.cloudfront.net *.googleapis.com *.algolianet.com vc.hotjar.io static-tracking.klaviyo.com static-forms.klaviyo.com *.facebook.net staticw2.yotpo.com www.paypalobjects.com api-cdn.yotpo.com solidaffiliate.com insights.algolia.io cdn.honey.io api-js.datadome.co acsbapp.com cdn.acsbapp.com maxcdn.bootstrapcdn.com *.hotjar.com bam.nr-data.net metrics.hotjar.io kit.fontawesome.com a.klaviyo.com ka-p.fontawesome.com cdn.jsdelivr.net content.hotjar.io www.youtube.com cdnjs.cloudflare.com fast.a.klaviyo.com cdn.usefathom.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.googleapis.com cdnjs.cloudflare.com siteimproveanalytics.com *.gstatic.com ssl.google-analytics.com *.siteimproveanalytics.io ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 object-src 'none'; base-uri 'none'; script-src 'nonce-4c8788817c107e67c987410fb4359bdf' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com.br *.zendesk.com seal.siteblindado.com cdn.ywxi.net cdnjs.cloudflare.com static.zdassets.com s3.amazonaws.com www.trustedsite.com s3-us-west-2.amazonaws.com www.googletagmanager.com iosite.reclameaqui.com.br analytics.google.com p4f.com *.gstatic.com event-api.rdstation.com.br *.doubleclick.net ekr.zdassets.com *.facebook.com i.ytimg.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 font-src *.fontawesome.com *.gstatic.com *.typekit.net data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net https://www.youtube.com/ *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://m6.purplecloud.ai https://live.hullabalook.com https://content.hulla-cdn.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.tamara.co www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.visa.com https://cdn.clerk.io https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.visa.com *.mastercard.com https://api.clerk.io https://cdn.clerk.io s7.addthis.com https://m6.purplecloud.ai https://live.hullabalook.com https://content.hulla-cdn.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://www.youtube.com/ https://cdn.jsdelivr.net/ https://js-agent.newrelic.com https://bat.bing.com/ https://www.clarity.ms/ https://connect.facebook.net https://dev.visualwebsiteoptimizer.com api.clerk.io cdn.clerk.io *.googletagmanager.com https://api.tamara.co https://cdn.tamara.co www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://api.clerk.io https://cdn.clerk.io *.fontawesome.com *.googleapis.com *.typekit.net https://live.hullabalook.com https://content.hulla-cdn.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ekr.zdassets.com/ ws: https://live.hullabalook.com https://content.hulla-cdn.com https://event.prod.asgard.hullabalook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com https://w.clarity.ms/ https://dev.visualwebsiteoptimizer.com *.tamara.co 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-sfdI9S2ZN7t4ucAMsM0RLg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 child-src 'self'; connect-src 'self' geolocation.onetrust.com; default-src 'self'; font-src 'self'; form-action edeliverysso.metavante.com retailonline.fiservapps.com www.providentolb.com; frame-src 'self' www.providentolb.com; img-src assets.juicer.io s97097.t.eloqua.com ssl.google-analytics.com tracking.go.provident.bank www.juicer.io; manifest-src 'self'; script-src self www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.youtube.com; style-src-elem assets.juicer.io fonts.googleapis.com; style-src assets.juicer.io fonts.googleapis.com self; report-uri https://mschosting.report-uri.com/r/t/csp/wizard 1 object-src 'none';base-uri 'self';script-src 'nonce-rukejoDAgC6XsW56cz7_Ew' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-VFvJONJbsbtfLoFgiPz6-Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googletagmanager.com *.fontawesome.com *.advertserve.com *.google-analytics.com *.licdn.com *.facebook.net *.app-us1.com *.googletagservices.com trackcmp.net *.stripe.com *.gstatic.com *.simpli.fi; connect-src 'self' *.fontawesome.com *.google.com www.google-analytics.com *.doubleclick.net *.advertserve.com; media-src 'self' *.youtube.com *.youtube-nocookie.com; object-src 'self' *.youtube.com *.youtube-nocookie.com *.googlevideo.com *.ytimg.com; frame-src 'self' *.youtube.com *.youtube-nocookie.com *.doubleclick.net js.stripe.com *.google.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com *.googleapis.com *.google.com; font-src 'self' data: maxcdn.bootstrapcdn.com *.gstatic.com *.fontawesome.com; worker-src 'self' blob:; img-src * data: 1 connect-src *.google-analytics.com www.google-analytics.com *.analytics.google.com translate.googleapis.com translate-pa.googleapis.com www.missingpeople.org.uk ws.hotjar.com content.hotjar.io analytics.audioeye.com wss://ws.hotjar.com vc.hotjar.io metrics.hotjar.io fonts.googleapis.com stats.g.doubleclick.net queue.simpleanalyticscdn.com www.facebook.com google.co.uk checkout.stripe.com api.stripe.com maps.googleapis.com connect-js.stripe.com js.stripe.com; default-src 'self' 'unsafe-inline' www.googletagmanager.com; font-src data: missingpeople.org.uk *.gstatic.com wsv3cdn.audioeye.com www.missingpeople.org.uk; frame-src 'self' data: www.google.com platform.twitter.com www.googletagmanager.com player.vimeo.com vimeo.com youtube.com www.youtube.com www.youtube-nocookie.com facebook.com js.stripe.com www.facebook.com wsv3cdn.audioeye.com missingpeople.livevacancies.co.uk *.doubleclick.net v4in1-si.click4assistance.co.uk v4in1-ti.click4assistance.co.uk checkout.stripe.com js.stripe.com hooks.stripe.com connect-js.stripe.com; img-src 'self' data: www.google-analytics.com translate.googleapis.com www.gstatic.com www.google.co.uk www.googletagmanager.com *.gravatar.com *.vimeocdn.com *.ytimg.com www.facebook.com queue.simpleanalyticscdn.com v4in1-si.click4assistance.co.uk *.stripe.com *.missingpeople.org.uk *.gstatic.com; media-src 'self' blob: data:; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' connect.facebook.net checkout.stripe.com js.stripe.com maps.googleapis.com; script-src-elem 'self' 'unsafe-inline' player.vimeo.com vimeo.com apis.google.com www.youtube.com www.youtube-nocookie.com platform.twitter.com googletagmanager.com www.googletagmanager.com www.google.com google.com www.gstatic.com gstatic.com www.google-analytics.com connect.facebook.net js.stripe.com cloud.hopewiser.com static.hotjar.com wsmcdn.audioeye.com script.hotjar.com wsv3cdn.audioeye.com *.audioeye.com scripts.simpleanalyticscdn.com *.google.com v4in1-si.click4assistance.co.uk *.googleapis.com; style-src 'self' 'unsafe-inline' blob: ajax.googleapis.com fonts.googleapis.com www.gstatic.com m.stripe.network js.stripe.com; style-src-elem 'self' 'unsafe-inline' cdnjs.cloudflare.com *.googleapis.com scripts.simpleanalyticscdn.com gstatic.com translate.googleapis.com *.gstatic.com; 1 font-src *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com *.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.vivapayments.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.addthis.com td.doubleclick.net www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com https://img.youtube.com s.w.org *.degezondewereld.nl *.degezondewereld.be cdn.klarna.com www.google.nl *.tinymce.com flagpedia.net www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.vivapayments.com s7.addthis.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net *.avada.io matomo.dutch-headshop.nl *.tiny.cloud *.gstatic.com maps.googleapis.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com https://cdn.jsdelivr.net maxcdn.bootstrapcdn.com fonts.googleapis.com *.typekit.net *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com ekr.zdassets.com/ https://get.geojs.io *.avada.io stats.g.doubleclick.net matomo.dutch-headshop.nl pagead2.googlesyndication.com google.com *.tiny.cloud www.gstatic.com maps.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self'; report-uri https://baldwinriskpartners.report-uri.com/r/d/csp/reportOnly; 1 object-src 'none';base-uri 'self';script-src 'nonce-l7er1d1usz21mthVKYXYKw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' blob: wss: data: https: 'report-sample'; block-all-mixed-content; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https: 'report-sample'; style-src 'self' 'unsafe-inline' data: https: 'report-sample'; report-uri /nelmio/csp/report 1 object-src 'none';base-uri 'self';script-src 'nonce-KC9dRubMe7pAaJcV7ulS1Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.googleapis.com *.gstatic.com data: fonts.googleapis.com fonts.gstatic.com *.klarnacdn.net *.fontawesome.com *.cloudflare.com *.bootstrapcdn.com *.commerce-connector.com *.typekit.net */csp/report/uri/ *.hotjar.com *.hotjar.io *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.cardinalcommerce.com *.paypal.com https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.klarna.com *.mercadolibre.com *.google.com *.gstatic.com *.facebook.com *.bluesnap.com *.kaptcha.com *.adsrvr.org *.hotjar.com *.hotjar.io */csp/report/uri/ *.hubspot.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://plumrocket.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobedtm.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com *.essentialaccessibility.com *.wahlanimal.com s.ytimg.com *.google.com *.google.com.mx *.google-analytics.com *.facebook.com ct.pinterest.com bat.bing.com *.google.co.in *.cloudflare.com *.wahlclipper.com *.powerreviews.com *.googletagmanager.com *.cloudfront.net *.webcollage.net *.syndigo.cloud *.postcodeanywhere.co.uk */csp/report/uri/ *.reddit.com *.hsforms.com *.hubspot.com *.google.com.in *.payments-amazon.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.klarna.com *.klarnacdn.net *.klarnaservices.com *.avada.io *.mlstatic.com *.mercadopago.com *.powerreviews.com *.google.com *.newrelic.com js-agent.newrelic.com *.googletagmanager.com https://www.googletagmanager.com/gtm.js connect.facebook.net bat.bing.com *.google-analytics.com *.googleoptimize.com https://www.googleoptimize.com/optimize.js *.trustedsite.com *.cloudflare.com *.twitter.com *.fontawesome.com *.nr-data.net *.wahlclipper.com *.googleapis.com *.jsdelivr.net *.bluesnap.com *.webcollage.net *.syndigo.com *.adsrvr.org *.hotjar.com *.hotjar.io *.pcapredict.com *.postcodeanywhere.co.uk *.commerce-connector.com *.amazonaws.com/ */csp/report/uri/ *.redditstatic.com *.hs-scripts.com *.hscollectedforms.net *.hs-banner.com *.usemessages.com *.hs-analytics.net *.kaptcha.com *.hsadspixel.net *.hsleadflows.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.klarnacdn.net *.fontawesome.com *.googleapis.com *.powerreviews.com getfirebug.com display.ugc.bazaarvoice.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com *.cloudflare.com *.bootstrapcdn.com *.wahlclipper.com *.jsdelivr.net *.postcodeanywhere.co.uk *.commerce-connector.com *.typekit.net */csp/report/uri/ unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolibre.com stats.g.doubleclick.net ct.pinterest.com *.google-analytics.com *.whatcounts.com siteanalytics.whatcounts.com https://siteanalytics.whatcounts.com *.amazonaws.com/ api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.amazonaws.com *.yotpo.com *.cloudflare.com *.powerreviews.com *.nr-data.net *.wahlclipper.com *.syndigo.com *.postcodeanywhere.co.uk wss://ws41.hotjar.com *.commerce-connector.com */csp/report/uri/ *.facebook.com wss://*.hotjar.com *.hotjar.com *.hotjar.io *.hubspot.com *.hubapi.com *.hs-banner.com *.kaptcha.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1 font-src fonts.gstatic.com *.cloudflare.com *.typekit.net *.trustedshops.com *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com youtu.be *.vimeo.com *.addthis.com *.google.com/ www.facebook.com platform.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.cloudflare.com https://cdn.klarna.com *.paypal.com https://s.ytimg.com *.usercentrics.eu blob: https://www.magezon.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.cloudflare.com *.google-analytics.com *.google.com *.gstatic.com *.googleadservices.com *.googleapis.com *.trustedshops.com *.usercentrics.eu *.addthis.com *.addthisedge.com *.moatads.com s7.addthis.com *.avada.io *.google.com/ connect.facebook.net twitter.com platform.twitter.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com *.cloudflare.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com cdn.ampproject.org *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.cloudflare.com *.paypal.com *.googleapis.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' *.ctfassets.net *.trackjs.com *.demdex.net; font-src 'self' *.gstatic.com; img-src 'self' *.ctfassets.net *.trackjs.com costalimited.d3.sc.omtrdc.net *.gstatic.com data: *.onetrust.com cm.everesttech.net *.googleapis.com; connect-src 'self' *.go-mpulse.net cdn-ukwest.onetrust.com trial-eum-clientnsv4-s.akamaihd.net trial-eum-clienttons-s.akamaihd.net *.akstat.io *.demdex.net costalimited.d3.sc.omtrdc.net *.onetrust.io *.trackjs.com maps.googleapis.com; script-src 'self'; script-src-elem 'self' 'unsafe-inline' assets.adobedtm.com *.go-mpulse.net cdn-ukwest.onetrust.com maps.googleapis.com fonts.googleapis.com; style-src-attr 'self' 'unsafe-inline'; style-src 'self'; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com; script-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri https://costa.report-uri.com/r/t/csp/reportOnly; report-to default 1 block-all-mixed-content;child-src blob:;connect-src 'self' d2xg8ju40huerl.cloudfront.net cdnmain.guidefitter.com guidefitterconfidential.s3.amazonaws.com s3.amazonaws.com/upload.guidefitter.com/ game.guidefitter.com https://*.facebook.com https://*.zendesk.com https://*.zdassets.com wss://widget-mediator.zopim.com https://*.zopim.com https://*.authorize.net https://*.bing.com https://vimeo.com https://*.vimeo.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://*.g.doubleclick.net https://us-street.api.smartystreets.com https://*.klaviyo.com https://*.clarity.ms https://analytics.tiktok.com *.dca0.com https://*.mapbox.com https://lending-api.credova.com guidefitterconfidential.s3.us-east-1.amazonaws.com s3.us-east-1.amazonaws.com/upload.guidefitter.com/;default-src 'self' d2xg8ju40huerl.cloudfront.net cdnmain.guidefitter.com cdnmedia.guidefitter.com;font-src 'self' *.typekit.net fonts.gstatic.com data:;frame-src 'self' https://www.facebook.com https://connect.facebook.net fbrpc://call player.vimeo.com https://www.googletagmanager.com https://www.google-analytics.com https://www.youtube.com https://widget-prime.rafflecopter.com;img-src * blob: data:;media-src 'self' *.zdassets.com shop.guidefitter.com google.com;script-src 'self' d2xg8ju40huerl.cloudfront.net cdnmain.guidefitter.com game.guidefitter.com https://*.zdassets.com https://*.zopim.com https://*.authorize.net https://bat.bing.com https://*.cdn-apple.com https://connect.facebook.net player.vimeo.com https://www.google.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://www.googleadservices.com https://*.klaviyo.com https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob: data: https://*.mapbox.com https://*.adroll.com https://*.adroll.mgr.consensu.org https://*.dca0.com https://widget-prime.rafflecopter.com https://snap.licdn.com;style-src 'self' *.typekit.net d2xg8ju40huerl.cloudfront.net cdnmain.guidefitter.com 'unsafe-inline';report-to default;report-uri https://guidefitter.report-uri.com/r/d/csp/reportOnly 1 report-uri https://csp.withgoogle.com/csp/forms/prod;frame-ancestors 'none' 1 script-src 'self' 'unsafe-eval' 'unsafe-inline' *.cloudmaestro.com acuityplatform.com ajax.googleapis.com cdn.onesignal.com dynamic.cannedbanners.com js-agent.newrelic.com nsg.symantec.com onesignal.com seal.godaddy.com *.freedommunitions.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com acuityplatform.com bam.nr-data.net maps.google.com pixel.mathtag.com a2.adform.net 279-ct.c3tag.com maps.googleapis.com; report-uri /.webscale/csp-report 1 script-src https://height.app https://*.height.app https://tag.clearbitscripts.com https://www.googletagmanager.com https://www.google-analytics.com https://x.clearbitjs.com https://app.clearbit.com https://*.intercom.io https://js.intercomcdn.com https://static.zdassets.com https://snap.licdn.com https://*.stripe.com https://www.youtube.com https://*.framer.com https://framerusercontent.com https://app.framerstatic.com/ 'nonce-aa8c2d3c33967961e045'; report-uri /csp-violation-report 1 object-src 'none';base-uri 'self';script-src 'nonce-U2Tu7eE1Z00Spokw_uWGAA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src *.cuofco.org:*; script-src *.cuofco.org static.addtoany.com api.glia.com js.poshdevelopment.com *.googletagmanager.com 'unsafe-inline' bam.nr-data.net connect.facebook.net libs.salemove.com js-agent.newrelic.com *.google-analytics.com js.alpixtrack.com embed.signalintent.com cdn.segment.com www.googleadservices.com maps.googleapis.com *.googleadservices.com 'unsafe-eval' applicationtest.cuofco.org platform.fonolo.com; object-src self; style-src *.cuofco.org fonts.googleapis.com 'unsafe-inline' libs.salemove.com embed.signalintent.com; img-src *.cuofco.org *.facebook.com alpixtrack.com *.google.com *.google-analytics.com data: www.googletagmanager.com uploads.salemove.com *.google.com maps.gstatic.com maps.googleapis.com khms0.googleapis.com; media-src *.cuofco.org libs.salemove.com; frame-src *.cuofco.org static.addtoany.com embed.fleeq.io batchgeo.com maps.googleapis.com maps.google.com platform.fonolo.com; frame-ancestors *; child-src *.cuofco.org; font-src *.cuofco.org fonts.gstatic.com fonts.googleapis.com themes.googleusercontent.com data: embed.signalintent.com; connect-src *.cuofco.org bam.nr-data.net pubsub.salemove.com *.google-analytics.com stats.g.doubleclick.net client-logger.salemove.com api.glia.com wss://pubsub.salemove.com api.salemove.com js.alpixtrack.com *.facebook.com alpixtrack.com signal-intent-production-back.herokuapp.com cdn.segment.com api.segment.io kluster.salemove.com wss://kluster.salemove.com adservice.google.com applicationtest.cuofco.org; report-uri /report-csp-violation 1 object-src 'none';base-uri 'self';script-src 'nonce-BJa00GstB2jeBWQAFKUPxw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.cloudflare.com *.bootstrapcdn.com *.twitter.com *.facebook.net *.facebook.com *.projectplanet.us *.braintreegateway.com maxcdn.bootstrapcdn.com *.google.com *.google.co.in *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.gundamplanet.com *.figurise.com *.planetconnection.org data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com *.facebook.com *.gundamplanet.com *.figurise.com *.planetconnection.org 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.twitter.com *.facebook.net https://www.facebook.com *.projectplanet.us *.braintreegateway.com *.youtu.be *.youtube.co https://www.google.com *.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://www.google.co.in *.gundamplanet.com *.figurise.com *.planetconnection.org 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cloudflare.com *.pinterest.com *.paypal.com *.twitter.com *.google.com *.google.co.in *.twimg.com *.projectplanet.us www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com https://www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com *.gundamplanet.com *.figurise.com *.planetconnection.org data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.cloudflare.com *.twitter.com *.twimg.com *.fontawesome.com unpkg.com *.facebook.net *.pinterest.com *.paypal.com *.google-analytics.com *.google.com *.projectplanet.us js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.google.co.in *.facebook.com *.googleadservices.com *.gstatic.com *.trustedshops.com *.usercentrics.eu https://connect.facebook.net *.paypalobjects.com https://chimpstatic.com *.googletagmanager.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.bootstrapcdn.com *.gundamplanet.com *.figurise.com *.planetconnection.org cdn.routeapp.io fonts.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com unpkg.com *.pinterest.com *.twimg.com *.twitter.com *.projectplanet.us maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.google.com *.google.co.in *.facebook.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.youtube.com *.gundamplanet.com *.figurise.com *.planetconnection.org fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cloudflare.com *.facebook.net *.google-analytics.com *.pinterest.com *.paypal.com *.twitter.com *.doubleclick.net *.twimg.com *.projectplanet.us *.braintree-api.com *.braintreegateway.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.google.com google.com *.google.co.in *.facebook.com *.gundamplanet.com *.figurise.com *.planetconnection.org api.route.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.gundamplanet.com/; report-to report-endpoint; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: ipapi.co region1.google-analytics.com cdn.jsdelivr.net www.google-analytics.com *.facebook.net www.googletagmanager.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 object-src 'none';base-uri 'self';script-src 'nonce-BmkouMiqarJmytrm03wREA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-9a166f283dc946f883b904427417233d' https://www.mybassetthealthconnection.org 'self';img-src https://* 'self' blob: data:;style-src https://www.mybassetthealthconnection.org 'self' 'unsafe-inline';form-action 'self';media-src https://* 'self'; 1 font-src *.lionco.com *.typekit.net data: strutagiocdn.blob.core.windows.net js.klevu.com stats.g.doubleclick.net *.hotjar.com https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.nosto.com *.nos.to *.lionco.com www.facebook.com stats.g.doubleclick.net *.hotjar.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.nosto.com *.nos.to *.lionco.com www.facebook.com strutfit.azurewebsites.net *.hotjar.com *.hubspot.com *.paypal.com stats.g.doubleclick.net *.cylindo.com ct.pinterest.com *.tillpayments.com www.tickcounter.com *.tickcounter.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com *.nosto.com *.nos.to *.lionco.com www.facebook.com static.afterpay.com static.secure-afterpay.com.au a.klaviyo.com js.klevu.com *.cloudfront.net https://*.google.com portal.sandbox.afterpay.com *.hubspot.com stats.g.doubleclick.net *.hotjar.com *.cylindo.com ct.pinterest.com usage.trackjs.com forms.hsforms.com bam.nr-data.net *.hsforms.com *.cocorepublic.com.au *.cocorepublic.co.nz *.cocorepublic.com t.zip.co static.zipmoney.com.au https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com *.alothemes.com *.magepow.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://api.addressfinder.io *.adyen.com polyfill.io *.nosto.com *.nos.to *.lionco.com connect.facebook.net *.newrelic.com *.nr-data.net *.paypal.com solve.io maps.googleapis.com https://*.gstatic.com https://*.google.com portal-sandbox.afterpay.com stats.g.doubleclick.net *.zipmoney.com.au *.bpaygroup.com.au *.cylindo.com gateway.tillpayments.com api.sandbox.zipmoney.com.au cdn.trackjs.com s.pinimg.com js.hs-scripts.com static.hotjar.com cdn.jsdelivr.net script.hotjar.com js.hsleadflows.net js.hs-banner.com js.hscollectedforms.net js.hs-analytics.net trx-cdn.zip.co d1nv5i00u1m742.cloudfront.net www.tickcounter.com *.tickcounter.com js.hsforms.net static.zipmoney.com.au zip.co https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com s7.addthis.com *.avada.io *.alothemes.com *.magepow.com *.tillpayments.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://api.addressfinder.io *.nosto.com *.nos.to *.lionco.com *.klaviyo.com foursixty.com *.typekit.net js.klevu.com stats.g.doubleclick.net *.hotjar.com *.cylindo.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com *.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com videodelivery.net blob: * 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.addressfinder.io *.adyen.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.nosto.com *.nos.to *.klaviyo.com *.lionco.com foursixty.com *.nr-data.net strutfitportalapi.azurewebsites.net www.google.com.ua stats.g.doubleclick.net googleads.g.doubleclick.net api.hubapi.com *.hotjar.com *.ksearchnet.com *.tillpayments.com *.zipmoney.com.au videodelivery.net ct.pinterest.com capture.trackjs.com forms.hscollectedforms.net wss://wsp10.hotjar.com/ wss://wsp25.hotjar.com/ wss://*.hotjar.com/ content.hotjar.io forms.hubspot.com in.hotjar.com *.cloudfront.net *.cylindo.com forms.hsforms.com *.hsforms.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com ekr.zdassets.com/ https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self'; block-all-mixed-content; connect-src 'self' wss://de20.zopim.com csi.gstatic.com maps.gstatic.com korrelatie.zendesk.com wss://widget-mediator.zopim.com ekr.zdassets.com veiligthuis.zendesk.com google-analytics.com googleapis.com; font-src 'self' fonts.gstatic.com googleapis.com v2.zopim.com; form-action 'self'; img-src 'self' data: www.googletagmanager.com www.google-analytics.com analytics.connectholland.nl v2.zopim.com maps.gstatic.com googleapis.com csi.gstatic.com; media-src static.zdassets.com; script-src 'self' googletagmanager.com googleoptimize.com google-analytics.com analytics.connectholland.nl v2.zopim.com googleapis.com pg-ws-ggz.custhelp.com static.zdassets.com connect.facebook.net; style-src 'self' 'unsafe-inline' pg-ws-ggz.widget.custhelp.com 1 font-src https://*.mailcampaigns.nl https://widgets.trustedshops.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net www.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.facebook.com www.google.com https://*.hotjar.com https://*.doubleclick.net *.weltpixel.com https://maps.google.com/ *.multisafepay.com https://pay.google.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://images.unsplash.com https://*.bing.com https://*.google-analytics.com https://*.google.nl https://*.google.com https://*.clarity.ms https://*.facebook.com https://*.facebook.net https://*.googletagmanager.com https://*.chromeburner.test blob: https://*.chromeburner.com https://*.chromeburner.nl https://*.hotjar.com https://*.mailcampaigns.nl *.cloudfront.net https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.gstatic.com *.multisafepay.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.bing.com https://*.google-analytics.com https://*.webgains.io https://*.clarity.ms https://*.facebook.net https://*.googleadservices.com https://*.doubleclick.net https://*.chromeburner.test https://*.chromeburner.com https://*.chromeburner.nl https://*.hotjar.com https://*.mailcampaigns.nl analytics.tiktok.com cdn.flbx.io *.getflowbox.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com widget.freshworks.com m2epro.freshdesk.com https://www.googletagmanager.com tagmanager.google.com *.multisafepay.com https://pay.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://*.mailcampaigns.nl https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com widget.freshworks.com m2epro.freshdesk.com tagmanager.google.com *.fontawesome.com maxcdn.bootstrapcdn.com *.multisafepay.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net https://*.bing.com https://*.doubleclick.net https://*.google.com https://*.google.nl https://*.clarity.ms https://*.chromeburner.test https://*.chromeburner.com https://*.chromeburner.nl https://*.googletagmanager.com https://*.hotjar.com https://*.google-analytics.com https://*.mailcampaigns.nl analytics.tiktok.com cdn.flbx.io *.getflowbox.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site widget.freshworks.com m2epro.freshdesk.com https://www.google-analytics.com *.multisafepay.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk https://static.addtoany.com/ *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.iubenda.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.weltpixel.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.afterpay.com https://site-assets.afterpay.com/ https://redchamps.com *.trackedlink.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.iubenda.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com https://static.addtoany.com/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.iubenda.com *.googleapis.com *.google.com *.gstatic.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com downloads.mailchimp.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com https://stats.addtoany.com/menu *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.iubenda.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://cdn.optimizely.com www.google-analytics.com www.gstatic.com https://analytics.twitter.com https://ssl.google-analytics.com https://www.youtube.com https://www.google.com https://*.googleapis.com https://bat.bing.com use.typekit.net https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://connect.facebook.net https://platform.twitter.com https://rum-static.pingdom.net https://ajax.aspnetcdn.com ; style-src 'self' data: 'unsafe-inline' *.googleapis.com use.typekit.net https://hello.myfonts.net; img-src * data: ; font-src 'self' data: https://fonts.typekit.net fonts.gstatic.com https://use.typekit.net http://fontface.ninja; child-src 'self' http://sdn.sitecore.net https://www.youtube.com https://player.vimeo.com https://platform.twitter.com https://player.youku.com https://v1-tt.ixigua.com https://www.google.com https://accounts.google.com https://www.googletagmanager.com ; frame-src 'self' http://sdn.sitecore.net https://www.youtube.com ; frame-ancestors 'self' ; connect-src 'self' https://rum-collector-2.pingdom.net ; media-src 'self' ; report-uri https://3chilliesdev.report-uri.com/r/d/csp/wizard; 1 font-src fonts.gstatic.com use.typekit.net *.klarnacdn.net *.fontawesome.com https://use.typekit.net https://fonts.gstatic.com 'unsafe-inline' data: use.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://www.facebook.com https://facebook.com core.spreedly.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.sharethis.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.awin1.com *.zenaps.com *.fls.doubleclick.net *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://www.facebook.com https://facebook.com core.spreedly.com *.weltpixel.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.sharethis.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.awin1.com *.zenaps.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com *.trackedlink.net *.klarna.com *.klarnaevt.com *.klarnacdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://www.facebook.com https://facebook.com *.gstatic.com *.yotpo.com swellrewards.com *.swellrewards.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com www.apptrian.com pinterest.com www.pinterest.com s.pinimg.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarna.com *.klarnacdn.net *.klarnaservices.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.facebook.com https://facebook.com https://connect.facebook.com https://connect.facebook.net https://www.googletagmanager.com https://js-agent.newrelic.com https://bam.nr-data.net https://pi.pardot.com core.spreedly.com *.subscribepro.com tagmanager.google.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.sharethis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarnacdn.net *.fontawesome.com unsafe-inline assets.braintreegateway.com https://use.typekit.net https://p.typekit.net *.subscribepro.com tagmanager.google.com *.yotpo.com swellrewards.com *.swellrewards.com maxcdn.bootstrapcdn.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net qa-api.magedevteam.com *.sharethis.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com https://the.sciencebehindecommerce.com thm.visa.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.subscribepro.com core.spreedly.com https://www.google-analytics.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com https://fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com v2.zopim.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.twitter.com www.googletagmanager.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com https://*.google.com *.doubleclick.net https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.twitter.com axi.maxiaxi.com *.pinterest.com *.addthis.com https://consentcdn.cookiebot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com data: https://*.google.com *.google.bg *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com https://static.buckaroo.nl validate.fishpig.co.uk https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://redchamps.com ts.tradetracker.net www.magmodules.eu *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net *.maxiaxi.com bat.bing.com www.google.nl *.squeezely.tech tm-tradetracker.net *.pinterest.com *.googleapis.com *.googleoptimize.com squeezely.tech *.linkedin.com *.cookiebot.com *.etrusted.com *.adobedtm.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://*.google.com *.google.bg *.googletagmanager.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl https://cdn.polyfill.io https://browser.sentry-cdn.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.avada.io tm.tradetracker.net *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com app.aiden.cx js-agent.newrelic.com bam.nr-data.net rum-static.pingdom.net *.trustpilot.com *.zopim.com static.sooqr.com *.zdassets.com bat.bing.com static.buckaroo.nl *.squeezely.tech tm-tradetracker.net *.maxiaxi.com *.clarity.ms *.googleoptimize.com *.zendesk.com bam.eu01.nr-data.net squeezely.tech *.pinimg *.addthis.com *.addthisedge.com *.moatads.com *.pinimg.com *.hotjar.com *.hotjar.io *.licdn.com *.beslist.nl *.tiktok.com *.stripe.com *.cookiebot.com *.etrusted.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu static.sooqr.com *.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google-analytics.com *.facebook.net https://*.google.com https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://*.ingest.sentry.io https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://get.geojs.io *.avada.io *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com bam.nr-data.net *.zdassets.com widget-mediator.zopim.com stats.g.doubleclick.net squeezely.tech cognito-identity.eu-central-1.amazonaws.com rum-collector-2.pingdom.net wss://widget-mediator.zopim.com *.maxiaxi.com *.clarity.ms *.googleapis.com *.googleoptimize.com *.googletagmanager.com *.pinterest.com measurement-api.criteo.com *.zendesk.com bam.eu01.nr-data.net *.addthis.com *.hotjar.com *.beslist.nl *.tiktok.com app.aiden.cx *.hotjar.io wss://ws.hotjar.com analytics.pangle-ads.com googleads.g.doubleclick.net *.ads.linkedin.com *.cookiebot.com *.etrusted.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.gstatic.com 'self' data: fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: *.gstatic.com *.cdninstagram.com *.fbcdn.net maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.google.com *.gstatic.com ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com unsafe-inline *.googleapis.com *.gstatic.com fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com t.elasticsuite.io *.google-analytics.com https://www.google-analytics.com *.instagram.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.wesupply.xyz *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.cloudflare.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://gtm.moneybird.nl https://gtm.moneybird.de https://gtm.moneybird.com https://www.google-analytics.com https://www.youtube.com https://maps.googleapis.com https://bat.bing.com https://*.demio.com https://d3s4clg74dg0wr.cloudfront.net https://zapier.com https://www.clarity.ms https://static.homerun.co https://unpkg.com/@googlemaps/ https://euc-widget.freshworks.com https://moneybird.freshdesk.com; style-src 'self' 'unsafe-inline' https://moneybird.nl https://www.moneybird.nl https://www.googletagmanager.com https://gtm.moneybird.nl https://gtm.moneybird.de https://gtm.moneybird.com https://www.gstatic.com https://d3s4clg74dg0wr.cloudfront.net https://fonts.googleapis.com https://*.demio.com https://static.homerun.co https://fonts.bunny.net https://euc-widget.freshworks.com https://moneybird.freshdesk.com; img-src 'self' https://moneybird.nl https://www.moneybird.nl https://prismic-io.s3.amazonaws.com https://images.prismic.io https://dl6oytjgv033w.cloudfront.net https://www.gstatic.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://gtm.moneybird.nl https://gtm.moneybird.de https://gtm.moneybird.com https://www.google.nl https://www.google.com https://i.ytimg.com https://maps.gstatic.com https://csi.gstatic.com https://maps.googleapis.com https://bat.bing.com https://zapier.com https://cdn.zapier.com https://euc-widget.freshworks.com https://moneybird.freshdesk.com data:; object-src 'self' https://www.youtube-nocookie.com https://www.youtube.com; connect-src 'self' https://moneybird.nl https://www.moneybird.nl https://help.moneybird.nl https://bat.bing.com https://gtm.moneybird.nl https://gtm.moneybird.com https://gtm.moneybird.de https://pagead2.googlesyndication.com https://*.google-analytics.com https://www.gstatic.com https://moneybird.com https://www.moneybird.com https://homerun.co https://stats.g.doubleclick.net https://*.demio.com https://j.clarity.ms https://embed.homerun.co https://maps.googleapis.com https://euc-widget.freshworks.com https://moneybird.freshdesk.com; frame-src 'self' https://www.googletagmanager.com https://gtm.moneybird.nl https://gtm.moneybird.de https://gtm.moneybird.com https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com https://moneybird.clickwebinar.com https://w.soundcloud.com https://euc-widget.freshworks.com https://moneybird.freshdesk.com; font-src 'self' https://moneybird.nl https://www.moneybird.nl https://fonts.googleapis.com https://fonts.gstatic.com https://fonts.bunny.net; report-uri https://moneybird.com/csp_report; 1 font-src 'self' https://themes.googleusercontent.com; object-src 'none'; script-src 'self' 'unsafe-eval' https://script.hotjar.com/ https://static.hotjar.com/ https://www.google-analytics.com https://cdn.polyfill.io https://s7.addthis.com ; script-src-attr 'self'; script-src-elem 'self' https://cdnjs.cloudflare.com https://w.soundcloud.com https://api.mapbox.com https://cdn.polyfill.io https://static.hotjar.com https://script.hotjar.com https://z.moatads.com https://m.addthis.com https://www.youtube.com https://consent.cookiebot.com https://www.google-analytics.com https://s7.addthis.com 'sha256-1+Cf0MpgMeAdYE71kZDw/fwFoomE9tuVHNc5bfbr4Ec=' 'sha256-qEtBhEt7LBIkPsJhc5SAWncD4a195AgZD/pVNtWSL10=' 'sha256-J9n5DF5st46gVGL8GzdjNG8A1zGBxPJk6tH5oSF6Tyg=' 'sha256-g5oIJAuA37LtZKMAhxE7RynOM9c4l4NBD+EhwJNDKic='; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://cdn.plyr.io https://s7.addthis.com https://api.mapbox.com https://fast.fonts.net 'sha256-poV01TJbaMV18D8EJwVTN9t3bkxveYNuPepttEQH0+U=' 'sha256-X6KfH7TaToeygXFZYZ/RGvsp8WRgyq/twW0YsSqmOOU=' 'sha256-J2ZDMX9K2lk5N09Uhdo7kZuDfw7sjgOktEQc0a0ETCo=' 'sha256-J2ZDMX9K2lk5N09Uhdo7kZuDfw7sjgOktEQc0a0ETCo=' 'sha256-iYqob1vCcitIN4aN8bIKm+LqktmCbhq/FJKYOIMyJI4=' 'sha256-J2ZDMX9K2lk5N09Uhdo7kZuDfw7sjgOktEQc0a0ETCo=' 'sha256-iYqob1vCcitIN4aN8bIKm+LqktmCbhq/FJKYOIMyJI4=' 'sha256-5uIP+HBVRu0WW8ep6d6+YVfhgkl0AcIabZrBS5JJAzs=' 'sha256-7xqMqDOfWqvgvujBp1NXgw9yq9uWja1UZbZbBoSphjU=' 'sha256-ZVjd2zfSTfAVh1y7eCcNk0SPGUQOP/H8vzrFJIVgg90=' 'sha256-fjmaX91xUDlGUTxY/szL7A5PQqt9rLuMUMbMf8sT+Lc=' 'sha256-fjmaX91xUDlGUTxY/szL7A5PQqt9rLuMUMbMf8sT+Lc=' 'sha256-5uIP+HBVRu0WW8ep6d6+YVfhgkl0AcIabZrBS5JJAzs=' 'sha256-7xqMqDOfWqvgvujBp1NXgw9yq9uWja1UZbZbBoSphjU=' 'sha256-ZVjd2zfSTfAVh1y7eCcNk0SPGUQOP/H8vzrFJIVgg90=' 'sha256-SvLgADqEePEV9RNxBrRQXSBJafFHcVNG7cPzHz6h9eA=' 'sha256-wIuuK5ba7OAcKAanTmQNfXsquALURJjbDNey9fYOgrk=' 'sha256-anQSeQoEnQnBulZOQkDOFf+e6xBIGmqh7M8YFT992co=' 'sha256-VsJNTaKp409NhUITbB2mOLpiboxCZSXTPwfYbJLP1ZQ=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-/XOL6/ktI8zx0VbRjIDctHg8VZDcUZeSE2S1QK1coio=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-ZeTWW+rFkSkj0IFVfF0zx5925dKMI0MMA4HKxDbZPfg=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='; style-src-attr 'self' 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' https://www.youtube.com; report-uri https://sentry.ecedi.net/api/21/security/?sentry_key=650ab2e11c314f6ca6da7f2f13ac2ee6&sentry_environment=production&sentry_release=production 1 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; media-src https: data:; font-src https: data:; report-uri /csp-report; 1 object-src 'none';base-uri 'self';script-src 'nonce-VvjwCTJr4S_0ByowTFhTyA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src cdnjs.cloudflare.com fonts.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com magento.buildify.shop *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.sharethis.com platform.twitter.com magento.buildify.shop c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.sharethis.com s3.amazonaws.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com platform.twitter.com platform.instagram.com apis.google.com magento.buildify.shop https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com cdnjs.cloudflare.com fonts.googleapis.com magento.buildify.shop https://static.klaviyo.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://*.ingest.sentry.io https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.adobedtm.com *.feefo.com *.cookiebot.com *.hotjar.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.adobedtm.com *.feefo.com *.cookiebot.com *.hotjar.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.plugins.emarsys.net *.scarabresearch.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.adobedtm.com *.feefo.com *.cookiebot.com *.hotjar.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.scarabresearch.com *.eservice.emarsys.net http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.adobedtm.com *.feefo.com *.cookiebot.com *.hotjar.com *.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://online.flippingbook.com/; report-to report-endpoint; 1 object-src 'none';base-uri 'self';script-src 'nonce-D4lcu23L1NwSZ2mo83klHg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-vJk2sYvh6-H5WGkA1DVtUQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.googleapis.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://tr.snapchat.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.klarna.com https://js.klarna.com https://js.playground.klarna.com https://online2.superoffice.com *.fls.doubleclick.net https://tr.snapchat.com https://vars.hotjar.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.klarna.com *.klarnaevt.com *.klarnacdn.net *.googleapis.com *.gstatic.com https://eu.klarnaevt.com https://eu.playground.klarnaevt.com https://x.klarnacdn.net/ https://visitanalytics.userreport.com https://ad.doubleclick.net https://ib.adnxs.com https://adservice.google.com https://www.google.com https://www.google.se https://www.google.no https://www.facebook.com flagpedia.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.klarna.com *.klarnacdn.net *.googleapis.com *.gstatic.com https://js.klarna.com https://js.playground.klarna.com https://js-agent.newrelic.com/ https://bam.eu01.nr-data.net/ https://cdn-ukwest.onetrust.com/ https://www.tryggehandel.no/ https://online2.superoffice.com https://www.googleoptimize.com https://static.hotjar.com https://sc-static.net https://connect.facebook.net *.adnxs.com https://track.adform.net https://script.hotjar.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.klarnaevt.com *.googleapis.com https://*.54proxy.com https://eu.klarnaevt.com https://eu.playground.klarnaevt.com https://bam.eu01.nr-data.net https://cdn-ukwest.onetrust.com https://www.google-analytics.com https://stats.g.doubleclick.net https://tr.snapchat.com https://maps.googleapis.com *.klarnacdn.net *.klarna.com www.gstatic.com maps.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-uCyiQ7blAmUnz3VtFmdfqg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-Nq5nyHOcUEqTOlak64VLOQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 report-uri https://fresh-tracks-canada.uriports.com/reports/report; report-to default 1 object-src 'none';base-uri 'self';script-src 'nonce-9Wmgk7K1XozGhnGeBrX38Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.fontawesome.com fonts.googleapis.com maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.affirm.com *.affirm.ca *.getbread.com *.breadpayments.com *.rbcpayplan.com www.facebook.com platform.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.affirm.com *.affirm.ca *.getbread.com *.breadpayments.com *.rbcpayplan.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.affirm.com *.affirm.ca *.getbread.com *.breadpayments.com *.rbcpayplan.com widget.freshworks.com m2epro.freshdesk.com s7.addthis.com *.avada.io connect.facebook.net twitter.com platform.twitter.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.affirm.com *.affirm.ca *.getbread.com *.breadpayments.com *.rbcpayplan.com widget.freshworks.com m2epro.freshdesk.com ekr.zdassets.com/ https://get.geojs.io *.avada.io *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com googleads.g.doubleclick.net 7232514.collect.igodigital.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default 1 default-src 'self'; script-src 'self' inline 'unsafe-eval' https://www.googletagmanager.com https://public.flourish.studio https://static.axept.io https://challenges.cloudflare.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://static.hotjar.com https://script.hotjar.com https://static.axept.io https://public.flourish.studio https://cdn.addsearch.com https://challenges.cloudflare.com; script-src-attr 'self' 'unsafe-inline' inline https://static.axept.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; style-src-attr 'self' 'unsafe-inline' inline; style-src-elem 'self' 'unsafe-inline' https://cdn.addsearch.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://client.axept.io/ https://api.axept.io https://static.axept.io https://www.google-analytics.com https://analytics.google.com https://axeptio.imgix.net https://content.hotjar.io https://vc.hotjar.io https://in.hotjar.com https://script.hotjar.com https://csmetrics.hotjar.com wss://ws.hotjar.com https://api-eu.addsearch.com https://*.google-analytics.com https://*.analytics.google.com https://stats.g.doubleclick.net; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://flo.uri.sh https://airtable.com https://app.powerbi.com https://player.rss.com https://www.youtube-nocookie.com https://challenges.cloudflare.com; img-src 'self' data: https://public.flourish.studio https://axeptio.imgix.net https://www.googletagmanager.com https://favicons.axept.io https://cdn.addsearch.com https://i.ytimg.com https://*.gstatic.com https://www.google.at https://www.google.ch https://www.google.no https://www.google.jp https://www.google.fr; manifest-src 'self'; media-src 'self'; worker-src 'none'; report-uri /fileadmin/CspReportLogger.php 1 connect-src 'self' data: wss://fulltextsearch.org/flare ka-f.fontawesome.com yoast.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://www.google.pl translate.googleapis.com connect.facebook.net; default-src 'self'; font-src 'self' data: https://fonts.gstatic.com fonts.googleapis.com cdn.jsdelivr.net *.fontawesome.com/releases/v5.15.4/; frame-src 'self' data: uwr.edu.pl *.uwr.edu.pl maps.google.com *.youtube.com youtube.com player.vimeo.com www.google.com; img-src 'self' data: blob: graph.facebook.com *.xx.fbcdn.net s.w.org *.ytimg.com *.uwr.edu.pl *.fna.fbcdn.net secure.gravatar.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com www.google.pl https://ssl.gstatic.com https://www.gstatic.com *.vimeocdn.com; object-src 'self'; script-src 'self' cdn.jsdelivr.net https://*.googletagmanager.com www.youtube.com use.fontawesome.com kit.fontawesome.com ajax.googleapis.com cdn-eu.readspeaker.com polyfill.io code.jquery.com https://tagmanager.google.com www.googletagmanager.com 'unsafe-eval' 'unsafe-inline'; script-src-elem 'self' data: code.jquery.com kit.fontawesome.com polyfill.io cdn-eu.readspeaker.com www.google-analytics.com/analytics.js cdn-eu.readspeaker.com ajax.googleapis.com cdn.jsdelivr.net www.youtube.com/iframe_api *.www-widgetapi.js www.youtube.com cdnjs.cloudflare.com cdn.datatables.net secure.polldaddy.com connect.facebook.net 'unsafe-inline'; style-src 'self' cdn.jsdelivr.net cdn-eu.readspeaker.com https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline'; style-src-elem 'self' uwr.edu.pl cdn.jsdelivr.net www.youtube.com fonts.googleapis.com cdn-eu.readspeaker.com 'unsafe-inline'; report-uri https://sentry.bonasoft.pl/api/49/security/?sentry_key=1626435f85d7818c444d5cac8e44b682 1 font-src *.cloudfront.net *.reviews.io *.reviews.co.uk *.fontawesome.com *.gstatic.com 'self' data: https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ static.klaviyo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.reviews.io *.reviews.co.uk *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ magento-cloudflare.jetrails.com *.reviews.io *.reviews.co.uk c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * app-wallee.com *.criteo.com *.facebook.com ct.pinterest.com int.post.ch www.post.ch/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ytimg.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cloudfront.net *.reviews.io *.reviews.co.uk www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com app-wallee.com *.hsforms.net *.hsforms.com 'self' data: *.360yield.com *.3lift.com *.adform.net *.adnxs.com *.angela-bruderer.ch *.bidswitch.net *.casalemedia.com *.criteo.com *.doubleclick.net *.facebook.com *.google.de *.id5-sync.com id5-sync.com *.ivitrack.com *.krxd.net *.media.net *.mediavine.com *.omnitagjs.com *.outbrain.com *.praktikus.ch *.pubmatic.com *.rubiconproject.com *.sharethrough.com *.smartadserver.com *.smartclip.net *.taboola.com *.tdintern.de *.teads.tv *.thebrighttag.com *.tremorhub.com *.twiago.com *.yahoo.com *.yieldlab.net *.yieldmo.com bat.bing.com ct.pinterest.com *.google.ch d3k81ch9hvuctc.cloudfront.net https://trck.spoteffects.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.reviews.io *.reviews.co.uk https://l.ecn-ldr.de s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com app-wallee.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com *.cloudflareinsights.com *.criteo.com *.datareporter.eu *.getback.ch *.getsitecontrol.com *.newrelic.com *.nr-data.net *.usersnap.com *.analytics.maileon.com connect.facebook.net *.usernap.com s.pinimg.com bat.bing.com static.profity.ch/ static.klaviyo.com https://static-tracking.klaviyo.com https://analytics.maileon.com angela-bruderer-ag.onlyfy.jobs gtm.adt313.net https://trck.spoteffects.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.fontawesome.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com *.datareporter.eu static.getback.ch static-tracking.klaviyo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src *.cloudflareaccess.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cloudfront.net *.reviews.io *.reviews.co.uk *.econda-monitor.de *.crosssell.info ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.criteo.com *.datareporter.eu *.doubleclick.net *.getsitecontrol.com *.google.de *.nr-data.net *.bing.com *.getback.ch region1.analytics.google.com ct.pinterest.com events.getsitectrl.com https://a.klaviyo.com https://insights.algolia.io *.facebook.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com *.angela-bruderer.ch *.cloudflareaccess.com *.cloudflareinsights.com *.datareporter.eu *.facebook.com *.mediavine.com *.newrelic.com *.nr-data.net *.omnitagjs.com *.praktikus.ch *.tdintern.de *.tremorhub.com *.yieldlab.net *.getback.ch 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-44b3e30177d7462da787beae058abdb5' https://myceentachart.com 'self';img-src https://* 'self' blob: data:;style-src https://myceentachart.com 'self' 'unsafe-inline';form-action 'self';media-src https://* 'self'; 1 worker-src *.oklahomajoes.com blob:; font-src *.narvar.com *.narvar.qa *.fontawesome.com *.google.com s3.lightboxcdn.com data: *.acsbapp.com *.bazaarvoice.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca https://www.googletagmanager.com/ *.google.com/ ssl.kaptcha.com *.quiq-cdn.com *.pinterest.ca *.pinterest.com *.touchcommerce.com *.inq.com *.digital.nuance.com *.doubleclick.net *.google.com *.facebook.com *.googlesyndication.com *.bazaarvoice.com *.twitter.com *.quiq-api.com *.attn.tv creatives.attn.tv optimize.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.magezon.com *.narvar.com *.narvar.qa cdn.cookielaw.org idsync.rlcdn.com *.stackadapt.com *.thefontzone.com thefontzone.com *.google.ca *.googletagmanager.com *.google.com *.clarity.ms *.pinterest.com *.bazaarvoice.com *.bing.com t.co *.lightboxcdn.com *.contentsquare.net *.xg4ken.com *.doubleclick.net *.salsify.com *.wcbradley.com *.twitter.com *.acsbapp.com optimize.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca *.attn.tv events.attentivemobile.com *.plugins.emarsys.net *.scarabresearch.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.google.com/ *.qvdt3feo.com *.stackadapt.com *.thefontzone.com thefontzone.com js.narvar.com cdn.attn.tv analytics.tiktok.com *.touchcommerce.com *.quiq-api.com *.cookielaw.org *.pinterest.com *.quiq-cdn.com *.clarity.ms *.google.ca *.inq.com *.digital.nuance.com *.newrelic.com *.google.com *.adobedtm.com *.bazaarvoice.com *.cloudfront.net *.nr-data.net *.xg4ken.com *.acsbap.com *.acsbapp.com acsbap.com acsbapp.com *.pinimg.com *.ads-twitter.com *.twitter.com *.contentsquare.net *.doubleclick.net *.bing.com *.gstatic.com *.lightboxcdn.com *.azurewebsites.net *.magentocommerce.com *.atdmt.com t.co *.googlesyndication.com *.facebook.com *.mczbf.com *.tiles.mapbox.com *.googleoptimize.com optimize.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.stackadapt.com *.touchcommerce.com *.inq.com *.digital.nuance.com *.oklahomajoes.com *.lightboxcdn.com *.bazaarvoice.com *.twitter.com *.tiles.mapbox.com optimize.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.narvar.com *.narvar.qa *.touchcommerce.com *.inq.com *.digital.nuance.com *.google.com *.atdmt.com *.bazaarvoice.com *.bing.com *.contentsquare.net *.pinterest.com t.co *.lightboxcdn.com *.twitter.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca *.attn.tv events.attentivemobile.com *.scarabresearch.com *.eservice.emarsys.net http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.stackadapt.com *.thefontzone.com thefontzone.com analytics.tiktok.com oklahomajoes.attn.tv *.cookielaw.org *.onetrust.com *.quiq-api.com *.clarity.ms *.newrelic.com *.google.com *.pinterest.com *.contentsquare.net *.bazaarvoice.com *.acsbap.com *.acsbapp.com *.nr-data.net *.facebook.com *.twitter.com *.dpm.demdex.net *.mapbox.com bat.bing.com *.mczbf.com *.googlesyndication.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src *.oklahomajoes.com http: https: blob: 'self' 'unsafe-inline'; default-src *.touchcommerce.com *.inq.com *.digital.nuance.com *.scarabresearch.com *.newrelic.com *.google.com *.twitter.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.gstatic.com wsv3cdn.audioeye.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * bid.g.doubleclick.net/ *.addthis.com assets.pinterest.com *.facebook.com ssl.kaptcha.com tst.kaptcha.com wsv3cdn.audioeye.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de chimpstatic.com downloads.mailchimp.com *.list-manage.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.addthis.com *.addthisedge.com *.pinterest.com *.facebook.com *.moatads.com *.ads-twitter.com analytics.twitter.com buttons-config.sharethis.com platform-api.sharethis.com t.sharethis.com www.redditstatic.com www.mczbf.com connect.facebook.net wsmcdn.audioeye.com wsv3cdn.audioeye.com cmp.osano.com appleid.cdn-apple.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com unsafe-inline assets.braintreegateway.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com s3.amazonaws.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com googleads.g.doubleclick.net stats.g.doubleclick.net *.addthis.com l.sharethis.com platform-api.sharethis.com *.braintreegateway.com *.sandbox.paypal.com www.mczbf.com analytics.audioeye.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.msecnd.net survalyzer.survalyzer.swiss k-us1.az.contentsquare.net *.licdn.com c.az.contentsquare.net digitalcontentcenter.compas.siemens-info.com *.facebook.com dc.services.visualstudio.com *.azureedge.net p.brsrvr.com www.googletagmanager.com files.survalyzer.swiss *.gstatic.com *.mktoresp.com *.marketo.com *.cloudfront.net cdn.jsdelivr.net www.ideadigitalcontent.com runtimeapi.survalyzer-swiss.app *.adsrvr.org *.googleapis.com *.facebook.net ideadigitalasset.com t.contentsquare.net media.distributordatasolutions.com analytics.formstack.com cdns.brsrvr.com *.linkedin.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-82c98450e5d2418ea55c901acf93e0f8' https://www.mcleodmychart.org 'self';img-src https://* 'self' blob: data:;style-src https://www.mcleodmychart.org 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action 'self';media-src https://* 'self' blob:; 1 default-src https: data: wss: 'unsafe-inline' 'unsafe-eval' ; report-uri https://fr.tuto.com/a_reportcsp/log 1 base-uri 'self'; block-all-mixed-content; default-src 'self'; form-action 'self'; frame-ancestors 'self'; plugin-types 'none'; script-src 'self' 'report-sample' 'unsafe-inline'; style-src 'self' 'report-sample' 'unsafe-inline'; object-src 'none'; worker-src 'none'; report-uri https://prod.ap.batic.cudasvc.com/xenios/api/v1/error/report??paid=151&spid=16482&v=v1.0&payload=AAXF38vOSaaXGWoOrrKDU0TO8Z67w7B6wvdPMDuGYA-6P3sRg763y1igmEN7spUCYYzrUamkOEVmJ89nIbca68MhXMJbdWua0Lj8iT9UevJ4Gt27JP6boxYyM0WNsg9CIv6WFgs20rcTf3aeN-9qLFi3ugOZ0mx3iU7ig7-SnRiV257Tru5rBcNe68D3uSZJLp15YHg0zxlfy3Pg_bWi5A==; 1 object-src 'none';base-uri 'self';script-src 'nonce-xr_gqGbfvm5Lc37iQvcTAQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-fqYwv90426rHIx69d-yGBg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' *.texasfile.com 'nonce-w5kTdP9XXZm9dgxj'; img-src 'self' media.texasfile.com www.texasfile.com https://ssl.google-analytics.com staging.texasfile.com qa.texasfile.com lb2.texasfile.com assets.texasfile.com staging-assets.texasfile.com https://stats.g.doubleclick.net https://www.google.com/ads https://i.ytimg.com cdn.pendo.io app.pendo.io pendo-static-5685311968116736.storage.googleapis.com data.pendo.io data: blob:; frame-ancestors *.texasfile.com app.pendo.io; font-src 'self' *.texasfile.com fonts.googleapis.com fonts.gstatic.com; connect-src localhost:* *.texasfile.com app.pendo.io data.pendo.io pendo-static-5685311968116736.storage.googleapis.com *.google-analytics.com; script-src 'self' *.texasfile.com cdn.ravenjs.com *.google-analytics.com https://recaptcha.net www.google.com/recaptcha/api.js www.gstatic.com https://www.googletagmanager.com https://cdn.pydata.org/bokeh/release/bokeh-2.4.3.min.js https://cdn.pydata.org/bokeh/release/bokeh-widgets-2.4.3.min.js https://cdn.pydata.org/bokeh/release/bokeh-tables-2.4.3.min.js app.pendo.io pendo-io-static.storage.googleapis.com cdn.pendo.io pendo-static-5685311968116736.storage.googleapis.com data.pendo.io data: 'unsafe-eval' 'unsafe-inline'; worker-src blob:; frame-src *.texasfile.com https://www.google.com https://www.youtube.com; style-src 'self' *.texasfile.com fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/bokeh/1.0.4/bokeh.min.css https://cdnjs.cloudflare.com/ajax/libs/bokeh/1.0.4/bokeh-widgets.min.css https://cdnjs.cloudflare.com/ajax/libs/bokeh/1.0.4/bokeh-tables.css app.pendo.io cdn.pendo.io pendo-static-5685311968116736.storage.googleapis.com 'unsafe-inline' 1 default-src 'self' https://fonts.googleapis.com https://api.hubapi.com https://forms.hubspot.com https://forms.hsforms.com https://www.facebook.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://*.clarity.ms https://js.hsforms.net https://js.hsadspixel.net https://js.hsleadflows.net https://js.hs-analytics.net https://js.hs-banner.com https://script.hotjar.com https://static.hotjar.com https://js.hs-scripts.com https://snap.licdn.com https://stats.g.doubleclick.net/ https://fonts.cdnfonts.com https://use.fontawesome.com https://cdn-oc.readspeaker.com https://www.google.com.au https://*.google.com https://*.gstatic.com https://siteimproveanalytics.com https://*.doubleclick.net https://code.jquery.com https://*.vimeo.com/ https://cdnjs.cloudflare.com https://*.raisely.com/ https://*.myhealthforlife.com.au https://*.myhealthforlife.org.au https://s.yimg.com https://*.linkedin.com https://adriano-au.avanser.com https://api.ewaypayments.com https://www.youtube.com/ https://acdn.adnxs.com https://*.newrelic.com https://*.nr-data.net https://*.cdninstagram.com https://vc.hotjar.io/ https://*.algolia.net https://*.algolia.com https://*.algolianet.com blob:; object-src 'none'; img-src * data:; script-src 'self' https://fonts.googleapis.com https://api.hubapi.com https://forms.hubspot.com https://forms.hsforms.com https://www.facebook.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://*.clarity.ms https://js.hsforms.net https://js.hsadspixel.net https://js.hsleadflows.net https://js.hs-analytics.net https://js.hs-banner.com https://script.hotjar.com https://static.hotjar.com https://js.hs-scripts.com https://snap.licdn.com https://stats.g.doubleclick.net/ https://fonts.cdnfonts.com https://use.fontawesome.com https://cdn-oc.readspeaker.com https://www.google.com.au https://*.google.com https://*.gstatic.com https://siteimproveanalytics.com https://*.doubleclick.net https://code.jquery.com https://*.vimeo.com/ https://cdnjs.cloudflare.com https://*.raisely.com/ https://*.myhealthforlife.com.au https://*.myhealthforlife.org.au https://s.yimg.com https://*.linkedin.com https://adriano-au.avanser.com https://api.ewaypayments.com https://www.youtube.com/ https://acdn.adnxs.com https://*.newrelic.com https://*.nr-data.net https://*.cdninstagram.com https://vc.hotjar.io/ https://*.algolia.net https://*.algolia.com https://*.algolianet.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' * 'unsafe-inline'; font-src * data:; media-src *; 1 object-src 'none';base-uri 'self';script-src 'nonce-p9ySyrEB3lbOC1qCXlcacQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.bglobale.com *.global-e.com *.gstatic.com *.fontawesome.com https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.cookielaw.org https://mencia-6ccd.kxcdn.com https://menciacdn.felco.com https://felco-6ccd.kxcdn.com https://cdn.felco.com https://felco.com https://cdn.jsdelivr.net https://embed.typeform.com http://embed.typeform.com https://form.typeform.com https://s.pinimg.com https://connect.facebook.net https://facebook.com https://ct.pinterest.com felco.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com felco.com 'self' 'unsafe-inline'; frame-ancestors felco.com 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://js.digitalriverws.com *.bglobale.com *.global-e.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com checkout.postfinance.ch https://www.youtube.com https://cdn.cookielaw.org https://mencia-6ccd.kxcdn.com https://menciacdn.felco.com https://felco-6ccd.kxcdn.com https://cdn.felco.com https://felco.com https://cdn.jsdelivr.net https://embed.typeform.com http://embed.typeform.com https://form.typeform.com https://s.pinimg.com https://connect.facebook.net https://facebook.com https://ct.pinterest.com www.xtento.com felco.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://ui1.img.digitalrivercontent.net *.bglobale.com *.global-e.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.doubleclick.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com checkout.postfinance.ch https://maps.gstatic.com https://maps.googleapis.com http://pbs.twimg.com https://pbs.twimg.com https://i.ytimg.com https://mencia-6ccd.kxcdn.com https://menciacdn.felco.com https://felco-6ccd.kxcdn.com https://cdn.felco.com https://felco.com https://cdn.jsdelivr.net https://embed.typeform.com http://embed.typeform.com https://form.typeform.com https://s.pinimg.com https://connect.facebook.net https://facebook.com https://ct.pinterest.com www.xtento.com cdn.xtento.com felco.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ jquery.sellxed.com https://js.digitalriverws.com *.bglobale.com *.global-e.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.googletagmanager.com *.doubleclick.net *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com checkout.postfinance.ch https://maps.googleapis.com https://cdn.cookielaw.org https://code.jquery.com https://mencia-6ccd.kxcdn.com https://menciacdn.felco.com https://felco-6ccd.kxcdn.com https://cdn.felco.com https://felco.com https://cdn.jsdelivr.net https://embed.typeform.com http://embed.typeform.com https://form.typeform.com https://s.pinimg.com https://connect.facebook.net https://facebook.com https://ct.pinterest.com www.xtento.com cdn.xtento.com felco.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://js.digitalriverws.com *.bglobale.com *.global-e.com *.googleapis.com *.googletagmanager.com *.fontawesome.com unsafe-inline https://fonts.googleapis.com https://cdn.cookielaw.org https://mencia-6ccd.kxcdn.com https://menciacdn.felco.com https://felco-6ccd.kxcdn.com https://cdn.felco.com https://felco.com https://cdn.jsdelivr.net https://embed.typeform.com http://embed.typeform.com https://form.typeform.com https://s.pinimg.com https://connect.facebook.net https://facebook.com https://ct.pinterest.com *.bootstrapcdn.com felco.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com felco.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://*.ingest.sentry.io *.google-analytics.com *.google.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com https://cdn.cookielaw.org https://mencia-6ccd.kxcdn.com https://menciacdn.felco.com https://felco-6ccd.kxcdn.com https://cdn.felco.com https://felco.com https://cdn.jsdelivr.net https://embed.typeform.com http://embed.typeform.com https://form.typeform.com https://s.pinimg.com https://connect.facebook.net https://facebook.com https://ct.pinterest.com felco.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com felco.com http: https: blob: 'self' 'unsafe-inline'; default-src felco.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self'; script-src 'self' 'unsafe-inline' https://code.jquery.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://static-m.meteo.cat; font-src 'self' https://fonts.gstatic.com; 1 object-src 'none';base-uri 'self';script-src 'nonce-qZnLWwaqJHYZzKmIuH7Ypw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-VEOefff6FNhNq1lOuYWhsQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com/ https://www.youtube.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es https://www.magezon.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net cdn.powersuite-tools.com test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com tagmanager.google.com https://www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.plugins.emarsys.net *.scarabresearch.com *.googleapis.com *.google.com *.gstatic.com *.google.com/ eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.fontawesome.com *.google.com *.gstatic.com maxcdn.bootstrapcdn.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src powersuite-tools.com test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.google-analytics.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.scarabresearch.com *.eservice.emarsys.net http://dpm.demdex.net https://www.google.com https://www.gstatic.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 media-src blob: https:; worker-src blob: https:; font-src chrome-extension: data: https:; img-src data: blob: about: https: http://track.adform.net; default-src https: blob: data: ms-appx-web: wss: 'unsafe-inline' 'unsafe-eval'; report-uri https://handelsblatt.report-uri.com/r/d/csp/reportOnly 1 default-src 'report-sample' charanga.com charanga.com *.charanga.com *.charangascotland.co.uk *.charanga.scot *.charanga.dk www.musicfirstelementary.com www.charangamusicworld.co.uk d790nkh1vapup.cloudfront.net data: blob: 'unsafe-eval' 'unsafe-inline' *.stripe.com soundation4education.com *.soundation4education.com *.twitter.com cdn.syndication.twimg.com pbs.twimg.com rum-http-intake.logs.datadoghq.com www.datadoghq-browser-agent.com *.mapquestapi.com *.mqcdn.com *.tiles.mapbox.com *.mapquest.com *.tiles.mapquest.com *.typekit.net whereby.com *.whereby.com *.srv.whereby.com wss://*.sfu.whereby.com *.turn.whereby.com whitehatjr.com api.amplitude.com api.appearin.net stats.g.doubleclick.net *.google.com *.google.co.uk *.google.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net fonts.googleapis.com fonts.gstatic.com *.gstatic.com *.googleapis.com *.facebook.com *.xx.fbcdn.net *.youtube-nocookie.com *.youtube.com *.ytimg.com *.bing.com *.clarity.ms cdnjs.cloudflare.com ms-appx-web: ; object-src 'self' charanga.com *.charanga.com *.charangascotland.co.uk *.charanga.scot www.musicfirstelementary.com; report-uri https://charanga.com/general/csp_logger; frame-ancestors 'self' charanga.com *.charanga.com *.charangascotland.co.uk *.charanga.scot *.charanga.dk www.musicfirstelementary.com http://berkshiremaestros.org.uk www.berkshiremaestros.org.uk www.hounslowmusic.org.uk http://www.hounslowmusic.org.uk www.bhma.org.uk www.plymouthmeh.com www-bhma-org-uk.filesusr.com 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.trustpilot.com *.hotjar.com *.pcapredict.com *.psplugin.com *.postcodeanywhere.co.uk *.googleapis.com *.cardinalcommerce.com www.googletagmanager.com www.google-analytics.com js-agent.newrelic.com bam.nr-data.net cdn.jsdelivr.net; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.trustpilot.com *.hotjar.com *.pcapredict.com *.psplugin.com *.postcodeanywhere.co.uk *.googleapis.com *.cardinalcommerce.com www.googletagmanager.com www.google-analytics.com js-agent.newrelic.com bam.nr-data.net cdn.jsdelivr.net; worker-src 'self' *.psplugin.com blob:; frame-src *.trustpilot.com *.hotjar.com *.braintreegateway.com www.googletagmanager.com; frame-ancestors 'self' *.psplugin.com 1 style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com; object-src 'none'; base-uri 'none'; script-src 'self' 'unsafe-inline' bat.bing.com www.gstatic.com s.adroll.com d.adroll.com connect.facebook.net googleapis.com www.google-analytics.com www.googletagmanager.com *.pure.cloud js.braintreegateway.com; report-uri https://csp.withgoogle.com/csp/webpass/20191113_experiment; 1 font-src *.googleapis.com *.gstatic.com data: https://cdn.livechatinc.com *.klarnacdn.net *.fontawesome.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src *.youtube.com https://www.youtube-nocookie.com bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://secure.livechatinc.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.trustpilot.com *.weltpixel.com *.klarna.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com https://img.youtube.com https://www.google.co.uk https://bat.bing.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.klarna.com *.klarnaevt.com *.klarnacdn.net 'self' data: data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://cdn.segmentify.com https://cdn.livechatinc.com https://api.livechatinc.com https://bat.bing.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.trustpilot.com *.klarna.com *.klarnacdn.net *.klarnaservices.com *.google.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com https://static.klaviyo.com unsafe-inline assets.braintreegateway.com *.trustpilot.com *.klarnacdn.net *.fontawesome.com *.googleapis.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src vimeo.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://stats.g.doubleclick.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com *.google-analytics.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self'; script-src 'self' 'nonce-1gmY3X92UNhB'; style-src 'unsafe-inline'; report-uri /portal/xsslog?type=lp 1 object-src 'none';base-uri 'self';script-src 'nonce-X2KfqTD75O43YvqPd-BoPg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-82a69ee13f88492c8b868068d621b826' https://www.horlogeforum.nl/logs/ https://www.horlogeforum.nl/sidekiq/ https://www.horlogeforum.nl/mini-profiler-resources/ https://www.horlogeforum.nl/assets/ https://www.horlogeforum.nl/brotli_asset/ https://www.horlogeforum.nl/extra-locales/ https://www.horlogeforum.nl/highlight-js/ https://www.horlogeforum.nl/javascripts/ https://www.horlogeforum.nl/plugins/ https://www.horlogeforum.nl/theme-javascripts/ https://www.horlogeforum.nl/svg-sprite/ https://www.googletagmanager.com/gtm.js 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0=' https://www.googletagmanager.com; worker-src 'self' https://www.horlogeforum.nl/assets/ https://www.horlogeforum.nl/brotli_asset/ https://www.horlogeforum.nl/javascripts/ https://www.horlogeforum.nl/plugins/; frame-ancestors 'self'; manifest-src 'self' 1 font-src *.fontawesome.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action https://seo.mageplaza.com www.facebook.com my.pgcruises.com 'self' 'unsafe-inline'; frame-ancestors wordpress.pgcruises.com 'self'; frame-src libs.hipay.com media.ponant.com *.youtube.com *.google.com td.doubleclick.net asset.easydmp.net www.facebook.com *.vimeo.com wordpress.pgcruises.com my.pgcruises.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com s.ytimg.com validate.fishpig.co.uk *.ponant.com 'self' data: maps.gstatic.com *.googleapis.com *.ggpht.com img.youtube.com *.ytimg.com www.facebook.com d.adroll.com *.google.com *.google.fr bat.bing.com *.linkedin.com www.googletagmanager.com *.pgcruises.com wordpress.pgcruises.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com www.youtube.com video.google.com libs.hipay.com mpsnare.iesnare.com maps.googleapis.com *.gstatic.com *.google.com connect.facebook.net lib.paymentjs.firstdata.com js.authorize.net jstest.authorize.net po.ponant.com try.abtasty.com hermes.allo-media.net s.adroll.com d.adroll.com d.adroll.mgr.consensu.org ponant.script.admo.tv *.linkedin.com snap.licdn.com bat.bing.com atout.email-match.com www.googletagmanager.com googleads.g.doubleclick.net asset.easydmp.net *.en25.com *.vimeo.com wordpress.pgcruises.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com fonts.gstatic.com fonts.googleapis.com s.adroll.com wordpress.pgcruises.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.ponant.com *.pgcruises.com wordpress.pgcruises.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src stage-data.hipay.com bat.bing.com data.ponant.com ponant.script.admo.tv ponant.admo.tv hermes.allo-media.net s.adroll.com ariane.abtasty.com dcinfos-cache.abtasty.com widgets.abtasty.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 worker-src blob:; font-src fonts.gstatic.com *.fontawesome.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.sharethis.com secure-gateway.hipay-tpp.com *.hipay.com https://widget.trustpilot.com csxd.{crossdomain} www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.sharethis.com *.contentsquare.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://maps.googleapis.com https://maps.gstatic.com https://www.google.fr https://api.mapbox.com *.tile.openstreetmap.org data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.sharethis.com secure-gateway.hipay-tpp.com *.hipay.com mpsnare.iesnare.com cdn.jsdelivr.net https://www.googletagmanager.com https://widget.trustpilot.com 'unsafe-inline' t.contentsquare.net app.contentsquare.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://cdnjs.cloudflare.com https://maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.sharethis.com *.hipay.com cdn.jsdelivr.net fonts.googleapis.com https://static.klaviyo.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src data: mpsnare.iesnare.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.sharethis.com *.hipay.com wss://mpsnare.iesnare.com *.getalma.eu *.contentsquare.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://nominatim.openstreetmap.org 'self' 'unsafe-inline'; child-src blob: http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 frame-ancestors 'self'; report-uri https://www.kidsnews.com.au/csp-reports 1 default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-a3bec341b54f49f58db63dd511c27e5a' https://www.hoagconnect.org 'self';img-src https://* 'self' blob: data:;style-src https://www.hoagconnect.org 'self' 'unsafe-inline';form-action 'self';media-src https://* 'self'; 1 style-src-elem 'self' 'unsafe-inline' *.googleapis.com; base-uri 'self'; connect-src 'self' *.google.com *.amazonaws.com; frame-ancestors 'none'; default-src 'none'; form-action 'self'; frame-src 'self' *.youtube.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.cloudflare.com static.cloudflareinsights.com; img-src 'self' data: https://* *.amazonaws.com; media-src 'self' *.amazonaws.com; report-uri https://scanova.uriports.com/reports/report/ 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com google-analytics.com googletagservices.com adservice.google.nl adservice.google.com googletagservices.com securepubads.g.doubleclick.net tpc.googlesyndication.com static.hotjar.com script.hotjar.com stats.nhg.org stats.henw.org connect.facebook.net; object-src 'self'; style-src 'self' 'unsafe-inline' p.typekit.net use.typekit.com fonts.googleapis.com fast.fonts.net; img-src * data:; media-src 'self' *.nhg.org; frame-src 'self' 'unsafe-inline' googleads.g.doubleclick.net adservice.google.nl *.safeframe.googlesyndication.com tpc.googlesyndication.com google.com app.springcast.fm securepubads.g.doubleclick.net; frame-ancestors 'self' *.prescriptor.nl; child-src 'self'; font-src 'self' use.typekit.com fonts.googleapis.com fonts.gstatic.com fast.fonts.net; connect-src 'self' securepubads.g.doubleclick.net pagead2.googlesyndication.com google-analytics.com stats.g.doubleclick.net stats.henw.org stats.nhg.org *.hotjar.io fast.fonts.net; report-uri /report-csp-violation; upgrade-insecure-requests 1 object-src 'none';base-uri 'self';script-src 'nonce-iFd9tWiygrFbFwHXkT47lQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.talentio.com cdn.ravenjs.com widget.intercom.io js.intercomcdn.com www.google-analytics.com analytics.google.com translate.googleapis.com www.googletagmanager.com ; img-src 'self' data: blob: https: http:; child-src 'self' blob:; form-action 'self' www.facebook.com id.talentio.com api-iam.intercom.io ; font-src 'self' data: assets.talentio.com fonts.gstatic.com use.fontawesome.com use.typekit.net fonts.intercomcdn.com ; frame-ancestors 'self'; frame-src 'self' blob: youtube.com *.youtube.com speakerdeck.com *.speakerdeck.com slideshare.net *.slideshare.net twitter.com *.twitter.com note.com *.note.com google.com *.google.com google.co.jp *.google.co.jp facebook.com *.facebook.com backcheck.jp *.backcheck.jp s3.ap-northeast-1.amazonaws.com intercom-sheets.com; manifest-src 'none'; prefetch-src 'self'; object-src 'self' blob: s3.ap-northeast-1.amazonaws.com; style-src 'self' 'unsafe-inline' assets.talentio.com fonts.googleapis.com use.typekit.net p.typekit.net use.fontawesome.com translate.googleapis.com ; media-src 'none'; worker-src 'self' blob:; connect-src 'self' assets.talentio.com *.sentry.io sentry.io api-iam.intercom.io uploads.intercomcdn.com wss://nexus-websocket-a.intercom.io www.google-analytics.com analytics.google.com s3.ap-northeast-1.amazonaws.com translate.googleapis.com 1 font-src maxcdn.bootstrapcdn.com *.narvar.com *.narvar.qa *.lasportivausa.com data: *.googleapis.com *.gstatic.com *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com https://plumrocket.com *.cardinalcommerce.com *.paypal.com *.lasportivausa.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.sharethis.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://plumrocket.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.lasportivausa.com *.doubleclick.net *.google.com *.googleapis.com *.vimeo.com *.addthis.com *.pinterest.com disqus.com *.bazaarvoice.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.sharethis.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.narvar.com *.narvar.qa https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.lasportivausa.com *.google.com *.googleapis.com *.gstatic.com via.placeholder.com *.pinterest.com *.disqus.com *.addthis.com *.bazaarvoice.com *.viglink.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com chimpstatic.com downloads.mailchimp.com *.list-manage.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.lasportivausa.com bam.nr-data.net cdnjs.cloudflare.com *.cookielaw.org *.doubleclick.net *.google.com *.googleapis.com *.gstatic.com js-agent.newrelic.com *.newrelic.com player.vimeo.com *.addthis.com *.addthisedge.com *.moatads.com *.avmws.com *.pinimg.com *.pinterest.com *.disqus.com *.disquscdn.com *.bazaarvoice.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com display.ugc.bazaarvoice.com downloads.mailchimp.com maxcdn.bootstrapcdn.com https://static.klaviyo.com unsafe-inline *.lasportivausa.com *.disquscdn.com *.bazaarvoice.com *.googleapis.com 'self' 'unsafe-inline'; object-src *.bolt.com 'self' 'unsafe-inline'; media-src *.adobe.com *.narvar.com *.narvar.qa *.lasportivausa.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com sessions.bugsnag.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.lasportivausa.com bam.nr-data.net *.doubleclick.net *.google.com *.googleapis.com *.pinterest.com *.disqus.com *.addthis.com *.bazaarvoice.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.lasportivausa.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self'; script-src https://aa.trkn.us https://cdnjs.cloudflare.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://siteimproveanalytics.com https://tether.netteller.com https://www.google-analytics.com https://www.googletagmanager.com 'sha256-2hXYXDfmvwagweWY7gmdkZ1lFjLAs5wmZ7+U5E1nUD8=' 'sha256-2R8ALhafAUPjarc/ffRhKRD1lOXXOzjdXBdW3YX05FY=' 'sha256-3FVHx22iFHRnGsNlxnotPezUgEE+FXZV4GoutevZYhg=' 'sha256-Bc0XXxbDJ30i6cKoAriL2TzZ7lcuQmxvGXs+6D5XDO8=' 'sha256-edTyfjWzCOPYfwfJ64huNJpZwfpr85rA4BE/Tu3z5Hk=' 'sha256-f9Hy3sg0kxLMdIHAJV11BMG3f1rNgtZRIKX7UyNYQ/4=' 'sha256-GF6oB0zJhswmdCnWaOxjIiSTEgnC+Pk//uMS6J9dCwY=' 'sha256-i+pFLIGjed/74IwF9iAApsWjGPIrMa2lc4kf3q+pZGo=' 'sha256-LFYKQb0V6sIbrGim4ds4NpETuXKlzxOECT6LGK4lDcs=' 'sha256-Tpoh6ZINUJwL9nF7Q1G5lfrlo44MGkAQ6zHU2+Spjv8=' 'self'; connect-src https://analytics.google.com https://maps.googleapis.com https://stats.g.doubleclick.net https://www.google-analytics.com 'self'; style-src 'sha256-ItyeOPw5uBHXmfHPL9fI0j1hDT09DqJ1tYyBz3rUmMk=' 'sha256-Kj8V1fMezvAfAf79qgarNnSJqVHpoblubcEpoGw072k=' 'sha256-mSt9g73Zya4meGbO3cTPRqzLKGWGzGcg48YKejcnej0=' 'sha256-mSt9g73Zya4meGbO3cTPRqzLKGWGzGcg48YKejcnej0=' 'sha256-mSt9g73Zya4meGbO3cTPRqzLKGWGzGcg48YKejcnej0=' 'sha256-p/tXUQ8I9ZuDeLM4rk/xh6/o7MxhJpe7Rc5Xsynd/Us=' 'sha256-PlYLof7qgXtaadVVF3LwKrE1QRUvjklthFXZgp6ocXg=' 'sha256-t6oewASd7J1vBg5mQtX4hl8bg8FeegYFM3scKLIhYUc=' 'sha256-UzQ0CvJPjoK3HbwAyuxShSToIhZyu+Ui7PLzZayFo+k=' 'self'; img-src https://24535.global.siteimproveanalytics.io https://cnv.event.prod.bidr.io https://d21y75miwcfqoq.cloudfront.net https://insight.adsrvr.org https://ups.analytics.yahoo.com https://www.google.com https://www.googletagmanager.com 'self'; form-action 'self'; object-src 'none'; frame-src https://aa.trkn.us 'self'; frame-ancestors https://accounts.watrust.com; upgrade-insecure-requests; block-all-mixed-content; report-to tines; report-uri https://fragrant-glade-9513.tines.com/webhook/a99c9074e562718885083b622ef777e3/94286ad09c75000e64bc2bd93470245e 1 object-src 'none';base-uri 'self';script-src 'nonce-EvyM2a2_eTEhoDQ9eXHfNw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src https://d1hku7l86oex7s.cloudfront.net https://fonts.gstatic.com https://cdnjs.cloudflare.com maxcdn.bootstrapcdn.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.nosto.com *.nos.to *.facebook.com *.facebook.com/tr/ 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.awin1.com *.zenaps.com *.fls.doubleclick.net *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.nosto.com *.nos.to https://secure.livechatinc.com *.hartsofstur.com *.facebook.com *.facebook.com/tr/ https://quantcast.partners.tremorhub.com *.agechecked.com *.studentbeans.com *.google.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.awin1.com *.zenaps.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.nosto.com *.nos.to https://staging.hartsofstur.com *.hartsofstur.com https://bat.bing.com *.google.com *.google.co.uk https://pixel.quantserve.com https://dsum-sec.casalemedia.com https://x.bidswitch.net https://inv-nets.admixer.net https://rtb-csync.smartadserver.com https://aa.agkn.com https://e1.emxdgt.com https://api-us-st.smartassistant.com https://d1hku7l86oex7s.cloudfront.net *.facebook.com/* *.facebook.com/tr/ https://quantcast.partners.tremorhub.com https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com https://*.clarity.ms https://c.bing.com *.roeye.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.nosto.com *.nos.to *.trustpilot.com http://maybo11111.pcapredict.com https://services.postcodeanywhere.co.uk *.googleoptimize.com https://cookie-cdn.cookiepro.com https://geolocation.onetrust.com https://cdn.livechatinc.com https://api.livechatinc.com https://cdnjs.cloudflare.com https://cdn.lr-ingest.io https://ajax.googleapis.com https://api.agechecked.com https://widget.usersnap.com https://resources.usersnap.com https://js-agent.newrelic.com https://bam-cell.nr-data.net https://cdn.noibu.com https://secure.quantserve.com https://bat.bing.com https://connect.facebook.net https://s.kk-resources.com https://rules.quantcount.com https://harts11115.pcapredict.com *.hartsofstur.com *.googleoptimize.com/* https://js-agent.newrelic.com/* https://static.trackedweb.net/* https://cdnjs.cloudflare.com/* *.studentbeans.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com https://*.clarity.ms https://c.bing.com https://analytics.tiktok.com https://api-tiger.zoovu.com https://bam.nr-data.net *.cloudfront.net *.roeyecdn.com *.fontawesome.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com unsafe-inline assets.braintreegateway.com *.nosto.com *.nos.to https://services.postcodeanywhere.co.uk https://api.agechecked.com https://cdnjs.cloudflare.com *.hartsofstur.com https://fonts.googleapis.com *.cloudfront.net maxcdn.bootstrapcdn.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com https://the.sciencebehindecommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.nosto.com *.nos.to https://services.postcodeanywhere.co.uk https://cookie-cdn.cookiepro.com https://privacyportal.cookiepro.com https://r.lr-ingest.io https://api.agechecked.com https://stats.g.doubleclick.net https://bam-cell.nr-data.net https://bam.nr-data.net *.google-analytics.com wss://input.noibu.com https://api.livechatinc.com https://api-us-st.smartassistant.com *.amazonaws.com *.hartsofstur.com *.facebook.com *.facebook.com/tr/ https://input.noibu.com *.execute-api.us-east-1.amazonaws.com https://bat.bing.com https://*.googleapis.com https://*.gstatic.com https://*.clarity.ms https://c.bing.com https://analytics.tiktok.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://report-uri.hartsofstur.com; report-to report-endpoint; 1 font-src fonts.gstatic.com *.gstatic.com data: *.googleapis.com *.hotjar.com embed.tawk.to *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net bid.g.doubleclick.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.hotjar.com va.tawk.to www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.googleapis.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com cdn.jsdelivr.net/emojione embed.tawk.to tawk.link www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.youtube.com *.vimeo.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.hotjar.com *.googletagmanager.com *.tawk.to *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.googleapis.com downloads.mailchimp.com embed.tawk.to *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com embed.tawk.to tawk.link 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com cdn.ampproject.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com vimeo.com wss://*.tawk.to *.tawk.to *.google-analytics.com https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 worker-src 'self' blob:; script-src-elem *.8select.io script.hotjar.com static.hotjar.com *.consentmanager.net 'self' 'unsafe-inline' www.googletagmanager.com *.trustpilot.com cdn.tag-monitoring.com dodenhof.app.baqend.com assets.emarsys.net *.scarabresearch.com h.online-metrix.net *.pay1.de *.ratepay.com; font-src wgt.8select.io dodenhof.app.baqend.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.securepayment.intercard.de www.sandbox.paypal.com/ www.sofortueberweisung.de www.sofort.com www.paypal.com/ 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ bid.g.doubleclick.net wgt.8select.io gum.criteo.com static.criteo.net www.googletagmanager.com www.google.com h.online-metrix.net form.jotform.com *.google.com/ secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com js.playground.klarna.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com https://www.youtube.com *.trustpilot.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com data: widget.trustpilot.com www.gstatic.com *.dodenhof.de *.s3.amazonaws.com *.eu-central-1.amazonaws.com bat.bing.com wgt.8select.io thumbnails.8scdn.io bam.eu01.nr-data.net ad.360yield.com *.criteo.com simage2.pubmatic.com r.casalemedia.com eb2.3lift.com pixel.rubiconproject.com rtb-csync.smartadserver.com x.bidswitch.net match.sharethrough.com sync-t1.taboola.com a.twiago.com visitor.omnitagjs.com ad.yieldlab.net cm.adform.net *.yahoo.com sync.outbrain.com ads.stickyadstv.com contextual.media.net jadserve.postrelease.com criteo-sync.teads.tv matching.ivitrack.com criteo-partners.tremorhub.com sync-criteo.ads.yieldmo.com s.thebrighttag.com idsync.rlcdn.com beacon.krxd.net image-service-samt-prod.staging.8select.io dpm.demdex.net ih.adscale.de *.eu.criteo.net *.consentmanager.net e1.emxdgt.com exchange.mediavine.com hb.yahoo.net id5-sync.com h.online-metrix.net *.e.aa.online-metrix.net secure.pay1.de d.ratepay.com cdn.pay1.de dodenhof.app.baqend.com www.facebook.com www.google.de render.barcodes.systems https://www.magezon.com x.klarnacdn.net *.cloudfront.net 'self' data: *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com 'self' blob: *.8select.io *.googletagmanager.com bat.bing.com static.criteo.net dynamic.criteo.com sslwidget.criteo.com h.online-metrix.net cdn.consentmanager.net delivery.consentmanager.net b.delivery.consentmanager.net cdn.scarabresearch.com recommender-eu.scarabresearch.com static.scarabresearch.com cdn.tag-monitoring.com dodenhof.app.baqend.com invitejs.trustpilot.com widget.trustpilot.com connect.facebook.net script.hotjar.com static.hotjar.com *.google.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io *.cloudflare.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.gstatic.com *.trustpilot.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src wgt.8select.io d.ratepay.com d.payla.io dr.payla.io *.googleapis.com *.gstatic.com *.trustpilot.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.dodenhof.de pss.8select.io wgt.8select.io eltx.8select.io api.8select.io trustbadge.api.etrusted.com bat.bing.com s4cloudlpia9f27a988.hana.ondemand.com sentry.io collect.tag-monitoring.com delivery.consentmanager.net dis.criteo.com dodenhof.app.baqend.com recommender.scarabresearch.com ups.analytics.yahoo.com webchannel-content.eservice.emarsys.net invitejs.trustpilot.com widget.trustpilot.com h.online-metrix.net *.8select.io adservice.google.com *.hotjar.io wss://ws.hotjar.com www.google.com www.facebook.com sslwidget.criteo.com payments.amazon.de d.ratepay.com jsctool.com eu.playground.klarnaevt.com https://*.ingest.sentry.io t.elasticsuite.io *.google-analytics.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.s3.amazonaws.com invitejs.trustpilot.com widget.trustpilot.com h.online-metrix.net 'self' data: blob: *.e.aa.online-metrix.net www.jsctool.com d.ratepay.com secure.pay1.de cdn.pay1.de *.ingest.sentry.io delivery.consentmanager.net *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri wgt.8select.io 'self' 'unsafe-inline'; report-uri https://o398721.ingest.sentry.io/api/5312744/security/?sentry_key=eb4b18bb5e1b44c2a650694110bd4e45; report-to report-endpoint; 1 font-src *.fontawesome.com *.fasttimes.com.au *.klarnaservices.com/ playground.klarnaservices.com/ https://fonts.gstatic.com/ https://cardinalcommerce.com/ https://www.paypal.com/ https://x.klarnacdn.net/ *.bootstrapcdn.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 0merchantacsstag.cardinalcommerce.com *.twitter.com www.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.sharethis.com *.fasttimes.com.au *.twitter.com *.klarnaservices.com https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/ https://testflex.cybersource.com/ https://cybersource.com/ https://songbirdstag.cardinalcommerce.com/ 0merchantacsstag.cardinalcommerce.com https://bid.g.doubleclick.net/ www.google.com https://www.paypal.com/ https://assets.braintreegateway.com/ https://ssl.kaptcha.com/ https://c.paypal.com/ https://www.purechat.com/ https://www.googletagmanager.com/ https://checkout.paypal.com/ *.weltpixel.com www.facebook.com secure.livechatinc.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://static.afterpay.com https://site-assets.afterpay.com/ *.sharethis.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.fasttimes.com.au *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com https://www.paypal.com/ *.twitter.com *.twimg.com *.ytimg.com 'self' data: *.klarnaservices.com www.googletagmanager.com *.gstatic.com https://www.google.us/ https://www.google.de/ https://www.google.se/ https://www.google.co.nz/ https://www.google.rs https://analytics.sleeknote.com https://b.stats.paypal.com/ https://dub.stats.paypal.com/ https://c.paypal.com/ www.google.com https://www.purechat.com/ https://widgets.magentocommerce.com/ *.google.co *.googleapis.com www.gstatic.com www.facebook.com *.cdninstagram.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com *.sharethis.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.fasttimes.com.au *.cloudflare.com *.twitter.com https://www.google-analytics.com/ *.google.com *.twimg.com www.gstatic.com *.fontawesome.com klarnaservices.com/ https://consent.cookiebot.com/ http://container.pepperjam.com/ https://na-library.playground.klarnaservices.com/ http://loader.wisepops.com/ http://cdn.wisepops.com/ https://cdn.wisepops.com/ https://fonts.googleapis.com https://js-agent.newrelic.com/ https://bam.nr-data.net/ *.nr-data.net/ *.newrelic.com/ https://h.online-metrix.net https://testflex.cybersource.com/ https://cybersource.com/ https://songbirdstag.cardinalcommerce.com/ https://cardinalcommerce.com/ https://www.google.com/recaptcha/api.js www.googletagmanager.com http://ajax.googleapis.com/ https://c.paypal.com/ https://www.paypal.com/ https://na-library.klarnaservices.com/lib.js *.plugins.emarsys.net *.scarabresearch.com cdn.evgnet.com *.afterpay.com *.facebook.com *.facebook.net *.googleapis.com geoip-db.com cdn.livechatinc.com api.livechatinc.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com *.maxmind.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com *.sharethis.com downloads.mailchimp.com *.fontawesome.com *.fasttimes.com.au *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com https://fonts.googleapis.com/ https://www.paypal.com/ https://x.klarnacdn.net/ *.bootstrapcdn.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.fasttimes.com.au 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.sharethis.com *.fasttimes.com.au *.cloudflare.com *.twitter.com https://www.paypal.com/ *.twimg.com klarnaservices.com/ *.klarnauserservices.com *.klarnaevt.com/ http://container.pepperjam.com/ https://na-library.playground.klarnaservices.com/ http://popup.wisepops.com/ https://tracking.wisepops.com/ https://bam.nr-data.net/ *.nr-data.net/ *.newrelic.com/ https://cardinalcommerce.com/ https://geostag.cardinalcommerce.com/ *.googleapis.com https://r1.trackedweb.net/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://widgetapi.purechat.com/ https://payments.braintree-api.com https://client-analytics.braintreegateway.com https://www.google.com/ https://api.braintreegateway.com http://amcglobal.sc.omtrdc.net http://rum-collector-2.pingdom.net https://evt-na.klarnaservices.com/ *.scarabresearch.com *.eservice.emarsys.net *.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com *.mmapiws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://eccspreports.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.surveymonkey.com *.abtasty.com *.googleapis.com *.google-analytics.com *.tiqcdn.com *.orange.be *.newrelic.com * t.contentsquare.net contentsquare.com *.research.net; style-src 'self' 'unsafe-inline' *.gstatic.com *.abtasty.com *.googleapis.com *.surveymonkey.com *.research.net; img-src 'self' blob: data: *.abtasty.com *.amazonaws.com *.cloudfront.net *.adnxs.com * *.contentsquare.net *.surveymonkey.com *.research.net; frame-src 'self' *.surveymonkey.com *.research.net *.doubleclick.net *.youtube.com *.orange.be *.comparecycle.com *.facebook.com *.cloudfront.net; font-src 'self' blob: data: *.googleapis.com *.gstatic.com *.abtasty.com *.research.net *.googleusercontent.com; connect-src 'self' *.abtasty.com *.contentsquare.net *.surveymonkey.com *.research.net *.tealiumiq.com bam.nr-data.net *.doubleclick.net *.google.com *.teads.tv *.google-analytics.com; report-uri /nl/report-csp-violation 1 object-src 'none';base-uri 'self';script-src 'nonce-O81uL9XWaXyk4MpwhVwN4A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src edwineurope.app.baqend.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.weltpixel.com consentcdn.cookiebot.com ct.pinterest.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com bat.bing.com ct.pinterest.com www.google.co.ma cdn.edwin-europe.com www.google.de imgsct.cookiebot.com *.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com cdn.pay1.de x.klarnacdn.net *.cloudfront.net www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com edwineurope.app.baqend.com consent.cookiebot.com bat.bing.com cdn.scarabresearch.com script.hotjar.com static.hotjar.com s.pinimg.com a.opumo.net consentcdn.cookiebot.com ct.pinterest.com https://www.googletagmanager.com tagmanager.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com s7.addthis.com *.avada.io secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://prod.edwin.cartware.de blob: tagmanager.google.com *.fontawesome.com d.ratepay.com d.payla.io dr.payla.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.youtube.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://*.nlservice.edwin-europe.com:8443/subscribe edwineurope.app.baqend.com ipapi.co a.opumo.net ct.pinterest.com consentcdn.cookiebot.com stats.g.doubleclick.net region1.google-analytics.com region1.analytics.google.com https://www.google-analytics.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com ekr.zdassets.com/ https://get.geojs.io *.avada.io payments.amazon.de d.ratepay.com jsctool.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 script-src 'nonce-tLbDugilWbHlJr7HvGgGas2Ik47K849SmA4bz/Svxfw=' 'self' https://try.abtasty.com/7386a07c3fccb6c60391c3101b717a03/*.json teddytor.abtasty.com dwc2uwp2r4ivz.cloudfront.net djoqld7mxzop2.cloudfront.net d1z5v3b18m1ft1.cloudfront.net *.assets.web4u.valeoservice.systems static.valeoservice.systems d1lx47257n5xt.cloudfront.net dzl2wsuulz4wd.cloudfront.net pages.cld.bz hm.baidu.com connect.facebook.net www.google.com www.gstatic.com www.youtube.com maps.googleapis.com static.addtoany.com gateway.on24.com orion.akamaized.net www.googletagmanager.com www.google-analytics.com cld.bz i1.ytimg.com assets-valeo.keepeek.com www.valeoservice.com www.catmag.co.uk www.valeo.com lh6.googleusercontent.com techassist.valeoservice.systems fonts.gstatic.com js-cdn.music.apple.com apps.apple.com static.doubleclick.net cdn.cookielaw.org *.pardot.com d3o8bbhci2lzxj.cloudfront.net ckf.web4u.valeoservice.systems abtasty.web4u.valeoservice.systems cdnjs.cloudflare.com assets.web4u.valeoservice.com cdn.jsdelivr.net vk.com cdnjs.cloudflare.com/ajax/libs/cropper/4.0.0/cropper.min.js *.google.com; report-uri /report-uri/reportOnly; 1 object-src 'none'; script-src 'self' 'unsafe-eval' https://www.googletagmanager.com https://www.googleadservices.com https://www.googleoptimize.com https://www.google-analytics.com https://cookie-cdn.cookiepro.com https://munchkin.marketo.net https://script.crazyegg.com https://snap.licdn.com https://app-lon05.marketo.com https://static.addtoany.com; script-src-attr 'self'; script-src-elem 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.googleoptimize.com https://www.google-analytics.com https://cookie-cdn.cookiepro.com https://munchkin.marketo.net https://view.ceros.com https://player.vimeo.com https://script.crazyegg.com https://snap.licdn.com 'sha256-3/mNUpqF9X/gMYE+bOG6g8d6I32wdYdWwWuAk90mPCM=' 'sha256-iqOPaRlwwgtNy7J3vh/+LSW9/QVdN+Fl+YfMS8+GcPo=' https://m.addthis.com https://z.moatads.com https://v1.addthisedge.com https://bam.nr-data.net https://js-agent.newrelic.com 'sha256-De2mpaFLR0YDSf4Kwof2qARuqqxurfOvrVuX1nl4SGc=' https://app-lon05.marketo.com https://static.addtoany.com; style-src 'self' 'unsafe-inline' https://app-lon05.marketo.com https://cookie-cdn.cookiepro.com https://www.googletagmanager.com https://fonts.googleapis.com; style-src-attr 'self' 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' 1 default-src 'none'; connect-src 'self' https://jv22carpcpzxxp5upcllfh2hzy0xbfjo.lambda-url.us-west-2.on.aws https://*.doubleclick.net https://cdn.segment.com https://secure.adnxs.com wss://ws.hotjar.com https://content.hotjar.io https://metrics.hotjar.io https://vc.hotjar.io https://analytics.google.com https://www.google-analytics.com https://www.googleadservices.com https://*.litix.io https://embedwistia-a.akamaihd.net https://js.hs-banner.com https://js.hs-analytics.net https://api.segment.io https://js.hs-scripts.com https://8o8h5taxx2-dsn.algolia.net https://*.google-analytics.com https://*.google.com https://forms.hsforms.com https://cdn.linkedin.oribi.io/ https://*.6sc.co wss://nexus-websocket-a.intercom.io https://*.ingest.sentry.io https://api-iam.intercom.io https://*.wistia.com; font-src 'self' data: https://*.wistia.com www.loom.com https://fonts.intercomcdn.com/ https://fonts.gstatic.com; frame-src https://intercom-sheets.com https://www.youtube.com https://www.googleadservices.com https://www.stackhawk.com https://player.vimeo.com https://www.googletagmanager.com https://*.wistia.net https://*.wistia.com www.loom.com; img-src 'self' data: https://*.adsymptotic.com https://images.ctfassets.net https://lltrck.com https://track.hubspot.com https://*.google-analytics.com https://*.google.com https://forms.hsforms.com https://js.intercomcdn.com https://static.intercomassets.com https://embed-ssl.wistia.com https://fast.wistia.net https://www.linkedin.com https://*.6sc.co https://px4.ads.linkedin.com https://px.ads.linkedin.com https://www.googletagmanager.com https://forms-na1.hsforms.com https://forms.hsforms.com https://downloads.intercomcdn.com https://www.google.com https://www.google-analytics.com; manifest-src 'self' https://accounts.google.com; media-src 'self' https://js.intercomcdn.com https://*.wistia.com https://embedwistia-a.akamaihd.net https://www.stackhawk.com; script-src 'self' 'unsafe-inline' https://*.doubleclick.net https://www.google.com https://*.googletagmanager.com https://*.google-analytics.com https://snap.licdn.com https://*.wistia.com https://*.litix.io https://*.6sc.co https://analytics.google.com https://widget.intercom.io https://accounts.google.com https://cdn.segment.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://lltrck.com https://js.intercomcdn.com https://scout-cdn.salesloft.com https://*.google.com https://forms.hsforms.com https://ajax.googleapis.com https://script.hotjar.com https://static.hotjar.com https://*.wistia.net https://www.googleadservices.com https://js.hsforms.net https://ajax.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.hotjar.com; object-src 'none'; 1 font-src fonts.gstatic.com *.gstatic.com data: https://geowidget.easypack24.net *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com fonts.googleapis.com *.cloudflare.com *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com sandbox.przelewy24.pl secure.przelewy24.pl 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com www.google.com account.fetchify.com https://geowidget-app.inpost.pl/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com api.createx-editor.com *.facebook.com *.facebook.net *.hotjar.com/ *.pinterest.com/ *.webpower.eu 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org static.przelewy24.pl www.gstatic.com gstatic.com www.magmodules.eu *.squeezely.tech api.createx-editor.com work.cloudlab.at:9012 localhost:8080 *.facebook.com *.goedgemerkt.nl goedgemerkt.nl *.bing.com/ *.trengo.eu/ *.pinterest.com *.amazonaws.com/ *.feefo.com/ *.salesfire.co.uk *.cloudflare.com squeezely.tech data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.googleapis.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.vimeo.com maps.gstatic.com fonts.googleapis.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org sandbox.przelewy24.pl secure.przelewy24.pl squeezely.tech www.squeezely.tech *.squeezely.tech *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com *.cloudflare.com *.hotjar.com/ *.facebook.com/ *.facebook.net/ api.your-printq.com/ *.bing.com/ *.tiktok.com/ *.widget.trengo.eu/ *.pinimg.com/ *.feefo.com/ *.salesfire.co.uk *.googleoptimize.com/ s3.amazonaws.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline cc-cdn.com https://geowidget.easypack24.net https://geowidget.inpost.pl *.fontawesome.com *.trustpilot.com fonts.gstatic.com *.cloudflare.com *.feefo.com/ *.salesfire.co.uk cdn-images.mailchimp.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://geowidget.easypack24.net *.trengo.eu/ api.createx-editor.com work.cloudlab.at:9012 localhost:8080 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com cdn.ampproject.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.easypack24.net *.inpost.pl *.openstreetmap.org sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com squeezely.tech *.squeezely.tech *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.createx-editor.com work.cloudlab.at:9012 localhost:8080 *.facebook.com *.trustpilot.com *.tiktok.com *.pinterest.com *.widget.trengo.eu/ *.hotjar.com/ stats.g.doubleclick.net/ *.google-analytics.com/ *.goedgemerkt.nl gtmss.bienmarquer.fr *.feefo.com/ *.smartmetrics.co.uk *.salesfire.co.uk 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; report-uri /csp-report?source%5Baction%5D=index&source%5Bapp%5D=Brochure&source%5Bcontroller%5D=engineering_blog%2Fblog&source%5Bdomain%5D=shopify.engineering&source%5Bsection%5D=brochure&source%5Buuid%5D=83325969-ece9-42f0-9c46-d6272c821b4a-1711592242 1 object-src 'none';base-uri 'self';script-src 'nonce-Hq9a5-Af1P6YOQ6d6rYpcA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-JQl1GzyEzrsu2ctMGwU8cg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com https://maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com *.facebook.com/ *.doubleclick.net *.signifyd.com *.online-metrix.net *.braintreegateway.com *.kaptcha.com *.google.com *.paypalobjects.com *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.google.com *.google.com.tw *.facebook.com *.bing.com/ *.clarity.ms *.signifyd.com *.online-metrix.net *.google.cn *.googletagmanager.com *.godaddy.com *.shopperapproved.com https://scatec.io *.simpleanalyticscdn.com *.google.co.jp *.partshawk.com *.cdninstagram.com *.fbcdn.net maps.googleapis.com *.yotpo.com dhv2ziothpgrr.cloudfront.net https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io www.google.com/recaptcha/ www.gstatic.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com http://ajax.googleapis.com https://cdnjs.cloudflare.com https://www.showmethepartsdb3.com *.googletagmanager.com *.facebook.net *.clarity.ms *.doubleclick.net *.algolianet.com *.algolia.net *.signifyd.com *.online-metrix.net *.google.cn *.google.com *.gstatic.com *.xsellco.com *.braintreegateway.com *.godaddy.com *.channeladvisor.com *.shopperapproved.com https://scatec.io *.replyco.com *.simpleanalyticscdn.com *.instagram.com maps.googleapis.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com tagmanager.google.com https://maxcdn.bootstrapcdn.com *.shopperapproved.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com https://www.google-analytics.com *.algolia.io https://stats.g.doubleclick.net *.clarity.ms *.google.com *.signifyd.com *.online-metrix.net *.google.cn *.xsellco.com *.signifyd.com:11103 *.braintreegateway.com https://scatec.io https://www.showmethepartsdb3.com *.replyco.com *.googlesyndication.com *.instagram.com *.googleusercontent.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://11ca12904c60f551f246feafd81abb28.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: statin.lat *.gstatic.com data.kameleoon.io www.google.es use.typekit.net *.facebook.com www.google.co.in lla-cms-prod.directus.app www.google-analytics.com *.clarity.ms vc.hotjar.io analytics.google.com *.twitter.com *.hotjar.com nebula-cdn.kampyle.com *.tiktok.com *.doubleclick.net p.typekit.net analytics.masmovilpanama.com recommender.scarabresearch.com kip.katalon.com google.com udc-neb.kampyle.com *.windows.net cdnjs.cloudflare.com *.googleapis.com static.kameleoon.com *.facebook.net www.googletagmanager.com webchannel-content.eservice.emarsys.net *.ads-twitter.com www.google.com.ni ayuda.masmovilpanama.com *.serving-sys.com *.googleadservices.com 0xfagbzc9j.kameleoon.eu www.google.com.pa www.googleoptimize.com www.masmovilpanama.com cdn.scarabresearch.com cro.movil.pa store-stats.cwpweb.cc static.scarabresearch.com static.katalon.com na-data.kameleoon.io bat.bing.com adservice.google.com cdn.storerocket.io storerocket.io *.quantummetric.com www.google.com t.co embed.binkies3d.com *.msecnd.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 default-src 'none'; manifest-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://embed.videodelivery.net https://stackpath.bootstrapcdn.com https://cdn.datatables.net https://cdnjs.cloudflare.com https://code.jquery.com https://plausible.fsg.one; connect-src 'self' https://127.0.0.1:41951 https://localhost:41951 https://plausible.fsg.one; img-src 'self' 'unsafe-inline' data:; style-src 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com https://cdn.datatables.net; font-src 'self' data: https://fonts.gstatic.com; child-src 'self' https://www.youtube-nocookie.com https://vimeo.com https://*.google.com https://*.google.de https://api.smugmug.com https://cloud.fs-g.org; media-src 'self'; form-action 'self' https://*.formulastudent.de https://*.fs-g.org https://www.paypal.com; upgrade-insecure-requests; block-all-mixed-content; report-uri https://fsgde.report-uri.com/r/d/csp/enforce 1 font-src fonts.gstatic.com use.typekit.net maxcdn.bootstrapcdn.com *.criteo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com eu-gateway.americanexpress.com ap-gateway.americanexpress.com na-gateway.americanexpress.com *.gateway.americanexpress.com gateway-na.americanexpress.com www.facebook.com *.criteo.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * via.banorte.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com eu-gateway.americanexpress.com ap-gateway.americanexpress.com na-gateway.americanexpress.com *.gateway.americanexpress.com gateway-na.americanexpress.com *.criteo.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com h.online-metrix.net via.banorte.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.adyen.com s7d1.scene7.com *.criteo.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com beacon-qa.magento-datasolutions.com beacon-stage.magento-ds.com beacon.magento-ds.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.adyen.com eu-gateway.americanexpress.com ap-gateway.americanexpress.com na-gateway.americanexpress.com *.gateway.americanexpress.com gateway-na.americanexpress.com cdn.onesignal.com onesignal.com www.googleoptimize.com cloudfront.barilliance.com static.zdassets.com *.richrelevance.com static.criteo.net www.barilliance.net checkout.stg.deuna.io *.criteo.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com unpkg.com h.online-metrix.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com maxcdn.bootstrapcdn.com db.onlinewebfonts.com *.criteo.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net p13n.adobe.io *.adobedc.net *.demdex.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net qa-api.magedevteam.com *.adyen.com *.criteo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.gstatic.com use.typekit.net d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net fonts.googleapis.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * api.bazaarvoice.com stg.api.bazaarvoice.com *.snapchat.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.gomoxie.solutions *.braintreegateway.com *.snapchat.com *.doubleclick.net *.paypalobjects.com *.google.com *.kaptcha.com *.adsrvr.org https://plumrocket.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.doubleclick.net d1dwsi2ysdg1so.cloudfront.net us.coca-cola.com cocacola.scene7.com ct.pinterest.com *.facebook.com *.userway.org *.agkn.com *.google.com *.snapchat.com *.cookielaw.org maps.googleapis.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com *.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net rpxnow.com *.rpxnow.com forty11115.pcapredict.com *.gomoxie.solutions js-agent.newrelic.com *.google.com *.gstatic.com bam.nr-data.net *.coca-cola.com *.pricespider.com *.googletagmanager.com sc-static.net *.sc-static.net *.pinimg.com cdn.kxrd.net *.userway.org *.doubleclick.net connect.facebook.net cdn.krxd.net cdn.cookielaw.org api.addressy.com *.ccnag.com *.sprinklr.com *.adsrvr.org *.snapchat.com *.googleoptimize.com *.coke.com maps.googleapis.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com unsafe-inline assets.braintreegateway.com display.ugc.bazaarvoice.com d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net *.gomoxie.solutions p.typekit.net *.pricespider.com api.addressy.com cdn.cookielaw.org *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net *.bolt.com qa-api.magedevteam.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net *.shareacoke.com *.gomoxie.solutions bam.nr-data.net *.braintreegateway.com *.google-analytics.com *.doubleclick.net *.coca-cola.com *.coke.com *.b2clogin.com *.facebook.com ct.pinterest.com *.userway.org api.addressy.com *.ccnag.com *.paypalobjects.com *.snapchat.com *.googleapis.com *.cookielaw.org *.sprinklr.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com d1dwsi2ysdg1so.cloudfront.net d15ll0qrusyhmh.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://cokestore.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1 script-src 'nonce-ek-XE-PglWh2jr4_wmGBpQ' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1 default-src 'self'; base-uri 'self'; child-src 'self' blob:; connect-src 'self' about: api2.weltsparen.de 1752680588.rsc.cdn77.org *.clarity.ms cdn.raisin.nl data: *.kaspersky-labs.com *.google.com stats.g.doubleclick.net tr.outbrain.com www.google.ae www.google.at www.google.be www.google.co.id www.google.co.nz www.google.co.th www.google.co.uk www.google.co.za www.google.com.mx www.google.com.sg www.google.com.tr www.google.de www.google.es www.google.fr www.google.it www.google.nl www.google.pt www.google.ru www.google.se www.googletagmanager.com *.clarity.ms api2.raisin.com my.yoast.com events.launchdarkly.com consent-api.service.consent.usercentrics.eu www.facebook.com bat.bing.com www.google-analytics.com collector.raisin.com stats.g.doubleclick.net www.raisin.nl collector.raisin.com region1.google-analytics.com stats.g.doubleclick.net api.raisin-pension.de pagestates-tracking.crazyegg.com assets-tracking.crazyegg.com tracking.crazyegg.com api.usercentrics.eu app.launchdarkly.com clientstream.launchdarkly.com ekr.zdassets.com privacy-proxy.usercentrics.eu raisin-api.exponea.com script.crazyegg.com bam.eu01.nr-data.net com-raisin-prod1.mini.snplow.net graphql.usercentrics.eu aggregator.service.usercentrics.eu raisin-nl.zendesk.com api.weltsparen.de static.zdassets.com s3.eu-central-1.amazonaws.com auth.weltsparen.de sdk-tracing.exponea.com api2.weltsparen.de translate.googleapis.com; font-src 'self' about: cdn.faceworks.nl fonts.gstatic.com themes.googleusercontent.com cdn.raisin.nl data: www.raisin.nl cdn.megabonus.com account.affilitizer.com www.ciuvo.com; frame-ancestors 'self' hoogstespaarrente.eu www.raisin.nl; frame-src 'self' tpc.googlesyndication.com app.usercentrics.eu api.puretheweb.com clcktrck.com div.show mozbar.moz.com r.linksprf.com www.googletagmanager.com auth.weltsparen.de online-acquisition-pw-public-assets.s3.eu-central-1.amazonaws.com www.raisin.nl td.doubleclick.net webui.dashlane.com eu-app.contentstack.com; img-src *; manifest-src 'self'; media-src 'self' data:; object-src 'none'; report-uri /_/reports; script-src 'self' about: 'unsafe-inline' 'unsafe-eval' data1.fedjuh.com 3001.scriptcdn.net app.usercentrics.eu bam.eu01.nr-data.net bat.bing.com cdn.raisin.nl connect.facebook.net d1y068gyog18cq.cloudfront.net data data1.ahjilop.com data1.bmi-bereken.com diyini.junasonuku.com fidoapi.com *.kaspersky-labs.com hublosk.com js-agent.newrelic.com js.hs-analytics.net js.hs-banner.com js.hs-scripts.com privacy-proxy.usercentrics.eu raisin-api.exponea.com script.crazyegg.com static.zdassets.com vwvwvwvw1.b-cdn.net *.outbrain.com www.clarity.ms *.google.com www.googleadservices.com www.googletagmanager.com www.pagespeed-mod.com www.raisin.nl tpc.googlesyndication.com bat.bing.com vedeyo.razegawomi.com translate.google.com www.google-analytics.com cdn.raisin.nl d1y068gyog18cq.cloudfront.net www.google-analytics.com amplify.outbrain.com js.hs-scripts.com s.d.adup-tech.com webanalytics.btelligent.net js.hs-analytics.net connect.facebook.net js.hs-banner.com tr.outbrain.com blob: app.usercentrics.eu privacy-proxy.usercentrics.eu raisin-api.exponea.com static.zdassets.com www.googletagmanager.com js-agent.newrelic.com bam.eu01.nr-data.net script.crazyegg.com www.raisin.nl cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' cdn.raisin.nl js.hs-banner.com d.adup-tech.com cdn.jsdelivr.net fonts.googleapis.com translate.googleapis.com www.raisin.nl cdnjs.cloudflare.com 1 default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-b4aed2f6c3974dcba2c6c032146d56fe' https://myconnection.org 'self';img-src https://* 'self' blob: data:;style-src https://myconnection.org 'self' 'unsafe-inline';form-action 'self';media-src https://* 'self'; 1 font-src *.gstatic.com 'unsafe-inline' data: *.generalapparel.net *.sanmarcanada.com *.cloudflare.com *.bootstrapcdn.com *.googleapis.com *.fontawesome.com *.cloudfront.net 'self' data: *.amazonaws.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.generalapparel.net *.sanmarcanada.com *.hotjar.com *.vimeo.com *.livechatinc.com *.cloudfront.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com *.gstatic.com *.googleapis.com *.generalapparel.net *.sanmarcanada.com *.cloudflare.com *.cloudfront.net *.hsforms.net *.hsforms.com 'self' data: *.amazonaws.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ s7.addthis.com *.generalapparel.net *.sanmarcanada.com *.cloudflare.com *.twitter.com *.fontawesome.com *.hotjar.com *.googletagmanager.com *.livechatinc.com *.bootstrapcdn.com *.datatables.net *.jquery.com *.doubleclick.net *.cloudfront.net *.hsforms.net *.hsforms.com *.google.com *.gstatic.com *.amazonaws.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.generalapparel.net *.sanmarcanada.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com *.hotjar.com *.googleapis.com *.jquery.com *.cloudfront.net *.gstatic.com *.amazonaws.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.amazonaws.com *.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com vimeo.com ekr.zdassets.com/ *.generalapparel.net *.sanmarcanada.com *.cloudflare.com *.google-analytics.com *.hotjar.io *.hotjar.com *.doubleclick.net *.livechatinc.com *.cloudfront.net t.elasticsuite.io *.hsforms.net *.hsforms.com *.amazonaws.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.sanmarcanada.com *.cloudflare.com *.bootstrapcdn.com *.googleapis.com *.gstatic.com *.fontawesome.com *.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.sanmarcanada.com/; report-to report-endpoint; 1 font-src fonts.gstatic.com use.typekit.net *.fontawesome.com https://cdnjs.cloudflare.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com cl.avis-verifies.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org t.mydialoginsight.com axeptio.imgix.net cdn.doofinder.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com commerce.adobedtm.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net static.axept.io cdn.jsdelivr.net *.newrelic.com *.nr-data.net *.axept.io *.cabesto.com https://cdnjs.cloudflare.com cdn.doofinder.com s7.addthis.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.jsdelivr.net *.cabesto.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.doofinder.com maxcdn.bootstrapcdn.com unsafe-inline tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src *.wonderpush.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com commerce.adobedtm.com commerce.adobedc.net *.snplow.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.newrelic.com *.nr-data.net *.doofinder.com wss://*.doofinder.com ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/about 1 font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 script-src 'unsafe-eval' 'unsafe-inline' data: 'self' blob: www.google-analytics.com www.googletagmanager.com ajax.googleapis.com www.google.com js.klevu.com www.gstatic.com *.cloudmaestro.com www.googleadservices.com googleads.g.doubleclick.net r2-t.trackedlink.net static.hotjar.com wchat.freshchat.com staticw2.yotpo.com browser-update.org script.hotjar.com dev.visualwebsiteoptimizer.com js-agent.newrelic.com bam-cell.nr-data.net *.freshchat.com maps.googleapis.com assets.adobedtm.com www.googleoptimize.com h.online-metrix.net *.cardinalcommerce.com html5.dcatalog.com unpkg.com commerce.adobedtm.com cdnjs.cloudflare.com web-sdk.aptrinsic.com commerce.adobe.net fonts.googleapis.com magento-recs-sdk.adobe.net static.trackedweb.net tags.srv.stackadapt.com snap.licdn.com tags.srv.stackadapt.com bat.bing.com e.performancehealth.com f.vimeocdn.com tags.srv.stackadapt.com bam.nr-data.net services-connector-ui.magento-ds.com r2.dotdigital-pages.com *.punchout2go.com *.tradecentric.com *.pinterest.com *.facebook.net *.facebook.com *.licdn.com *.userway.org; style-src 'self' 'unsafe-inline' wchat.freshchat.com fonts.googleapis.com js.klevu.com tags.srv.stackadapt.com staticw2.yotpo.com; report-uri /.webscale/csp-report 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.wolterskluwer.io http://www.google-analytics.com https://www.google.com https://www.gstatic.com https://maxcdn.bootstrapcdn.com https://cdn3.devexpress.com https://cdn.pubnub.com https://*.pndsn.com 1 font-src *.fontawesome.com https://cdnjs.cloudflare.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de homologation-webpayment.payline.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.salesmanago.pl www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com *.omtrdc.net dpm.demdex.net *.everesttech.net *.adobedtm.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.salesmanago.pl *.salesmanago.es *.salesmanago.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://assets.slow-cosmetique.com https://cdn-icons-png.flaticon.com *.gstatic.com *.google.com *.googleapis.com *.magentocommerce.com *.mondialrelay.com www.xtento.com cdn.xtento.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com https://cdnjs.cloudflare.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://www.googletagmanager.com https://js-agent.newrelic.com *.nr-data.net homologation-webpayment.payline.com *.googleapis.com *.google.com *.paypal.com cdn.shipup.co www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline *.typekit.net cdn.shipup.co *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com ws: https://api.zippopotam.us *.nr-data.net homologation-webpayment.payline.com https://api.shipup.co *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.googleapis.com *.gstatic.com data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.authorize.net 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.authorize.net checkout.sezzle.com sandbox.checkout.sezzle.com checkout.eu.sezzle.com sandbox.checkout.eu.sezzle.com tracking.sezzle.com tracking.eu.sezzle.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.googleapis.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com media.sezzle.com maps.gstatic.com https://widget.freshworks.com https://www.strikeindustries.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://developer.adobe.com https://magento.com https://cdn.avmws.com/ http://cdn.avmws.com/ chimpstatic.com downloads.mailchimp.com *.list-manage.com *.authorize.net sandbox-assets.secure.checkout.visa.com checkout-sdk.sezzle.com sandbox.checkout-sdk.sezzle.com checkout-sdk.eu.sezzle.com sandbox.checkout-sdk.eu.sezzle.com widget.sezzle.com widget.eu.sezzle.com widget.sezzle.in maps.googleapis.com https://classic.avantlink.com https://www.googletagmanager.com https://maps.googleapis.com https://widget.freshworks.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com downloads.mailchimp.com https://widget.freshworks.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.googleapis.com https://developer.adobe.com https://cdn.avmws.com/ http://cdn.avmws.com/ *.authorize.net https://widget.freshworks.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.klarnacdn.net *.fontawesome.com https://widgets.trustedshops.com https://static.unzer.com https://applepay.cdn-apple.com *.gstatic.com 'self' data: https://integrations.etrusted.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.sharethis.com www.google.com *.klarna.com *.google.com/ vars.hotjar.com ssl.hurra.com cdn.consentmanager.net googletagmanager.com www.paypalobjects.com googleads.g.doubleclick.net payment.unzer.com https://payment.unzer.com/ https://payment.heidelpay.com/ https://sbx-payment.heidelpay.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.sharethis.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://www.magezon.com googleadservices.com *.consentmanager.net widgets.trustedshops.com static.unzer.com google.com www.google.de paypal.com sc.bausep.de *.bausep.de bs-magento2-master.phoenix-media.cloud *.bing.com https://static.unzer.com 'self' data: https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.klarna.com *.klarnacdn.net *.klarnaservices.com *.google.com ssl.hurra.com googletagmanager.com *.consentmanager.net widgets.trustedshops.com *.hotjar.com *.g.doubleclick.net payment.unzer.com *.bausep.de *.bing.com https://static.unzer.com https://applepay.cdn-apple.com https://code.jquery.com *.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com *.klarnacdn.net *.fontawesome.com *.googleapis.com *.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com *.klarnaevt.com *.klarnaservices.com *.bausep.de ssl.hurra.com *.hotjar.com googletagmanager.com google.de google.com www.google.de www.google.com *.g.doubleclick.net payment.unzer.com *.bing.com t.elasticsuite.io https://payment.unzer.com https://payment.heidelpay.com https://sbx-payment.heidelpay.com https://api.unzer.com https://api.heidelpay.com https://sbx-api.heidelpay.com *.google-analytics.com *.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.gstatic.com use.typekit.net fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com data: *.podium.com https://*.yieldify-production.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.hsforms.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://px.owneriq.net *.pinterest.com *.yieldify.com *.facebook.com *.doubleclick.net *.hubspot.com *.hsforms.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net maps.googleapis.com maps.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.magezon.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://insight.adsrvr.org *.tacori.com *.tangiblee.com www-tacori.com.imgeng.in forms.hsforms.com *.clarity.ms *.pinterest.com https://px.owneriq.net *.bing.com *.google.com *.google.co.in *.hubspot.com *.wistia.com embedwistia-a.akamaihd.net *.googletagmanager.com *.yieldify.com *.doubleclick.net *.hubspotusercontent-na1.net https://imgs.signifyd.com https://*.online-metrix.net https://forms-na1.hsforms.com https://*.hsforms.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.avada.io *.google.com/ *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.gstatic.com *.swiftype.com *.tangiblee.com *.clickguard.com *.owneriq.net *.hsforms.net *.wistia.com *.hsforms.com *.hs-scripts.com *.hscollectedforms.net *.hs-banner.com *.hs-analytics.net s.pinimg.com https://px.owneriq.net http://px.owneriq.net *.yieldify.com *.iubenda.com *.clarity.ms *.doubleclick.net *.hsadspixel.net *.hsleadflows.net *.cloudflare.com *.podium.com *.woopra.com *.usemessages.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com wss://*.noibu.com https://*.noibu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.podium.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.wistia.com https://embedwistia-a.akamaihd.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://get.geojs.io *.avada.io *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.hubspot.com *.google-analytics.com *.googleapis.com *.clickguard.com *.doubleclick.net *.pinterest.com *.iubenda.com *.hubapi.com *.hsforms.com *.clarity.ms *.wistia.com *.litix.io *.tangiblee.com *.podium.com *.yieldify.com embedwistia-a.akamaihd.net https://yieldify.tacori.com *.facebook.com https://imgs.signifyd.com wss://*.noibu.com https://*.noibu.com https://*.hscollectedforms.net https://*.analyticspodium.com https://*.yieldify-production.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.gstatic.com use.typekit.net *.fontawesome.com *.googleapis.com *.gstatic.com *.static.klaviyo.com static.klaviyo.com *.klevu.com *.ksearchnet.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.curalate.com js-agent.newrelic.com bam.nr-data.net *.googletagmanager.com *.googleanalytics.com https://www.merchante-solutions.com https://hostedpayments.merchante.com https://merchantacsstag.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.curalate.com js-agent.newrelic.com bam.nr-data.net *.googletagmanager.com *.googleanalytics.com *.doubleclick.net www.activemerchandiser.com my.matterport.com ct.pinterest.com *.cdn-lg.accentdecor.com https://www.googletagmanager.com/ magento-cloudflare.jetrails.com www.youtube.com *.google.com/ https://merchantacsstag.cardinalcommerce.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com maps.gstatic.com https://www.magezon.com *.curalate.com js-agent.newrelic.com bam.nr-data.net *.googletagmanager.com *.googleanalytics.com developers.google.com maps.googleapis.com *.accentdecor.com *.doubleclick.net ct.pinterest.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com *.ytimg.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com *.gstatic.com *.curalate.com *.mailchimp.com *.paypal.com *.googletagmanager.com *.googleanalytics.com *.merchante-solutions.com *.adobetm.com *.braintreegateway.com *.yotpo.com js-agent.newrelic.com bam.nr-data.net chimpstatic.com eastprodcdn.azureedge.net mc.us1.list-manage.com *.accentdecor.com maps.googleapis.com *.fullstory.com s.pinimg.com *.cloudfront.net *.static.cloudflareinsights.com static.cloudflareinsights.com *.googleads.g.doubleclick.net googleads.g.doubleclick.net *.ajax.cloudflare.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.google.com https://api.merchante-solutions.com https://cert.merchante-solutions.com https://testapi.merchante-solutions.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.curalate.com js-agent.newrelic.com bam.nr-data.net *.googletagmanager.com *.googleanalytics.com *.accentdecor.com *.static-tracking.klaviyo.com static-tracking.klaviyo.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.snplow.net commerce.adobedc.net api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com *.curalate.com *.amazonpay.com *.amazon.com js-agent.newrelic.com bam.nr-data.net *.googletagmanager.com *.googleanalytics.com *.accentdecor.com maps.googleapis.com *.fullstory.com *.velaro.com ct.pinterest.com *.analytics.google.com *.google-analytics.com https://analytics.google.com *.cloudflareinsights.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://api.merchante-solutions.com https://cert.merchante-solutions.com https://testapi.merchante-solutions.com https://writer.cardinalcommerce.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-QUrWlygQIBo1XYd7R18iAA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 worker-src blob:; font-src *.fontawesome.com *.punchout2go.com 'self' data: *.qualtrics.com *.gstatic.com *.cardinalcommerce.com *.hawksearch.net *.hawksearch.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net *.punchout2go.com 'self' data: *.funexpress.com *.qualtrics.com *.vertexsmb.com *.hawksearch.net *.hawksearch.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.punchout2go.com 'self' data: *.qualtrics.com *.vertexsmb.com *.hawksearch.net *.hawksearch.com 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.googletagmanager.com account.fetchify.com *.punchout2go.com *.youtube.com *.qualtrics.com *.google.com *.demdex.net *.vertexsmb.com *.hawksearch.net https://photos.pixlee.co 'self' data: *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com *.omtrdc.net dpm.demdex.net *.everesttech.net widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.punchout2go.com *.bluecore.com *.google.com *.google.co.in *.qualtrics.com *.edgecastcdn.net *.paypal.com *.orientaltrading.com *.funexpress.com *.fun-express.com *.googletagmanager.com *.amazonaws.com *.turnto.com *.hawksearch.net *.hawksearch.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.googletagmanager.com www.youtube.com *.avada.io *.punchout2go.com *.bluecore.com *.quantummetric.com *.go-mpulse.net *.cloudflare.com *.google.com *.googleapis.com *.gstatic.com *.vertexsmb.com *.tiqcdn.com *.cloudfront.net *.qualtrics.com *.newrelic.com *.nr-data.net *.turnto.com *.hawksearch.net *.hawksearch.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cc-cdn.com *.fontawesome.com *.punchout2go.com *.qualtrics.com *.cloudflare.com www.google-analytics.com *.googleapis.com *.cloudfront.net *.turnto.com *.hawksearch.net *.hawksearch.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.orientaltrading.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.punchout2go.com *.bluecore.com *.bluecore.app *.quantummetric.com *.akstat.io *.go-mpulse.net *.google-analytics.com *.doubleclick.net *.g.doubleclick.net *.googleapis.com *.qualtrics.com *.demdex.net *.nr-data.net *.turnto.com *.hawksearch.net *.hawksearch.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-LpvJBxpkxWwLORXj9Gm_FA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self'; script-src https://static.cloudflareinsights.com/beacon.min.js https://googleads.g.doubleclick.net/ https://portal.allyable.com/aweb/ 'unsafe-inline' 'report-sample' 'self' https://amplify.outbrain.com/cp/obtp.js https://cdn.taboola.com/libtrc/unip/1413959/tfa.js https://connect.facebook.net/en_US/fbevents.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/402620498/ https://platform.twitter.com/widgets.js https://portal.allyable.com/aweb https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.allyable.com/assets/jquery-2.2.4.min.js https://static.srcspot.com/libs/kerianne.js https://www.google-analytics.com/analytics.js https://www.googleadservices.com/pagead/conversion_async.js https://www.googletagmanager.com/gtm.js; style-src 'unsafe-inline' 'report-sample' 'self' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://cloudflareinsights.com/cdn-cgi/rum https://marketing.onezerobank.com/api/v1/marketing/register https://portal.allyable.com https://trc.taboola.com https://www.comeet.co https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://portal.allyable.com/ https://platform.twitter.com https://portal.allyable.com; img-src 'self' https://portal.allyable.com https://px.ads.linkedin.com https://tr.outbrain.com https://www.google-analytics.com https://www.google.co.il https://www.google.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1 default-src 'self' ; worker-src 'self' data: blob:; img-src 'self' http://bimhuis.nl https://pbs.twimg.com https://www.eagerly.nl https://www.gstatic.com https://i.ytimg.com https://syndication.twitter.com https://www.google-analytics.com https://secure.gravatar.com data:; media-src 'self' https://www.googletagmanager.com https://open.spotify.com https://www.mixcloud.com https://w.soundcloud.com https://bandcamp.com https://player.vimeo.com https://www.youtube.com https://docs.google.com https://www.google.com https://widget.guestplan.com https://www.ereserveren.nl https://activetickets.bimhuis.nl https://platform.twitter.com https://www.facebook.com https://platform.twitter.com data:; connect-src 'self' https://www.googletagmanager.com https://embed.radio.co https://cdn.guestplan.com https://*.google-analytics.com https://yoast.com https://etender-connect.com https://stats.g.doubleclick.net; frame-src 'self' https://www.googletagmanager.com https://open.spotify.com https://www.mixcloud.com https://w.soundcloud.com https://bandcamp.com https://player.vimeo.com https://www.youtube.com https://docs.google.com https://www.google.com https://widget.guestplan.com https://www.ereserveren.nl https://activetickets.bimhuis.nl https://platform.twitter.com https://www.facebook.com https://platform.twitter.com; child-src 'self' https://www.googletagmanager.com https://open.spotify.com https://www.mixcloud.com https://w.soundcloud.com https://bandcamp.com https://player.vimeo.com https://www.youtube.com https://docs.google.com https://www.google.com https://widget.guestplan.com https://www.ereserveren.nl https://activetickets.bimhuis.nl https://platform.twitter.com https://www.facebook.com https://platform.twitter.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://embed.radio.co https://cdn.guestplan.com https://www.gstatic.com https://www.google.com https://api.w3-edge.com https://www.youtube.com https://platform.twitter.com https://connect.facebook.net https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://use.typekit.net https://www.gstatic.com https://p.typekit.net https://fonts.googleapis.com; font-src 'self' https://use.typekit.net https://fonts.gstatic.com data:; form-action 'self' https://bimhuis.crmplatform.nl; frame-ancestors 'self' ; 1 font-src fonts.googleapis.com fonts.gstatic.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.stripe.com *.google.com *.opayo.eu.elavon.com *.klarnacdn.net *.klevu.com *.ksearchnet.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.stripe.com *.google.com *.opayo.eu.elavon.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.doubleclick.net *.facebook.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com *.opayo.eu.elavon.com account.fetchify.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io maps.googleapis.com maps.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.trackedlink.net *.stripe.com ebizmarts-website.s3.amazonaws.com *.paypal.com *.opayo.eu.elavon.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com *.opayo.eu.elavon.com *.klarna.com *.klarnaservices.com js.klevu.com *.ksearchnet.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com *.google.com *.opayo.eu.elavon.com cc-cdn.com *.klarnacdn.net *.klevu.com *.ksearchnet.com *.fontawesome.com unsafe-inline *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com *.paypal.com *.opayo.eu.elavon.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.klarnaevt.com *.klarnaservices.com *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src maxcdn.bootstrapcdn.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io api-maps.yandex.ru core-renderer-tiles.maps.yandex.net top-fwz1.mail.ru ad.mail.ru vk.com www.google.ru pandorarussia.ru www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com qr.nspk.ru data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.avada.io suggestions.dadata.ru api-maps.yandex.ru core-renderer-tiles.maps.yandex.net yastatic.net mc.yandex.ru vk.com top-fwz1.mail.ru cdn1.imshop.io api.mindbox.ru cdn.helpdeskeddy.com kellypandora.helpdeskeddy.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maxcdn.bootstrapcdn.com *.fontawesome.com cdn1.imshop.io unsafe-inline assets.braintreegateway.com www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.avada.io suggestions.dadata.ru mc.yandex.ru vk.com stats.g.doubleclick.net api.mindbox.ru api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-UZC_11fSuz-o0hoRujANMQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self';img-src * blob: data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bootstrapcdn.com *.typekit.net cdn.jsdelivr.net cdn.rlets.com cdnjs.cloudflare.com code.jquery.com js.hsforms.net www.googletagmanager.com *.wp.com *.mysanfordchart.org *.addthis.com *.adroll.com *.adsrvr.org *.ads-twitter.com *.clarity.ms *.cloudfront.net *.doubleclick.net *.fls.doubleclick.net *.formstack.com *.g.doubleclick.net *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.gstatic.com *.invocacdn.com *.liveperson.net *.lpsnmedia.net *.mpio.io *.onesignal.com *.qualtrics.com *.quantcount.com *.quantserve.com *.serving-sys.com *.simpli.fi *.siteintercept.qualtrics.com *.talentegy.com *.tvsquared.com *.twitter.com *.v.liveperson.net *.vimeo.com *.vimeocdn.com aa.agkn.com ajax.aspnetcdn.com analytics.talentegy.com assets.sitescdn.net az416426.vo.msecnd.net bat.bing.com cdn.mouseflow.com cdn.popt.in chimpstatic.com data.adxcel-ec2.com embed.typeform.com forms.hsforms.com js.hsadspixel.net js.hs-analytics.net js.hs-banner.com js.hscollectedforms.net js.hsleadflows.net js.hs-scripts.com my.hellobar.com onesignal.com pixel.mathtag.com pixel.videohub.tv pnapi.invoca.net px.ads.linkedin.com rules.quantcount.com s.amazon-adsystem.com s.pinimg.com s3.amazonaws.com/checkout.squadup.com/default/css/bootstrap-namespace.min.css sanfordhealth.mdmatchup.com script.crazyegg.com sc-static.net sfapi.formstack.io siteimproveanalytics.com snap.licdn.com static.addtoany.com static.cloud.coveo.com tags.srv.stackadapt.com tracking.logpostback.com transparency.nrchealth.com trkn.us v1.addthisedge.com www.buzzsprout.com www.groupexpro.com www.youtube.com www.ypo.education/js/jsembedcode.js z.moatads.com;style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.fontawesome.com *.googleapis.com *.typekit.net cdn.jsdelivr.net cdnjs.cloudflare.com cloud.typography.com code.jquery.com www.googletagmanager.com *.mysanfordchart.org *.wp.com *.formstack.com *.gstatic.com *.vimeocdn.com cdn.thinglink.me checkout.stripe.com formsprod.azureedge.net onesignal.com static.cloud.coveo.com tags.srv.stackadapt.com www.groupexpro.com www.youtube.com;font-src 'self' data: *.fontawesome.com *.typekit.net cdn.jsdelivr.net cdnjs.cloudflare.com *.wp.com *.formstack.com *.gstatic.com *.googleusercontent.com static.cloud.coveo.com staticdev.cloud.coveo.com;frame-src 'self' cdn.jsdelivr.net cdn.rlets.com cdnjs.cloudflare.com www.googletagmanager.com *.wp.com tools.sanfordhealthplan.com *.mysanfordchart.org *.addthis.com *.adsrvr.org *.c.liveperson.net *.doubleclick.net *.fls.doubleclick.net *.formstack.com *.g.doubleclick.net *.google.com *.ipcamlive.com *.lpsnmedia.net *.snapchat.com *.soundcloud.com *.stripe.com *.twitter.com *.v.liveperson.net *.vimeo.com *.youtube.com cdn.onesignal.com e.issuu.com fast.wistia.net forms.hsforms.com host.visualcalc.com js.hsadspixel.net js.hsforms.net pixel.mathtag.com players.brightcove.net sanfordhealth.mdmatchup.com static.addtoany.com vimeo.com www.buzzsprout.com www.pinterest.ca www.pinterest.co.uk www.pinterest.com www.pinterest.fr www.pinterest.it www.pinterest.ph ct.pinterest.com www.thinglink.com;frame-ancestors 'self' *.mysanfordchart.org;connect-src 'self' cdn.jsdelivr.net cdn.rlets.com cdnjs.cloudflare.com cloud.typography.com code.jquery.com www.googletagmanager.com my.wpengine.com public-api.wordpress.com yoast.com *.addthis.com *.adroll.com *.clarity.ms *.doubleclick.net *.g.doubleclick.net *.gannettdigital.com *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.linkedin.oribi.io *.onesignal.com *.pinterest.com *.quantcount.com *.reachlocalservices.com *.serving-sys.com *.snapchat.com *.squadup.com *.twitter.com *.vimeocdn.com *.z1.dca0.com api.hubapi.com az416426.vo.msecnd.net bat.bing.com dc.services.visualstudio.com forms.hsforms.com forms.hubspot.com hubspot-forms-static-embed.s3.amazonaws.com js.hsadspixel.net js.hscollectedforms.net n2.mouseflow.com onesignal.com pnapi.invoca.net sanfordhealth.formstack.com sfapi.formstack.io usageanalytics.coveo.com analytics.cloud.coveo.com;form-action 'self' *.fontawesome.com cdnjs.cloudflare.com *.sanfordhealthfoundation.org my.wpengine.com yoast.com *.adroll.com *.doubleclick.net *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.pinterest.com *.serving-sys.com *.snapchat.com *.vimeocdn.com api.hubapi.com forms.hsforms.com forms.hubspot.com hubspot-forms-static-embed.s3.amazonaws.com;media-src * data:;object-src 'none';report-uri https://csp-reporting.sanfordhealth.org/; 1 font-src https://fonts.googleapis.com https://fonts.gstatic.com *.typekit.net *.global-e.com *.amazonaws.com fonts.gstatic.com *.bootstrapcdn.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com assets.braintreegateway.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.infusionsoft.app *.global-e.com *.google.com *.paypal.com *.addthis.com *.sharethis.com *.hotjar.com js.authorize.net jstest.authorize.net accept.authorize.net *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.infusionsoft.app https://r.fidelid.com https://pixel.voltn.com *.shopperapproved.com *.gstatic.com *.google.com wateranywhere.com *.wateranywhere.com *.paypal.com *.amazonaws.com *.authorize.net *.bing.com *.clarity.ms *.sharethis.com *.doubleclick.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.facebook.net connect.facebook.net graph.facebook.com business.facebook.com http://container.pepperjam.com https://lz393.infusionsoft.com http://www.upsellit.com http://static.criteo.net https://static.traversedlp.com https://googleads.g.doubleclick.net https://js.adsrvr.org https://www.google.com *.hotjar.com https://script.crazyegg.com https://static.zdassets.com *.shopperapproved.com https://translate.google.com https://translate.googleapis.com *.mailchimp.com *.list-manage.com *.addthis.com *.addthisedge.com *.pinterest.com *.newrelic.com *.nr-data.net *.googletagmanager.com *.google.com *.gstatic.com *.bglobale.com *.cloudflare.com chimpstatic.com *.global-e.com *.braintreegateway.com *.paypal.com *.comodo.com *.bing.com *.authorize.net *.clarity.ms *.sharethis.com *.doubleclick.net *.googleapis.com *.klaviyo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ sandbox-assets.secure.checkout.visa.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com http://fonts.googleapis.com https://fonts.googleapis.com https://fonts.gstatic.com *.typekit.net https://translate.google.com https://translate.googleapis.com fonts.googleapis.com *.global-e.com *.bglobale.com *.bootstrapcdn.com https://static.klaviyo.com maxcdn.bootstrapcdn.com tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src https://static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.paypal.com wss://widget-mediator.zopim.com https://shopper.shop.pe https://gadgetguard.zendesk.com *.braintree-api.com *.addthis.com *.clarity.ms *.sharethis.com *.hotjar.com *.googleadservices.com *.google.com *.doubleclick.net *.zdassets.com *.klaviyo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.authorize.net jstest.authorize.net api.authorize.net apitest.authorize.net accept.authorize.net test.authorize.net https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src http://fonts.googleapis.com https://fonts.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-icQepQP8WFFLJPeObjMv6g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: analytics.google.com *.licdn.com www.googletagmanager.com *.doubleclick.net secure.golp4elik.com cc.cdn.civiccomputing.com adservice.google.com apikeys.civiccomputing.com www.google.com *.linkedin.com www.google-analytics.com *.gstatic.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 script-src 'unsafe-eval' 'unsafe-inline' *.mariatash.com *.google-analytics.com *.googleadservices.com *.g.doubleclick.net *.facebook.net *.googletagmanager.com *.vimeocdn.com js.braintreegateway.com *.payments-amazon.com www.gstatic.com *.klaviyo.com *.gladly.com *.newrelic.com *.audioeye.com *.nr-data.net *.cloudfront.net *.youtube.com s.ytimg.com api.smooch.io *.gladly.qa ipinfo.io *.searchspring.net tryonstudio.stage.accorin.us *.searchspring.com *.zdassets.com code.jquery.com ajax.aspnetcdn.com searchanise-ef84.kxcdn.com *.zopim.io *.zopim.org *.zopim.com *.hotjar.com www.searchanise.com *.amazon.com *.config.smooch.io *.google.com *.hotjar.io *.pinterest.com *.sinter-collect.com *.twitter.com player.vimeo.com snisecdn-feh571kz.stackpathdns.com *.facebook.com *.bglobale.com cdnjs.cloudflare.com *.cloudmaestro.com *.signifyd.com www.googleadservices.com cdn1-sandbox.affirm.com *.pxlecdn.com *.pixlee.com dist.pixotronics.com tryonstudio.staging.accorin.us cdn.mariatash.com tryonstudio.mariatash.webscale.site tashstudio.mariatash.com gepi.global-e.com s.pinimg.com bat.bing.com web.global-e.com webservices.global-e.com knowledgetags.yextapis.com w3c.github.io www.googleoptimize.com; report-uri /.webscale/csp-report 1 font-src *.fontawesome.com *.googleapis.com https://www.google.com https://www.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.bootstrapcdn.com https://*.hotjar.com https://static.klaviyo.com https://surveys-static.survicate.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com/ https://static.addtoany.com/ https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.twitter.com https://www.google.com https://www.google.co.in https://www.facebook.com secure.authorize.net test.authorize.net js.stripe.com m.stripe.com x.klarnacdn.net *.weltpixel.com vars.hotjar.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://cosmetis.com *.mcusercontent.com *.cloudflare.com *.gstatic.com *.google.com *.google.pt *.google.es *.google.co.in https://www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com *.tradetracker.net *.pampanetwork.com *.mailchimp.com *.cloudfront.net https://*.clarity.ms https://*.hotjar.com https://c.bing.com https://googleads.g.doubleclick.net https://cosmetis.boost.propelbon.com https://static.zdassets.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com https://static.addtoany.com/ apis.google.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.googleapis.com *.gstatic.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.cloudflare.com *.twitter.com *.google.pt *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://connect.facebook.net *.paypalobjects.com https://chimpstatic.com *.googletagmanager.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.bootstrapcdn.com tagmanager.google.com https://*.hotjar.com 'unsafe-inline' *.zdassets.com *.zendesk.com *.mailchimp.com mc.us6.list-manage.com *.newrelic.com *.nr-data.net *.doubleclick.net *.activehosted.com *.cloudfront.net wss://*.zopim.com wss://*.wizzy.ai *.app-us1.com trackcmp.net https://*.clarity.ms https://surveys-static.survicate.com https://api6.ipify.org https://*.cookie-script.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com unsafe-inline assets.braintreegateway.com *.cloudflare.com *.twitter.com *.google.co.in *.facebook.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.youtube.com *.bootstrapcdn.com *.zendesk.com *.mailchimp.com *.googletagmanager.com https://*.hotjar.com 'unsafe-inline' https://surveys-static.survicate.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://stats.addtoany.com/menu https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.cloudflare.com *.twitter.com *.twimg.com *.google.co.in *.google-analytics.com stats.g.doubleclick.net *.facebook.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.zdassets.com *.zendesk.com *.zopim.com wss://*.zopim.com *.nr-data.net wss://*.wizzy.ai https://*.wizzy.ai https://*.clarity.ms https://www.google.pt https://care4ict.nl/health_check.php wss://pod-18.zendesk.com https://gtm.cosmetis.com https://survey.survicate.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com t.elasticsuite.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.googleapis.com fonts.gstatic.com *.typekit.net https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.addthis.com *.pinterest.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com https://ajax.cloudflare.com *.newrelic.com *.nr-data.net https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.authorize.net assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com analytics.google.com unpkg.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com *.typekit.net https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com unsafe-inline *.googleapis.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.nr-data.net https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com *.google-analytics.com analytics.google.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 script-src 'unsafe-inline' 'strict-dynamic' 'self' 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'nonce-QnJpZ2h0Q3Jvd2QuY29t' https://brightcrowd.com/_nuxtl/;script-src-elem 'self' 'unsafe-inline' https://brightcrowd.com/_nuxtl/;img-src 'self' data: blob: https://brightcrowd.com https://i.ytimg.com https://i.vimeocdn.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com;frame-src https://www.youtube.com/embed/ https://www.youtube-nocookie.com/embed/ https://demo.arcade.software/;font-src 'self' data: https://fonts.gstatic.com;object-src 'none';frame-ancestors 'self';base-uri 'self';form-action 'self';report-uri https://su3g0lm6gc.execute-api.us-east-1.amazonaws.com/csp/report;report-to csp-endpoint 1 font-src *.gstatic.com 'self' data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es https://www.magezon.com 'self' data: yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com s7.addthis.com *.gstatic.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.googleapis.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com ekr.zdassets.com/ *.google-analytics.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /i/csp-report 1 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com https://fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.sandbox.paypal.com *.paypalobjects.com *.timpson-group.co.uk paypal.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.google.com *.doubleclick.net *.facebook.com account.fetchify.com g3d-app.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com google.com *.googleapis.com *.static.com *.googleadservices.com *.googletagmanager.com *.googleusercontent.com *.google-analytics.com *.cloudflare.com *.gstatic.com *.sandbox.paypal.com *.paypalobjects.com *.newrelic.com *.nr-data.net *.csp-reporting-service.com *.trustist.com trustist.blob.core.windows.net vimeo.com *.ggpht.com *.xtento.com *.timpson-group.co.uk paypal.com *.bing.com *.termly.io *.hotjar.com *.hotjar.io *.dwin1.com *.popupsmart.com *.twitter.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.trackedlink.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com g3d-app.com https://*.googleapis.com https://*.googleusercontent.com google.com *.googleapis.com *.static.com *.googleadservices.com *.googleusercontent.com *.google-analytics.com *.cloudflare.com *.sandbox.paypal.com *.paypalobjects.com *.newrelic.com *.nr-data.net *.csp-reporting-service.com *.trustist.com trustist.blob.core.windows.net vimeo.com *.ggpht.com www.xtento.com *.timpson-group.co.uk paypal.com *.bing.com *.termly.io *.hotjar.com *.hotjar.io *.dwin1.com *.popupsmart.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.klarna.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com s7.addthis.com https://cdnjs.cloudflare.com google.com *.googleapis.com *.static.com *.googleadservices.com *.googleusercontent.com *.cloudflare.com *.sandbox.paypal.com *.paypalobjects.com *.csp-reporting-service.com *.trustist.com trustist.blob.core.windows.net *.ggpht.com *.xtento.com g3d-app.com *.timpson-group.co.uk paypal.com *.bing.com *.termly.io *.hotjar.com *.hotjar.io *.dwin1.com *.popupsmart.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com cc-cdn.com *.google.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com google.com *.static.com *.googleadservices.com *.googleusercontent.com *.google-analytics.com *.cloudflare.com *.sandbox.paypal.com *.paypalobjects.com *.newrelic.com *.nr-data.net *.csp-reporting-service.com *.trustist.com trustist.blob.core.windows.net vimeo.com *.ggpht.com *.xtento.com g3d-app.com *.timpson-group.co.uk *.paypal.com paypal.com *.bing.com *.termly.io *.hotjar.com *.hotjar.io *.dwin1.com *.popupsmart.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.facebook.com *.facebook.net api.craftyclicks.co.uk pcls1.craftyclicks.co.uk https://ipinfo.io *.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com ekr.zdassets.com/ *.googleapis.com *.static.com *.googleadservices.com *.googletagmanager.com *.googleusercontent.com *.cloudflare.com *.sandbox.paypal.com *.paypalobjects.com *.csp-reporting-service.com *.trustist.com trustist.blob.core.windows.net *.ggpht.com *.xtento.com g3d-app.com *.timpson-group.co.uk paypal.com *.bing.com *.termly.io *.hotjar.com *.hotjar.io *.dwin1.com *.popupsmart.com *.doubleclick.net *.twitter.com *.twimg.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report; connect-src https: *.callbackhunter.com; 1 default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval' 1 font-src *.gstatic.com data: *.fontawesome.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com assets.braintreegateway.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com *.hotjar.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com *.klarnaevt.com https://a.klaviyo.com *.facebook.com *.google.com *.googletagmanager.com *.paypal.com *.pinterest.com *.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net js.braintreegateway.com www.youtube.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com https://static.klaviyo.com https://fast.a.klaviyo.com *.hotjar.com *.googletagmanager.com *.gstatic.com *.google.com *.facebook.net *.joinflow.com *.pinterest.com *.pinimg.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.klaviyo.com *.fontawesome.com tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com assets.braintreegateway.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarnaevt.com https://static.klaviyo.com https://fast.a.klaviyo.com *.klaviyo.com *.telavox.se *.telavox.com *.google-analytics.com *.doubleclick.net *.paypal.com *.klarna.com *.facebook.com *.pinterest.com *.hotjar.com *.hotjar.io https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.at ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com *.google-analytics.com *.analytics.google.com sanalytics.spreadshirt.at *.spreadshirt.at ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.google-analytics.com *.analytics.google.com *.spreadshirt.at ; font-src 'self' https: data: *.spreadshirt.at ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.at ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.at ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1 object-src 'none';base-uri 'self';script-src 'nonce-jZXu5OjZvTprrmjEoJvKFw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-yRUjBrTRb_bgEF83GkbUfw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-m3pOZedE00qTJ7ObmxFW1w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' https://client.getinchat.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://www.google.com https://www.gstatic.com https://cdn.userecho.com https://client.getinchat.com https://yandex.ru/ https://*.yandex.ru https://*.maps.yandex.net; font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; img-src 'self' data: https://*.starline.ru https://*.maps.yandex.net https://*.google.com https://enterprise.api-maps.yandex.ru https://cdn.userecho.com https://*.openstreetmap.org http://yandex.st/ https://yandex.st/ https://mc.yandex.ru; connect-src 'self' ws://*.starline.ru wss://rpl.starline-online.ru https://client.getinchat.com https://mc.yandex.ru https://geocode.starline.ru; frame-src 'self' https://*.google.com https://arkan.ru; 1 default-src 'self' *.charteredaccountants.ie *.realexpayments.com *.payandshop.com; script-src-elem 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' *.doubleclick.net * *.cloudflare.com *.fontawesome.com *.jsdelivr.net *.gstatic.com *.googletagmanager.com *.facebook.net *.jquery.com *.cookiebot.com *.googleapis.com; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' *.digicert.com *.zopim.com *.youtube.com googleads.g.doubleclick.net *.licdn.com *.google-analytics.com *.cookiebot.com *.fontawesome.com *.jsdelivr.net *.crazyegg.com *.telerikstatic.com *.aspnetcdn.com *.facebook.net *.cloudflare.com *.googleapis.com *.googletagmanager.com *.charteredaccountants.ie *.jquery.com; style-src 'report-sample' 'unsafe-inline' *.bootstrapcdn.com *.jquery.com *.cloudflare.com *.jsdelivr.net *.googleapis.com *.fontawesome.com *.telerikstatic.com *.charteredaccountants.ie; object-src 'none'; base-uri 'self' *.charteredaccountants.ie; connect-src 'self' *.google.co.uk *.google.com *.google.ie www.googleadservices.com *.google.co.in *.googletagmanager.com *.zopim.com *.zdassets.com *.fontawesome.com *.charteredaccountants.ie *.cookiebot.com *.google-analytics.com *.crazyegg.com *.doubleclick.net *.facebook.com *.gstatic.com *.licdn.com; font-src 'self' data: *.bootstrapcdn.com *.zopim.com *.gstatic.com *.fontawesome.com; frame-src 'self' *.cookiebot.com *.linkedin.com *.google.com charteredaccountantsireland.mediasite.com *.facebook.com *.youtube.com *.realexpayments.com *.payandshop.com *.charteredaccountants.ie *.doubleclick.net; img-src 'self' data: *.zopim.com *.charteredaccountants.ie *.googletagmanager.com *.google.ie *.linkedin.com *.digicert.com *.facebook.com *.google-analytics.com *.google.co.uk *.google.com *.google.co.in *.doubleclick.net *.cookiebot.com; manifest-src 'self' *.charteredaccountants.ie; media-src 'self' *.charteredaccountants.ie; frame-ancestors 'self' *.linkedin.com *.google.com *.charteredaccountants.ie *.realexpayments.com *.payandshop.com; report-uri https://csp.charteredaccountants.ie/index.php; worker-src blob:; 1 object-src 'none';base-uri 'self';script-src 'nonce-tfVcRdIuGGfiOyjzXquKag' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src https://stackpath.bootstrapcdn.com data: https://provape.com https://fonts.gstatic.com https://fonts.googleapis.com https://cdn.agechecker.net https://cdn.userway.org *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com www.searchanise.com *.searchserverapi.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com *.authorize.net www.searchanise.com *.searchserverapi.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://verifypass.com https://vars.hotjar.com https://cdn.userway.org https://widget.trustpilot.com *.google.com *.google.com.ua *.google.co.uk www.facebook.com platform.twitter.com *.authorize.net www.searchanise.com *.searchserverapi.com *.twitter.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.paypal.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://provape.com https://www.google.com.ua https://www.google.com https://www.google.nl https://shareasale.com https://cdn.routeapp.io https://www.google.co.uk https://img.agechecker.net https://cdn.userway.org https://c.clarity.ms https://c.bing.com *.google.com *.google.com.ua *.google.co.uk *.gstatic.com *.doubleclick.net https://img.youtube.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com store.paradoxlabs.com *.twitter.com *.twimg.com www.google.ru www.searchanise.com *.searchserverapi.com s3.amazonaws.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cache.validage.com cloud.validage.com https://cdn.agechecker.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com maps.googleapis.com https://chimpstatic.com downloads.mailchimp.com *.list-manage.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://searchserverapi.com https://static.cloudflareinsights.com https://static.zdassets.com https://www.googletagmanager.com https://www.dwin1.com https://cdn.clerk.io https://api.clerk.io https://static.hotjar.com https://script.hotjar.com https://ajax.cloudflare.com https://d5yoctgpv4cpx.cloudfront.net https://cdn.userway.org https://cdn.verifypass.com https://www.clarity.ms https://cdnjs.cloudflare.com https://widget.trustpilot.com s7.addthis.com *.google.com *.google.com.ua *.google.co.uk *.gstatic.com *.googletagmanager.com *.doubleclick.net *.avada.io connect.facebook.net twitter.com platform.twitter.com *.authorize.net searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com *.searchserverapi.com *.searchanise.com api.amplitude.com *.twitter.com *.twimg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cache.validage.com cloud.validage.com static-tracking.klaviyo.com unsafe-inline downloads.mailchimp.com https://static.klaviyo.com https://stackpath.bootstrapcdn.com https://provape.com https://cdn-asset.optimonk.com https://cdn.userway.org https://fonts.googleapis.com *.googleapis.com *.googletagmanager.com *.fontawesome.com maxcdn.bootstrapcdn.com www.searchanise.com *.searchserverapi.com searchanise-ef84.kxcdn.com s3.amazonaws.com *.twitter.com ton.twimg.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://static.zdassets.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com cache.validage.com cloud.validage.com https://vc.hotjar.io www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://provape.zendesk.com wss://widget-mediator.zopim.com https://cdn77.api.userway.org https://in.hotjar.com wss://ws30.hotjar.com https://front.optimonk.com https://jfapiprod.optimonk.com https://cdn-renderer.optimonk.com wss://ws.hotjar.com https://content.hotjar.io https://api.agechecker.net https://api.userway.org https://cdn.userway.org https://q.clarity.ms https://o.clarity.ms ekr.zdassets.com/ *.google-analytics.com *.google.com https://get.geojs.io *.avada.io *.authorize.net api.amplitude.com stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.omtrdc.net www.google.ie *.qualtrics.com *.facebook.com *.demdex.net *.tiktok.com analytics.google.com region1.analytics.google.com *.facebook.net *.greateasternlife.com *.gstatic.com www.googletagmanager.com *.googleadservices.com *.googleapis.com *.licdn.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 default-src 'self';script-src 'self' 'unsafe-eval' pay.sandbox.datatrans.com payment.datatrans.biz payment.datatrans.swiss payment.datatrans2.biz https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://geschenkidee.cloudflareaccess.com https://ct.pinterest.com https://s.pinimg.com https://www.facebook.com https://connect.facebook.net https://track.bx-cloud.com https://www.googleoptimize.com https://cdn.scarabresearch.com https://static.scarabresearch.com https://tc.connects.ch https://bat.bing.com https://static.hotjar.co *.getback.ch *.hotjar.com *.criteo.com *.criteo.net https://ajax.cloudflare.com https://ocdn.eu *.onet.pl 'sha256-Ifh9ixurLzmgtO9d4k+Dh2N1mFV2xs3Xw9rZXZ3ezGc=' 'sha256-02ZxeTUnbomAMqtfbBs+Akk1VDc2oTpJwLu9f25b4fo=' 'sha256-wzu1RpBUwI+iXFt/hYnNupmxuWXkAhGu/7+4x9+a3u8=' 'sha256-WFZ3vM77R/4qWGxy/kIL78kpf4KHTbhcDJOpvTjUFD0=' 'sha256-rCUtbyAPxDQrTU6vQQjzVWT5E0VA1rwdtSSs/bLyP+Q=' 'sha256-ig2gSGuwvxCgtLsWHcNrPPF5sIj6lL21HWjUhvv2UkQ=' 'sha256-3h7QcnJhiTySuwHoIHetcG35gH+Jx64UqNeJKilyEgQ=' 'sha256-1Yd7kVEyMb6IK+f9wICjxTHUF/ICfVAr3ehweMijky4=' 'sha256-mEt3+h6nWTomqE7ur5vUWvSElL+QQU1KBblg55D6joM=' 'sha256-ajkq0Fdfa4CRfh/wpYN+NdPpYlA1c1XWtcPkDegvr6I=' 'sha256-kqAM9/JT+fik9ZYrr3mdQAp+5wPctH2KSXNHR+j6UuM=' 'sha256-w0oD10mS64FrlHFP83wc/XSp5ZhLyG5vh9A7q1GUFqw=' 'sha256-Iex3qNgxTpidIR6Qub5QjK3f5+xTLusuXDrnhLS8x9U=' 'sha256-8Xd+ujF0s8o0rpLon0ee3ZpUYDQWZCD49n07C6XqKuQ=' 'sha256-wR9nnIz6Cpd2eCKSfA3sZwJoBic/SOGALDY9y+siCaw=' 'sha256-skqv+8BGucqXcTl2p9dBU7gHHB3EVya8rIvgsu7bjXA=' 'sha256-27jYwMrTM0r8m+BIKhIgv9vasr/D8nWlfELD2gVb6IU=' 'sha256-l0wkTPiVrN2n3WJZ88C9XMypcHt8S3xTs5UQindnt+k=' 'sha256-/ut/63kwS+XWRZglX6OPUSbcT9DTxTKhc6DShIOpToA=' 'sha256-2vvQm2DqnT/0diSLx11RMdv9vnFTc75cbwMeETkHyxs=' 'sha256-gng7C5PCrVZmgU6Ln8bx0swwO5tbzq82cnUfqqSurmk=' 'sha256-Nk67eWBxwLSvnyWVMV4pF5iMRkWReDBx576DS6UpSWM=';style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://geschenkidee.cloudflareaccess.com *.getback.ch https://cdnjs.cloudflare.com;frame-src 'self' payment.datatrans.biz payment.datatrans.swiss payment.datatrans2.biz https://bid.g.doubleclick.net *.fls.doubleclick.net https://vars.hotjar.com https://www.facebook.com/ https://gum.criteo.com https://geschenkidee.cloudflareaccess.com https://www.youtube.com https://www.google.com https://api.test.geschenkidee.ch;connect-src 'self' https://api.geschenkidee.ch https://www.google-analytics.com https://api.ideecadeau.ch https://track.bx-cloud.com https://geschenkidee.cloudflareaccess.com https://ct.pinterest.com https://s.pinimg.com https://www.facebook.com https://connect.facebook.net https://recommender.scarabresearch.com https://webchannel-content.eservice.emarsys.net https://recommender-eu.scarabresearch.com https://in.hotjar.com https://stats.g.doubleclick.net https://www.lacmp.net https://o501385.ingest.sentry.io https://vc.hotjar.io https://events.ocdn.eu https://csr.onet.pl *.getback.ch;img-src 'self' static.geschenkidee.ch data: https://www.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.google.com googleads.g.doubleclick.net https://geschenkidee.cloudflareaccess.com https://ct.pinterest.com https://s.pinimg.com https://www.facebook.com https://connect.facebook.net https://bat.bing.com https://www.google.de *.onet.pl;font-src 'self' https://fonts.gstatic.com data: https://geschenkidee.cloudflareaccess.com https://script.hotjar.com https://cdnjs.cloudflare.com 1 object-src 'none';base-uri 'self';script-src 'nonce-cW89rhOfCRLpOiOPWiX3yw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self'; connect-src 'self' dc.services.visualstudio.com ssl.google-analytics.com stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com partner.testseek.com intranet.microk12.com middleman.microk12.com; font-src 'self' data: fonts.gstatic.com static.stockinthechannel.com; frame-src 'self' accounts.us.stockinthechannel.com app.powerbi.com ad.doubleclick.net bid.g.doubleclick.net www.youtube.com; frame-ancestors accounts.us.stockinthechannel.com; img-src * data:; media-src 'self' images.us.stockinthechannel.com media.stockinthechannel.com; manifest-src images.us.stockinthechannel.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' accounts.us.stockinthechannel.com images.us.stockinthechannel.com static.stockinthechannel.com www.googleadservices.com ssl.google-analytics.com googleads.g.doubleclick.net https://*.googletagmanager.com; style-src 'self' 'unsafe-inline' static.stockinthechannel.com fonts.googleapis.com ajax.googleapis.com; report-uri https://stockchannel.report-uri.com/r/d/csp/reportOnly 1 object-src 'none';base-uri 'self';script-src 'nonce-7mzJ64c9fh1P0xpVuh4XyQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com.br *.licdn.com *.facebook.net *.crazyegg.com www.google.com *.doubleclick.net *.ads-twitter.com *.facebook.com *.twitter.com www.googletagmanager.com *.gstatic.com analytics.google.com adservice.google.com *.linkedin.com t.co ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 object-src 'none';base-uri 'self';script-src 'nonce-UMR5SZgPg6lX8oSG1NHOBA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-WvVKxvyoNlElmpy509h3Tw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src maxcdn.bootstrapcdn.com *.fontawesome.com https://cdnjs.cloudflare.com https://*.m2.p74.dbm-local.com https://*.m2.p74.dbm-dev.com https://*.tendance-parfums.com https://*.clarity.ms https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.facebook.com platform.twitter.com https://www.youtube-nocookie.com https://maps.google.fr https://www.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.apptrian.com https://images.unsplash.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com https://*.m2.p74.dbm-local.com https://*.m2.p74.dbm-dev.com https://*.tendance-parfums.com https://*.clarity.ms https://*.bing.com https://*.google.fr https://*.google.com https://maps.googleapis.com https://maps.gstatic.com https://axeptio.imgix.net https://www.googletagmanager.com https://*.doubleclick.net https://favicons.axept.io 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com www.apptrian.com jquery.sellxed.com https://*.axept.io connect.facebook.net twitter.com platform.twitter.com https://cdnjs.cloudflare.com https://*.m2.p74.dbm-local.com https://*.m2.p74.dbm-dev.com https://*.tendance-parfums.com https://*.clarity.ms https://*.googletagmanager.com https://maps.googleapis.com https://*.bing.com https://*.google.com https://*.google.fr https://*.doubleclick.net https://*.cloudflare.com/ https://www.gstatic.com https://www.googleapis.com https://diffuser-cdn.app-us1.com https://prism.app-us1.com https://trackcmp.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com maxcdn.bootstrapcdn.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://*.m2.p74.dbm-local.com https://*.m2.p74.dbm-dev.com https://*.tendance-parfums.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com 'self' 'unsafe-inline'; manifest-src https://*.m2.p74.dbm-local.com https://*.m2.p74.dbm-dev.com https://*.tendance-parfums.com 'self' 'unsafe-inline'; connect-src www.sandbox.paypal.com www.apptrian.com https://client.axept.io https://api.axept.io https://*.m2.p74.dbm-local.com https://*.m2.p74.dbm-dev.com https://*.tendance-parfums.com https://*.clarity.ms https://*.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://maps.googleapis.com https://www.facebook.com https://www.google.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://*.m2.p74.dbm-local.com https://*.m2.p74.dbm-dev.com https://*.tendance-parfums.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://*.m2.p74.dbm-local.com https://*.m2.p74.dbm-dev.com https://*.tendance-parfums.com 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: analytics.google.com cdn.cookielaw.org w.sharethis.com *.facebook.net s.yimg.com sp.analytics.yahoo.com *.snapchat.com *.gstatic.com *.doubleclick.net *.tiktok.com www.opentable.ca connect.therecroom.com *.facebook.com *.brightcove.net *.linkedin.com *.googleapis.com apis.google.com www.google-analytics.com assets.adobedtm.com *.licdn.com www.google.ca cdn.otstatic.com files.therecroom.com sb.scorecardresearch.com *.msecnd.net dc.services.visualstudio.com ws.sharethis.com simplesharebuttons.com www.google.com edge.adobedc.net sc-static.net www.googletagmanager.com browser-update.org l.sharethis.com *.onetrust.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 object-src 'none';base-uri 'self';script-src 'nonce-9DZK7gw7mVANRglKQRQIvg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google-analytics.com *.doubleclick.net cdnjs.cloudflare.com www.googletagmanager.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/adsense_google_com 1 frame-ancestors *.hana.ondemand.com 'self'; object-src 'self' 'unsafe-inline'; media-src *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; font-src https://media.flixcar.com https://www.hirschs.co.za *.klevu.com *.ksearchnet.com *.cloudflare.com *.googleapis.com *.zopim.com *.gstatic.com *.tawk.to *.jsdelivr.net media.flixfacts.com 'unsafe-inline' data: http://js.klevu.com 'self' 'unsafe-inline'; style-src embed.tawk.to https://www.hirschs.co.za getfirebug.com *.klevu.com *.ksearchnet.com *.cloudflare.com *.googleapis.com *.jsdelivr.net www.gstatic.com media.flixcar.com 'unsafe-inline' data: http://js.klevu.com 'self' 'unsafe-inline'; connect-src settings.luckyorange.net dpm.demdex.net lgelectronics.demdex.net www.facebook.com https://tr.snapchat.com https://settings.luckyorange.com https://maps.googleapis.com https://dc.services.visualstudio.com https://media.flixcar.com/ https://www.google.co.za/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.klevu.com *.ksearchnet.com *.testfreaks.com http://js.klevu.com *.google.com *.nosto.com *.hotjar.io *.hotjar.com *.doubleclick.net *.zendesk.com *.paypal.com *.tawk.to wss://*.tawk.to *.tawk.link *.addthis.com *.addthisedge.com *.nr-data.net vsb111.tawk.to ekr.zdassets.com api.magento.com commerce.adobedc.net app.mobicredwidget.co.za www.google-analytics.com wss://widget-mediator.zopim.com bam.nr-data.net *.googletagmanager.com security-hub.vaimo.network 'unsafe-eval' data: https://bam.nr-data.net 'self' 'unsafe-inline'; form-action www.googleadservices.com https://tr.snapchat.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; frame-src pixel.everesttech.net www.everestjs.net lgelectronics.demdex.net https://tr.snapchat.com https://tpc.googlesyndication.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google.com *.nosto.com *.youtube.com *.issuu.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.criteo.net *.criteo.com *.addthis.com *.facebook.com webchat.jdg.co.za *.jdg.co.za https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline'; img-src pixel.everesttech.net cm.everesttech.net cm.g.doubleclick.net googleads.g.doubleclick.net https://widgets.payflex.co.za https://www.hirschs.co.za https://robincontentdesktop.blob.core.windows.net https://pagead2.googlesyndication.com https://static.addtoany.com https://hirschs.co.za widgets.magentocommerce.com 'unsafe-inline' data: www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.klevu.com *.ksearchnet.com *.cloudflare.com *.google.com *.google.lv *.google.co.za *.google.com.na *.google.na *.gstatic.com *.zopim.com *.nosto.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.zopim.io *.sfdr.co sfdr.co *.tawk.to tawk.link *.tawk.link *.addthis.com *.jsdelivr.net *.facebook.com *.youtube.com *.azurewebsites.net www.google-analytics.com maps.googleapis.com app.mobicredwidget.co.za amcglobal.sc.omtrdc.net media.flixcar.com rt.flix360.com assets.secure.checkout.visa.com http://js.klevu.com https://www.facebook.com 'self' 'unsafe-inline'; script-src www.everestjs.net https://sc-static.net/ https://partpayassets.blob.core.windows.net/widgets/ppQuery-3.2.1.js https://widgets.payflex.co.za https://www.hirschs.co.za https://robincontentdesktop.blob.core.windows.net https://tpc.googlesyndication.com https://tools.luckyorange.com https://selfservice.robinhq.com https://az416426.vo.msecnd.net https://s-eu-1.pushpushgo.com https://prod.flixgvid.flix360.io secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com www.vimeo.com www.googletagmanager.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com js.klevu.com *.ksearchnet.com *.zopim.com *.videoly.co sfdr.co *.cnetcontent.com *.cloudfront.net *.newrelic.com *.klevu.com *.google.com *.google.lv *.google.co.za *.google.com.na *.google.na *.cloudflare.com *.cloudflareinsights.com *.nosto.com *.hotjar.com *.googletagmanager.com *.criteo.net *.criteo.com *.sfdr.co *.tawk.to *.tawk.link *.jsdelivr.net *.addthis.com *.addthisedge.com *.moatads.com *.mouseflow.com *.nr-data.net *.facebook.com maps.googleapis.com www.googleadservices.com commerce.adobedtm.com magento-recs-sdk.adobe.net static.zdassets.com app.mobicredwidget.co.za www.gstatic.com connect.facebook.net bam.nr-data.net googleads.g.doubleclick.net js.testfreaks.com media.flixfacts.com media.flixcar.com security-hub.vaimo.network http://js.klevu.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.googletagmanager.com https://connect.facebook.net https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; report-uri https://security-hub.vaimo.network/public/api/content-security-policy.php; report-to report-endpoint; 1 font-src 'self' fonts.googleapis.com fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.monsido.com *.google-analytics.com *.google.com *.gstatic.com; style-src-elem 'self' fonts.googleapis.com blob:; style-src 'self' 'unsafe-inline'; frame-src 'self' *.google.com *.youtube.com networkmap.metroinfo.co.nz; connect-src 'self' *.google-analytics.com stats.g.doubleclick.net; img-src 'self' *.google.co.nz *.google.com *.google.com.au *.monsido.com; default-src 'self'; 1 object-src 'none';base-uri 'self';script-src 'nonce-K_VrGH55YQSJaK-tRPiMxQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 2l9u8tyqi4-flywheel.netdna-ssl.com; script-src 'self' 'unsafe-inline' 2l9u8tyqi4-flywheel.netdna-ssl.com google-analytics.com www.google-analytics.com google.com www.google.com www.gstatic.com gstatic.com static.addtoany.com *.wistia.net *.wistia.com; style-src 'self' 'unsafe-inline' 2l9u8tyqi4-flywheel.netdna-ssl.com fonts.googleapis.com; img-src 'self' data: 2l9u8tyqi4-flywheel.netdna-ssl.com stats.g.doubleclick.net google-analytics.com www.google-analytics.com embedwistia-a.akamaihd.net *.wistia.net *.wistia.com; font-src 'self' data: 2l9u8tyqi4-flywheel.netdna-ssl.com fonts.googleapis.com fonts.gstatic.com; connect-src 'self' pipedream.wistia.com fg8vvsvnieiv3ej16jby.litix.io distillery.wistia.com; media-src * 'self' https://www.essvote.com; frame-src 'self' www.google.com google.com fast.wistia.net; 1 script-src 'self' 'unsafe-inline' cds-sdkcfg.onlineaccess1.com connect.facebook.net cdnjs.cloudflare.com static.addtoany.com maps.googleapis.com *.googleadservices.com googleadservices.com *.google-analytics.com google-analytics.com *.googletagmanager.com googletagmanager.com *.googletagservices.com googletagservices.com adservice.google.com googleads.g.doubleclick.net use.typekit.net js-agent.newrelic.com www.google.com bam-cell.nr-data.net www.recaptcha.net www.gstatic.com info.autobooks.co fx.cathaybank.com; style-src 'self' 'unsafe-inline' static.addtoany.com fonts.googleapis.com; frame-src 'self' static.addtoany.com ad.doubleclick.net www.youtube.com www.youtube-nocookie.com www.facebook.com www.recaptcha.net info.autobooks.co; report-uri /report-csp-violation 1 script-src 'self' 'unsafe-eval' https://use.fontawesome.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://static.ctctcdn.com https://translate.googleapis.com https://cdnjs.cloudflare.com https://unpkg.com https://www.weps.org; script-src-elem 'self' 'unsafe-inline' translate.google.com www.google.com www.gstatic.com static.ctctcdn.com www.googletagmanager.com cdn.jsdelivr.net www.google-analytics.com translate.googleapis.com bam.nr-data.net js-agent.newrelic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.weps.org; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://use.fontawesome.com https://www.weps.org; style-src-elem 'self' 'unsafe-inline' cdn.jsdelivr.net translate.googleapis.com static.ctctcdn.com www.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://use.fontawesome.com https://www.weps.org; frame-ancestors 'self' 1 default-src 'self'; form-action 'self'; frame-ancestors 'self'; script-src 'self' https://www.google-analytics.com; connect-src 'self'; object-src 'none'; 1 object-src 'none';base-uri 'self';script-src 'nonce-l5VKLQ9kuhaOAxVkI-ToUw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.hotjar.com *.facebook.net r2.dotmailer-surveys.com *.gstatic.com rules.quantcount.com www.google.com analytics.google.com secure.quantserve.com *.cloudinary.com prreqcroab.icu woodmizer.com apps.usw2.pure.cloud cdn1.affirm.com api-cdn.usw2.pure.cloud *.facebook.com tracker.affirm.com *.doubleclick.net www.googletagmanager.com api-cf.affirm.com r2.trackedweb.net bat.bing.com static.trackedweb.net *.googleadservices.com adservice.google.com woodmizer.ca vc.hotjar.io *.addthis.com *.googleapis.com www.affirm.com www.youtube.com form.jotform.com pixel.quantserve.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: lla.com imgsct.cookiebot.com cdn.jsdelivr.net www.google-analytics.com www.printfriendly.com *.googleapis.com consentcdn.cookiebot.com maxcdn.bootstrapcdn.com *.gstatic.com consent.cookiebot.com stackpath.bootstrapcdn.com cdn.printfriendly.com romanza-assets.s3.amazonaws.com www.googletagmanager.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 object-src 'none';base-uri 'self';script-src 'nonce-JXKntwLobsxOA7iTG7l0Lw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-eAnDDrvG_g1MTSCuw4uV0w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com blog.starfurniture.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com blog.starfurniture.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com blog.starfurniture.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.affirm.com *.affirm.ca *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com blog.starfurniture.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com *.affirm.com *.affirm.ca www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com blog.starfurniture.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com *.affirm.com *.affirm.ca *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com blog.starfurniture.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com blog.starfurniture.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blog.starfurniture.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.googleapis.com *.affirm.com *.affirm.ca thm.visa.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com blog.starfurniture.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com blog.starfurniture.com http: https: blob: 'self' 'unsafe-inline'; default-src blog.starfurniture.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-_sBMyvsopE1LNNCr6H221g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src https: 'strict-dynamic' 'report-sample' 'nonce-T/x/0rax5Mvz5tvfWEgZo7ZCwsBA6bRH/CkgQLdIQG4='; base-uri 'self';report-to csp-endpoint 1 object-src 'none';base-uri 'self';script-src 'nonce-LR0Ym5sOqRae2qnldb14zA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.klarnacdn.net *.typekit.net *.akamaihd.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.dotdigital-pages.com *.dotdigital.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.liveperson.net *.pinterest.com *.vimeo.com *.lpsnmedia.net *.formstack.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com www.apptrian.com ct.pinterest.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.klarna.com *.klarnaevt.com *.klarnacdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.facebook.com *.ctfassets.net *.placeholder.com *.photorank.me *.google.com *.quantserve.com *.ometria.com *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com www.pinterest.com s.pinimg.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.klarna.com *.klarnacdn.net *.klarnaservices.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com *.sharethis.com *.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com *.googleapis.com *.bazaarvoice.com *.onetrust.com *.trustpilot.com *.ometria.com *.liveperson.net *.quantserve.com *.doubleclick.net *.lpsnmedia.net *.akamaihd.net https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com display.ugc.bazaarvoice.com *.klarnacdn.net unsafe-inline assets.braintreegateway.com *.akamaihd.net tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com ct.pinterest.com www.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com www.apptrian.com ct.pinterest.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com connect.facebook.net graph.facebook.com *.onetrust.com *.akamaihd.net *.googletagmanager.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 script-src-elem *.braintreegateway.com *.strapworks.com *.paypal.com *.paypalobjects.com *.impactcdn.com analytics.tiktok.com *.klaviyo.com static.zdassets.com *.trustpilot.com connect.facebook.net bat.bing.com cdn.b0e8.com www.gstatic.com *.google-analytics.com tpc.googlesyndication.com googleads.g.doubleclick.net www.googleadservices.com www.googletagmanager.com cdnjs.cloudflare.com *.google.com shareasale-analytics.com *.kaspersky-labs.com www.pagespeed-mod.com 10.171.234.234:15871 blancfox.com hublosk.com jullyambery.net *.amazonaws.com www.strapworks.com localhost:49506 translate.googleapis.com cdn.ghostaio.com *.hotjar.com m59.prod2016.com *.sentry-cdn.com floatingplayer.com payperclickadz.com milkpload.net localhost:6543 *.clarity.ms 10.28.66.1 data1.ursari.com static.hotjar.com www.paypalobjects.com *.akamaihd.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src-elem *.googleapis.com cdnjs.cloudflare.com www.gstatic.com www.google.com pwm-image.trendmicro.com *.kaspersky-labs.com www.strapworks.com cdn.honey.io adblockers.opera-mini.net *.bootstrapcdn.com www.googletagmanager.com *.klaviyo.com 'self' 'unsafe-inline'; font-src *.fontawesome.com fonts.gstatic.com *.bootstrapcdn.com *.gstatic.com *.typekit.net use.typekit.net static.klaviyo.com static3.avast.com cdn.ivaws.com shopping.qantas.com cdn.honey.io assets.quadpay.com cdn.joinhoney.com *.amazonaws.com at.alicdn.com cdn.scite.ai themes.googleusercontent.com cdnjs.cloudflare.com fonts.googleapis.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com https://plumrocket.com *.authorize.net www.paypal.com www.sandbox.paypal.com *.paypal.com www.facebook.com www.strapworks.com connect.facebook.net 'self' 'unsafe-inline'; frame-ancestors www.strapworks.com 'self'; frame-src fast.amc.demdex.net www.paypal.com www.sandbox.paypal.com www.googletagmanager.com https://accounts.google.com *.paypal.com *.adobe.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com pay.google.com https://plumrocket.com *.google.com *.opendns.com *.authorize.net bid.g.doubleclick.net *.youtube-nocookie.com *.trustpilot.com *.braintreegateway.com *.paypalobjects.com www.youtube.com *.doubleclick.net *.facebook.com forms.office.com cj.dotomi.com ssl.kaptcha.com 10.171.234.234:15871 *.securly.com pwm-image.trendmicro.com apps.stifel.com static.klaviyo.com www.paypalobjects.com denied.schoolsbroadband.net filter.techloq.com 199.46.250.167:15871 199.46.196.165:15871 gateway.zscaler.net 199.46.251.175:15871 gateway.zscalertwo.net mozbar.moz.com vars.hotjar.com notify.bluecoat.com cdn.printfriendly.com 3.17.0.144:8443 fansaide.com gateway.zscloud.net floatingplayer.com cdn.exchmapdata.com api.greenadblocker.com gateway.zscalerthree.net login.zscalertwo.net cltfwdproxyf503:444 35.80.101.90:6080 blocked.syd-1.linewize.net portal.bitglass.com itclx36.ra.riteaid.us:15871 10.159.33.11:15871 192.168.1.219:15871 www.google.ca www.google.co.kr www.google.co.uk www.google.ae 192.168.240.81:15871 10.1.1.61:15871 mini.bijiatu.com 10.40.104.115:15871 199.46.250.164:15871 www.google.co.th www.google.co.il www.google.bs www.google.co.jp www.google.com.au www.google.com.mx ckf01.chino.k12.ca.us 'self' 'unsafe-inline'; img-src data: * data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com vimeo.com www.vimeo.com www.googletagmanager.com includestest.ccdc02.com *.avada.io https://accounts.google.com *.google.com *.adobe.com www.googleapis.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ c.paypal.com pay.google.com *.paypal.com *.braintreegateway.com *.vimeo.com *.authorize.net g1386590346.co *.strapworks.com googleads.g.doubleclick.net analytics.google.com *.youtube.com https://www.gstatic.com *.trustpilot.com *.commerce-payment-services.com *.typekit.net amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.paypalobjects.com static.zdassets.com cdn.b0e8.com connect.facebook.net bat.bing.com cdnjs.cloudflare.com shareasale-analytics.com tpc.googlesyndication.com widget-mediator.zopim.com 9kpxqu.3dl900.com bls4uz.0137mw.com awhof.z6airr.com cilkonlay.com hublosk.com jullyambery.net proxyerror.quad.com *.akamaihd.net fp166.digitaloptout.com qdatasales.com loungesrc.net *.hotjar.com fq1frg.a6rm7n.com gl9l2.x3hn2p.com gtj33.x3hn2p.com *.sentry-cdn.com *.printfriendly.com components.pearl.com 3h8wo.x3hn2p.com pmy9lv.a6rm7n.com block.opendns.com *.amazonaws.com 01k14.obzjc5.com i99f.a6rm7n.com b8cxq.jahk7c.com 10.251.1.123:15871 mabydick.com clinmaid.com *.klaviyo.com 0ta0l.ez05w7r.com *.clarity.ms 0j470.svn0czn.com www.google.com.ph j6j8xk.svn0czn.com polyfill.io 0b4ndqb.svn0czn.com f2y2n27.o0i7i3.com *.googleapis.com *.facebook.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com https://accounts.google.com *.adobe.com unsafe-inline *.bootstrapcdn.com https://www.gstatic.com *.trustpilot.com fonts.googleapis.com cdnjs.cloudflare.com *.klaviyo.com *.googleapis.com cdn.honey.io logos.formetocoupon.com cdn.joinhoney.com hello.myfonts.net cdn.printfriendly.com pwm-image.trendmicro.com 'self' 'unsafe-inline'; object-src object.center 'self' 'unsafe-inline'; media-src *.adobe.com static.zdassets.com ssl.gstatic.com *.googlevideo.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net https://accounts.google.com wss://widget-mediator.zopim.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.braintree-api.com *.google.com *.paypal.com *.braintreegateway.com https://get.geojs.io *.avada.io www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com ekr.zdassets.com *.klaviyo.com *.zendesk.com bat.bing.com *.facebook.com origin-analytics-sand.sandbox.braintree-api.com payments.sandbox.braintree-api.com localhost:49506 api.multiadblock.com api.vkanalytics.net *.amazonaws.com *.doubleclick.net hm.baidu.com *.akamaihd.net metriq.xyz b.1p1eqpotato.com api.smartblocker.org new229.com vc.hotjar.io translate.googleapis.com api.greenadblocker.com api.vid-adblocker.com m59.prod2016.com 1637314617.rsc.cdn77.org meetlookup.com cdnjs.cloudflare.com floatingplayer.com www.instagram.com api.freevideoguard.com o19233.ingest.sentry.io gjtrack.ucweb.com widget-mediator.zopim.com *.hotjar.com invitejs.trustpilot.com wss://*.hotjar.com rawjeansadvertising.com maintainance.poweradblocker.com *.clarity.ms ws://localhost:7784 360api.33445522.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src static.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.strapworks.com strapworks.zendesk.com vc.hotjar.io vars.hotjar.com *.clarity.ms 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-jLIoVraMg3pFqwyYJQOtjg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com sandbox.api.payme.hsbc.com.hk *.gateway.mastercard.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ sandbox.api.payme.hsbc.com.hk *.gateway.mastercard.com *.google.com/ eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ sandbox.api.payme.hsbc.com.hk *.gateway.mastercard.com *.google.com/ eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.sitejabber.com *.gstatic.com https://fonts.gstatic.com *.klarnacdn.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.facebook.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.amazonaws.com *.postcodeanywhere.co.uk *.cloudfront.net *.godaddy.com *.sitejabber.com *.sixityauto.com *.google-analytics.com *.facebook.com *.bing.com *.analytics.yahoo.com *.google.de *.wistia.com *.nexcesscdn.net https://helloextend-static-assets.s3.amazonaws.com *.klarna.com *.klarnaevt.com *.klarnacdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googletagmanager.com *.google-analytics.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de data.stats.tools *.googleadservices.com *.sitejabber.com *.searchspring.net *.capredict.com *.pcapredict.com *.godaddy.com *.addressy.com *.bing.com *.facebook.net *.yimg.com *.pepperjam.com *.attn.tv *.wistia.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://*.helloextend.com *.klarna.com *.klarnacdn.net *.klarnaservices.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.addressy.com *.sitejabber.com *.searchspring.net *.googleapis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://fonts.googleapis.com *.klarnacdn.net *.fontawesome.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.wistia.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.addressy.com *.searchspring.io *.sitejabber.com *.googletagmanager.com *.googleadservices.com *.g.doubleclick.net *.analytics.google.com *.yimg.com *.attentivemobile.com *.attn.tv *.wistia.com *.litix.io *.amazonaws.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com https://*.helloextend.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.googleapis.com fonts.gstatic.com https://js.klevu.com/klevu-css/* https://js.klevu.com/ *.klevu.com js.klevu.com *.cloudflare.com *.cloudfront.net *.bootstrapcdn.com *.typekit.net *.gstatic.com 'self' data: 'unsafe-inline' data: *.klarnacdn.net *.ksearchnet.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.sharethis.com *.braintreegateway.com *.google.com https://*.youtube.com www.facebook.com *.fls.doubleclick.net *.g.doubleclick.net *.shophumm.com.au *.criteo.com *.hotjar.com *.adsrvr.org https://viewer-whitelabel.shopfully.cloud https://www.tiendeo.co.nz *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com portal.sandbox.afterpay.com portal.afterpay.com *.weltpixel.com *.klarna.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.wesupply.xyz https://wesupplylabs.com *.dotdigital.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io maps.gstatic.com *.sharethis.com maps.googleapis.com *.klevu.com *.cloudflare.com https://cdn.klarna.com *.paypal.com *.afterpay.com https://img.youtube.com https://*.paypal.com *.nextopia.net https://*.zipmoney.com.au www.facebook.com *.data-dynamic.net *.godfreys.com.au *.feefo.com *.fls.doubleclick.net *.google.com *.google.com.ph *.google.com.au *.shophumm.com.au *.googletagmanager.com.au *.googletagmanager.com *.gstatic.com *.googleapis.com *.tvsquared.com *.bing.com *.hotjar.com *.quantserve.com *.criteo.com *.clarity.ms *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.afterpay.com https://site-assets.afterpay.com/ *.trackedlink.net connect.facebook.net graph.facebook.com business.facebook.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com maps.googleapis.com *.sharethis.com maps.gstatic.com fonts.googleapis.com *.klevu.com *.cloudflare.com *.fontawesome.com portal.afterpay.com *.gstatic.com *.google.com *.paypalobjects.com *.newrelic.com *.nr-data.net *.bronto.com *.barilliance.com *.barilliance.net *.cdn4.forter.com *.facebook.net *.fls.doubleclick.net *.g.doubleclick.net *.cloudfront.net *.feefo.com *.shophumm.com.au *.livechatinc.com *.serving-sys.com *.googleapis.com *.clarity.ms *.criteo.net *.criteo.com *.as.criteo.com *.bing.com *.quantserve.com *.hotjar.com *.tvsquared.com *.quantcount.com *.adsrvr.org *.googlecommerce.com *.rmp.rakuten.com *.openpay.com.au https://js-agent.newrelic.com/nr-1208.min.js https://unpkg.com *.azureedge.net https://viewer-whitelabel.shopfully.cloud/scripts/v1/init.min.js *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com x.klarnacdn.net portal.sandbox.afterpay.com *.klarna.com *.klarnaservices.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com *.ddlnk.net debug-tracking.dotdigital.internal www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.klevu.com *.ksearchnet.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com fonts.googleapis.com https://js.klevu.com/klevu-css/* *.klevu.com *.cloudflare.com *.bootstrapcdn.com *.fontawesome.com *.googleapis.com *.ecomm-nav.com https://*.zipmoney.com.au *.nextopiasoftware.com https://*.facebook.com https://*.safelinks.protection.outlook.com/ *.zdassets.com *.barilliance.com *.barilliance.net *.newrelic.com *.nr-data.net data: https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://use.typekit.net https://p.typekit.net *.nextopia.net *.cloudfront.net *.feefo.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarnacdn.net *.ksearchnet.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com *.cloudflare.com *.paypal.com *.braintree-api.com *.braintreegateway.com https://*.cloudfront.net https://*.zip.co *.nr-data.net *.forter.com wss://cdn0.forter.com *.google-analytics.com *.googleapis.com *.feefo.com *.serving-sys.com *.clarity.ms *.hotjar.com *.g.doubleclick.net *.hotjar.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://www.barilliance.net https://sslwidget.criteo.com https://socialplugin.facebook.net www.facebook.com https://prod-api-v1-widgets.azurewebsites.net wss://prod-eh-v1-analytics.servicebus.windows.net https://api.amplitude.com x.klarnacdn.net portal.sandbox.afterpay.com portal.afterpay.com *.adsrvr.org *.klarnaevt.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com connect.facebook.net graph.facebook.com business.facebook.com *.klarnaservices.com *.klevu.com *.ksearchnet.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-8ULQysKDnyqY-80RurZZkw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src cdn.jsdelivr.net fonts.gstatic.com cdn.almapay.com *.gstatic.com 'self' data: *.doubleclick.net *.sensefuel.live *.fontawesome.com https://cdnjs.cloudflare.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.fatherandsons.fr www.facebook.com tr.snapchat.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.getalma.eu *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://www.google.com/ *.doubleclick.net *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com secure-gateway.hipay-tpp.com *.hipay.com www.fatherandsons.fr *.facebook.com tr.snapchat.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net https://stats.g.doubleclick.net/ validate.fishpig.co.uk *.google.fr lb.analytics.advalo.com tr.snapchat.com axeptio.imgix.com axeptio.imgix.net googleads.g.doubleclick.net www.googletagmanager.com sst.fatherandsons.fr www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.jsdelivr.net *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.google.fr *.googletagmanager.com *.facebook.net *.doubleclick.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com secure-gateway.hipay-tpp.com *.hipay-tpp.com mpsnare.iesnare.com *.google.com *.gstatic.com *.cloudfront.net *.imgix.net *.iesnare.com *.hipay.com *.googleapis.com sc-static.net *.axept.io lb.analytics.advalo.com js-agent.newrelic.com bam-cell.nr-data.net *.nr-data.net api.socloz.com *.sensefuel.live https://cdnjs.cloudflare.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.jsdelivr.net fonts.googleapis.com *.googleapis.com *.doubleclick.net cdn.dnky.co webchat.dotdigital.com *.hipay.com *.sensefuel.live *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com data: mpsnare.iesnare.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.getalma.eu *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.hipay.com wss://mpsnare.iesnare.com *.axept.io stats.g.doubleclick.net ws.advalo.com tr.snapchat.com www.facebook.com bam-cell.nr-data.net www.googletagmanager.com maps.googleapis.com *.nr-data.net *.sensefuel.live api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.incomm.com www.google-analytics.com www.googletagmanager.com ssl.google-analytics.com www.memberedelivery.com *.gstatic.com ssl.kaptcha.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: apps.mypurecloud.com *.doubleclick.net www.google-analytics.com www.googletagmanager.com *.facebook.com use.typekit.net js.alpixtrack.com *.gstatic.com alpixtrack.com stackpath.bootstrapcdn.com ka-p.fontawesome.com cdnjs.cloudflare.com p.typekit.net *.adsrvr.org *.facebook.net code.jquery.com *.tvsquared.com widgets.hive.genesys.com chat.forumcu.com *.cloudfront.net kit.fontawesome.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 font-src data: fonts.gstatic.com static.zipmoney.com.au v2.zopim.com *.fontawesome.com *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com magento2.avada.io secure.ewaypayments.com secure-au.sandbox.ewaypayments.com youtube.com www.youtube.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.weltpixel.com www.xtento.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://static.afterpay.com site-assets.afterpay.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.cloudfront.net www.google.com www.google.com.au www.googletagmanager.com cdn.klarna.com www.magentocommerce.com zip.co static.zipmoney.com.au v2.zopim.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com www.xtento.com cdn.xtento.com t.zip.co data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com polyfill.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com s.pinimg.com widget.freshworks.com m2epro.freshdesk.com secure.ewaypayments.com static.zdassets.com static.zipmoney.com.au v2.zopim.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.fontawesome.com *.googleapis.com *.gstatic.com https://cdnjs.cloudflare.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com zip.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com widget.freshworks.com m2epro.freshdesk.com stats.g.doubleclick.net ekr.zdassets.com *.zip.co *.zipmoney.com.au wss://widget-mediator.zopim.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self'; script-src 'report-sample' 'self' https://www.clarity.ms/tag/dc7gdfaxdm https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js; style-src 'report-sample' 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' https://region1.analytics.google.com https://stats.g.doubleclick.net https://w.clarity.ms https://www.google-analytics.com; font-src 'self' https://fast.fonts.net; frame-src 'self'; img-src 'self' data:; manifest-src 'self'; media-src 'self' https://player.vimeo.com; worker-src 'none'; 1 object-src 'none';base-uri 'self';script-src 'nonce-VthlQWH5X2KijWVxr814MA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.fontawesome.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.google.com/ https://consentcdn.cookiebot.com/ *.doubleclick.net *.openstreetmap.org yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.facebook.com/ https://www.google.com/ https://cdn.klarna.com/ https://maps.gstatic.com/ https://maps.googleapis.com/ https://fp-b2c.farmaciasportuguesas.pt/ *.openstreetmap.org yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.avada.io https://www.google.com/recaptcha/ https://www.gstatic.com/ https://js-agent.newrelic.com/ https://www.googletagmanager.com/ https://bam-cell.nr-data.net/ https://bam.nr-data.net/ https://connect.facebook.net/ https://consentcdn.cookiebot.com/ https://consent.cookiebot.com/ https://maps.googleapis.com/ *.openstreetmap.org yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.openstreetmap.org yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.google-analytics.com/ https://ct.pinterest.com/ https://bam-cell.nr-data.net/ https://bam.nr-data.net https://consentcdn.cookiebot.com/ *.doubleclick.net *.google.com *.openstreetmap.org yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.gstatic.com data: *.fontawesome.com *.fonts.googleapis.com *.cloudflare.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.google.com *.addthis.com *.pinterest.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.addthis.com *.pinterest.com *.cdninstagram.com *.facebook.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://developer.adobe.com https://magento.com https://cdn.avmws.com/ http://cdn.avmws.com/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com analytics.google.com *.facebook.net *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com https://static.klaviyo.com unsafe-inline *.googleapis.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://developer.adobe.com https://cdn.avmws.com/ http://cdn.avmws.com/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com *.google-analytics.com analytics.google.com *.facebook.net *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-mrXTVjWvdWWttkrcERIZCA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 base-uri 'self' ; connect-src 'self' https://www.google-analytics.com google-analytics.com analytics.google.com https://stats.g.doubleclick.net https://bam.nr-data.net https://bam-cell.nr-data.net https://s.cadent.bloomberglaw.com https://a.blaw.com/2/httpapi https://dpm.demdex.net https://*.bgov.com https://*.bna.com https://*.bindg.com https://*.bnanews.bna.com https://*.bloomberg.com https://*.bloombergbna.com https://*.bloombergindustry.com https://*.bloomberglaw.com https://*.bloombergtax.com https://securepubads.g.doubleclick.net https://*.googlesyndication.com https://*.px-cloud.net https://collector-pxwjdtmg7v.pxchk.net flo.uri.sh https://www.bbthat.com; default-src 'self' https://*.bgov.com https://*.bna.com https://*.bindg.com https://*.bnanews.bna.com https://*.bloomberg.com https://*.bloombergbna.com https://*.bloombergindustry.com https://*.bloomberglaw.com https://*.bloombergtax.com; form-action 'self' https://*.bgov.com https://*.bna.com https://*.bindg.com https://*.bnanews.bna.com https://*.bloomberg.com https://*.bloombergbna.com https://*.bloombergindustry.com https://*.bloomberglaw.com https://*.bloombergtax.com https://platform.twitter.com https://syndication.twitter.com; img-src 'self' data: https://www.google.com/ads/ga-audiences https://www.google-analytics.com/collect https://dpm.demdex.net https://cm.everesttech.net https://bloomberg-bna-brightspot-lower.s3.amazonaws.com https://db0ip7zd23b50.cloudfront.net https://*.bgov.com https://*.bna.com https://*.bindg.com https://*.bnanews.bna.com https://*.bloomberg.com https://*.bloombergbna.com https://*.bloombergindustry.com https://*.bloomberglaw.com https://*.bloombergtax.com https://*.googlesyndication.com https://www.google.com/ads/measurement/ https://googleads.g.doubleclick.net/pagead/interaction/ https://storymaps.arcgis.com https://public.flourish.studio https://cdn.knightlab.com https://megaphone.imgix.net https://www.omnycontent.com public.flourish.studio https://syndication.twitter.com; sandbox 'self'; script-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com https://www.google-analytics.com/analytics.js https://*.bgov.com https://*.bna.com https://*.bindg.com https://*.bnanews.bna.com https://*.bloomberg.com https://*.bloombergbna.com https://*.bloombergindustry.com https://*.bloomberglaw.com https://*.bloombergtax.com 'nonce-2726c7f26c' https://www.googletagservices.com https://*.googlesyndication.com http://client.px-cloud.net public.flourish.studio https://connect.facebook.net https://platform.twitter.com https://cdn.syndication.twimg.com googletagmanager.com www.googletagmanager.com 'nonce-envVars' 'nonce-tophat' 'nonce-apollo'; report-uri https://news-api.bloomberglaw.com/v1/report/csp; frame-src https://bureauofnationalaffairs.demdex.net https://*.bgov.com https://*.bna.com https://*.bindg.com https://*.bnanews.bna.com https://*.bloomberg.com https://*.bloombergbna.com https://*.bloombergindustry.com https://*.bloomberglaw.com https://*.bloombergtax.com https://*.googlesyndication.com https://www.google.com/ https://storymaps.arcgis.com https://public.flourish.studio https://cdn.knightlab.com https://www.youtube-nocookie.com https://playlist.megaphone.fm https://player.megaphone.fm https://players.brightcove.net https://www.youtube.com https://www.omnycontent.com https://platform.twitter.com https://syndication.twitter.com; frame-ancestors https://*.bgov.com https://*.bna.com https://*.bindg.com https://*.bnanews.bna.com https://*.bloomberg.com https://*.bloombergbna.com https://*.bloombergindustry.com https://*.bloomberglaw.com https://*.bloombergtax.com; media-src https://*.bgov.com https://*.bna.com https://*.bindg.com https://*.bnanews.bna.com https://*.bloomberg.com https://*.bloombergbna.com https://*.bloombergindustry.com https://*.bloomberglaw.com https://*.bloombergtax.com https://playlist.megaphone.fm https://player.megaphone.fm https://players.brightcove.net https://www.omnycontent.com; style-src https://*.bgov.com https://*.bna.com https://*.bindg.com https://*.bnanews.bna.com https://*.bloomberg.com https://*.bloombergbna.com https://*.bloombergindustry.com https://*.bloomberglaw.com https://*.bloombergtax.com 'self' 'unsafe-inline' https://assets.bwbx.io https://fonts.googleapis.com; font-src 'self' https://assets.bwbx.io https://fonts.googleapis.com https://fonts.gstatic.com; 1 script-src https: 'strict-dynamic' 'report-sample' 'nonce-neOgthEPM/nB1e6+iJnsdwSjkDQbsPYaUJ/8ytL+YiE='; base-uri 'self';report-to csp-endpoint 1 default-src 'self'; img-src * 1 connect-src 'self' https://evt.klarna.com https://www.google-analytics.com *.google-analytics.com *.doubleclick.net *.analytics.google.com *.googletagmanager.com https://www.google.fi http://*.hotjar.com:* https://*.hotjar.com:* ws://*.hotjar.com wss://*.hotjar.com https://vc.hotjar.io:* https://surveystats.hotjar.io https://bam.nr-data.net *.bing.com wss://*.bing.com *.clarity.ms https://www.facebook.com https://site-gw.triggerbee.com https://widget-resources.triggerbee.com *.swogo.net https://js.testfreaks.com https://production.depict-api.com https://api.depict.ai https://checkout-uat.collector.se https://checkout.collector.se https://api.checkout.uat.walleydev.com https://api.checkout.walleypay.com https://walleypay.com *.zdassets.com *.zopim.com *.zendesk.com wss://*.zopim.com *.sync.ksync.fi *.ksync.k-rauta.fi inpref.com *.inpref.com https://d2wzl9lnvjz3bh.cloudfront.net *.via.placeholder.com *.google.com *.google.se *.google.no *.google.fr *.google.co.uk *.google.ru *.google.de *.google.es *.google.dk *.google.nl *.sync.kesko.fi https://survey.feedbackly.com https://mvalue-stage.mvoucher.se https://mvalue.mvoucher.se https://se-krauta-b2c-dev.eu.auth0.com https://se-krauta-b2c-qa.eu.auth0.com https://se-krauta-b2c-prod.eu.auth0.com https://cyclone-se-test.criipto.id https://cyclone-se-3.criipto.id https://kesko-se.criipto.id *.optimizely.com; img-src 'self' data: https://k-rauta-se-web-prod.s3.eu-west-1.amazonaws.com *.keskofiles.com http://public-qa.keskofiles.com *.imgix.net *.klarna.com https://www.google-analytics.com https://www.googletagmanager.com *.googletagmanager.com https://ssl.gstatic.com *.doubleclick.net https://www.gstatic.com https://www.google.se https://www.google.fi https://www.google.com *.analytics.google.com images.contentful.com images.ctfassets.net https://script.hotjar.com http://script.hotjar.com https://insights.hotjar.com http://static.hotjar.com https://static.hotjar.com https://keskoanalytics.s3.eu-central-1.amazonaws.com https://maps.googleapis.com *.bing.com *.microsoft.com https://www.facebook.com https://img.youtube.com https://pixel.quantserve.com https://assets.triggerbee.com https://widget-resources.triggerbee.com *.visualwebsiteoptimizer.com *.swogo.net *.images.testfreaks.com https://optimize.google.com *.googleoptimize.com *.zdassets.com *.zopim.io *.sync.ksync.fi *.via.placeholder.com https://www.pricerunner.se *.sync.kesko.fi *.vumbnail.com https://cert.tryggehandel.net; manifest-src 'self'; font-src 'self' https://fonts.gstatic.com http://static.hotjar.com https://static.hotjar.com http://script.hotjar.com https://script.hotjar.com *.swogo.net *.cloudfront.net *.googleoptimize.com *.sync.ksync.fi https://sync.kesko.fi https://cert.tryggehandel.net; frame-src 'self' *.klarna.com *.doubleclick.net https://vars.hotjar.com *.youtube.com *.youtu.be https://booking.brenderuprental.com https://utm.keskoanalytics.com/ https://keskoanalytics.s3.eu-central-1.amazonaws.com sdx.microsoft.com https://www.facebook.com https://form.jotform.com https://checkout-uat.collector.se https://checkout.collector.se https://checkout.uat.walleydev.com https://checkout.walleydev.com https://optimize.google.com *.googleoptimize.com *.sync.ksync.fi https://sync.ksync.fi https://widget.trustpilot.com *.vimeo.com https://cert.tryggehandel.net https://se-krauta-b2c-dev.eu.auth0.com https://se-krauta-b2c-qa.eu.auth0.com https://se-krauta-b2c-prod.eu.auth0.com https://cyclone-se-test.criipto.id https://cyclone-se-3.criipto.id https://kesko-se.criipto.id *.optimizely.com; style-src 'self' 'unsafe-inline' blob: https://tagmanager.google.com https://fonts.googleapis.com *.analytics.google.com *.googletagmanager.com https://keskoanalytics.s3.eu-central-1.amazonaws.com *.bing.com https://assets.triggerbee.com https://widget-resources.triggerbee.com *.cloudfront.net https://optimize.google.com *.googleoptimize.com https://sync.kesko.fi; script-src 'self' 'unsafe-inline' *.k-rauta.se https://k-rauta-se-web-prod.s3.eu-west-1.amazonaws.com *.keskofiles.com *.klarnacdn.net https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com http://tagmanager.google.com *.doubleclick.net https://www.googleadservices.com *.analytics.google.com *.googletagmanager.com https://static.hotjar.com https://script.hotjar.com http://static.hotjar.com http://script.hotjar.com *.script.hotjar.com 'unsafe-eval' https://js-agent.newrelic.com https://bam.nr-data.net *.youtube.com *.youtu.be https://keskoanalytics.s3.eu-central-1.amazonaws.com https://scjc708q0d.execute-api.eu-west-1.amazonaws.com https://bat.bing.com https://r.bing.com https://connect.facebook.net https://rules.quantcount.com https://secure.quantserve.com https://t.myvisitors.se https://api.triggerbee.com https://widget-resources.triggerbee.com *.visualwebsiteoptimizer.com *.swogo.net *.cloudfront.net *.r.testfreaks.com https://js.testfreaks.com https://cr.testfreaks.com https://code.jquery.com https://checkout-uat.collector.se https://checkout.collector.se https://api.checkout.uat.walleydev.com https://api.checkout.walleypay.com https://walleypay.com https://optimize.google.com www.googleoptimize.com *.googleoptimize.com *.zdassets.com *.zopim.com *.zendesk.com *.kesko.fi *.kesko.se *.sync.ksync.fi inpref.com *.inpref.com https://d2wzl9lnvjz3bh.cloudfront.net fi1.frosmo.com *.fi1.frosmo.com https://d2oarllo6tn86.cloudfront.net *.k-rauta.fi https://widget.trustpilot.com https://sync.kesko.fi https://cert.tryggehandel.net https://se-krauta-b2c-dev.eu.auth0.com https://se-krauta-b2c-qa.eu.auth0.com https://se-krauta-b2c-prod.eu.auth0.com https://cyclone-se-test.criipto.id https://cyclone-se-3.criipto.id https://kesko-se.criipto.id https://scandit.com https://ssl.scandit.com; style-src-elem 'self' 'unsafe-inline' *.k-rauta.se https://k-rauta-se-web-prod.s3.eu-west-1.amazonaws.com https://optimize.google.com *.googleoptimize.com *.sync.ksync.fi *.k-rauta.fi https://sync.kesko.fi; script-src-elem 'self' 'unsafe-inline' *.k-rauta.se https://k-rauta-se-web-prod.s3.eu-west-1.amazonaws.com https://www.google-analytics.com https://www.googletagmanager.com *.googletagmanager.com https://ssl.gstatic.com *.doubleclick.net https://www.gstatic.com https://www.google.se https://www.google.fi https://www.google.com *.analytics.google.com *.bing.com *.clarity.ms https://connect.facebook.net https://rules.quantcount.com https://secure.quantserve.com https://t.myvisitors.se https://assets.triggerbee.com https://widget-resources.triggerbee.com *.swogo.net *.cloudfront.net *.r.testfreaks.com https://js.testfreaks.com https://cr.testfreaks.com https://code.jquery.com https://optimize.google.com *.googleoptimize.com *.zdassets.com *.zopim.com *.zendesk.com *.k-rauta.fi https://widget.trustpilot.com https://sync.kesko.fi https://survey.feedbackly.com https://cert.tryggehandel.net https://se-krauta-b2c-dev.eu.auth0.com https://se-krauta-b2c-qa.eu.auth0.com https://se-krauta-b2c-prod.eu.auth0.com https://cyclone-se-test.criipto.id https://cyclone-se-3.criipto.id https://kesko-se.criipto.id *.optimizely.com *.bidtheatre.com; media-src videos.contentful.com videos.ctfassets.net *.zdassets.com; child-src https://vars.hotjar.com; frame-ancestors https://se-krauta-b2c-dev.eu.auth0.com https://se-krauta-b2c-qa.eu.auth0.com https://se-krauta-b2c-prod.eu.auth0.com https://cyclone-se-test.criipto.id https://cyclone-se-3.criipto.id https://kesko-se.criipto.id; report-uri https://www.k-rauta.se/csp-report; 1 object-src 'none';base-uri 'self';script-src 'nonce-xd9ixOlYV9P0dAN5RxQ_Hw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none'; script-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com https://www.google.com; script-src-attr 'self'; style-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self'; frame-ancestors 'self' 1 object-src 'none';base-uri 'self';script-src 'nonce-2GSRP2hiZnw19HYoFmZzBQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self'; object-src 'none'; worker-src 'none'; font-src 'self' data: https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' 'report-sample' https://braze-images.com; frame-src 'self' https://classroom.google.com https://form.typeform.com https://*.clickviewapp.com; media-src 'self' https://*.clickviewapp.com; img-src 'self' data: https://*.clickviewapp.com https://cdn.usefathom.com https://*.trackjs.com https://www.googletagmanager.com https://maps.googleapis.com https://braze-images.com; connect-src 'self' https://*.clickview.com.au https://*.clickview.co.uk https://*.clickview.us wss://*.clickview.com.au wss://*.clickview.co.uk wss://*.clickview.com.au wss://*.clickview.us https://*.clickviewapp.com wss://*.clickviewapp.com https://*.trackjs.com https://maps.googleapis.com wss://*.vivi.io https://*.clickviewlocalcache.com:9055 https://www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://*.clickview.com.au https://cdn.usefathom.com https://www.googletagmanager.com https://apis.google.com https://maps.googleapis.com https://teams.microsoft.com https://braze-images.com; base-uri 'none'; form-action 'self'; frame-ancestors https:; report-to default; report-uri https://www.clickview.net/_diagnostics/csp; upgrade-insecure-requests 1 font-src *.klevu.com *.ksearchnet.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.zopim.com *.gstatic.com *.tawk.to *.jsdelivr.net media.flixfacts.com 'unsafe-inline' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com oppwa.com *.oppwa.com *.facebook.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; frame-ancestors *.hana.ondemand.com 'self'; style-src cdn.dnky.co webchat.dotdigital.com *.klevu.com *.ksearchnet.com *.fontawesome.com oppwa.com *.oppwa.com *.cloudflare.com *.googleapis.com *.jsdelivr.net www.gstatic.com media.flixcar.com 'unsafe-inline' data: 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; connect-src g.clarity.ms maps.googleapis.com a.clarity.ms f.clarity.ms geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.klevu.com *.ksearchnet.com oppwa.com *.oppwa.com *.testfreaks.com *.google.com *.nosto.com *.hotjar.io *.hotjar.com *.doubleclick.net *.zendesk.com *.paypal.com *.tawk.to wss://*.tawk.to *.tawk.link *.addthis.com *.addthisedge.com *.nr-data.net vsb111.tawk.to ekr.zdassets.com api.magento.com commerce.adobedc.net app.mobicredwidget.co.za www.google-analytics.com wss://widget-mediator.zopim.com bam.nr-data.net *.googletagmanager.com security-hub.vaimo.network 'unsafe-eval' data: 'self' 'unsafe-inline'; frame-src 11198720.fls.doubleclick.net/ bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com oppwa.com *.oppwa.com data:text *.google.com *.nosto.com *.issuu.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.criteo.net *.criteo.com *.addthis.com *.facebook.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; img-src c.clarity.ms/c.gif c.bing.com widgets.magentocommerce.com 'unsafe-inline' data: www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.klevu.com *.ksearchnet.com oppwa.com *.oppwa.com *.cloudflare.com *.google.com *.google.lv *.google.co.za *.google.com.na *.google.na *.gstatic.com *.zopim.com *.nosto.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.zopim.io *.sfdr.co sfdr.co *.tawk.to tawk.link *.tawk.link *.addthis.com *.jsdelivr.net *.facebook.com *.youtube.com *.azurewebsites.net www.google-analytics.com maps.googleapis.com app.mobicredwidget.co.za amcglobal.sc.omtrdc.net media.flixcar.com rt.flix360.com assets.secure.checkout.visa.com data: 'self' 'unsafe-inline'; script-src www.clarity.ms a.clarity.ms/s/0.6.34/clarity.js e.clarity.ms/s/0.6.34/clarity.js l.clarity.ms/s/0.6.34/clarity.js k.clarity.ms/s/0.6.34/clarity.js h.clarity.ms/s/0.6.34/clarity.js i.clarity.ms/s/0.6.34/clarity.js f.clarity.ms/s/0.6.34/clarity.js j.clarity.ms/s/0.6.34/clarity.js d.clarity.ms/s/0.6.34/clarity.js geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com www.google-analytics.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com js.klevu.com *.ksearchnet.com *.avada.io *.oppwa.com oppwa.com *.zopim.com *.videoly.co sfdr.co *.cnetcontent.com *.cloudfront.net *.newrelic.com *.klevu.com *.google.com *.google.lv *.google.co.za *.google.com.na *.google.na *.cloudflare.com *.cloudflareinsights.com *.nosto.com *.hotjar.com *.googletagmanager.com *.criteo.net *.criteo.com *.sfdr.co *.tawk.to *.tawk.link *.jsdelivr.net *.addthis.com *.addthisedge.com *.moatads.com *.mouseflow.com *.nr-data.net *.facebook.com maps.googleapis.com www.googleadservices.com commerce.adobedtm.com magento-recs-sdk.adobe.net static.zdassets.com app.mobicredwidget.co.za www.gstatic.com connect.facebook.net bam.nr-data.net googleads.g.doubleclick.net js.testfreaks.com media.flixfacts.com media.flixcar.com security-hub.vaimo.network 'self' 'unsafe-inline' 'unsafe-eval'; 1 default-src 'self' data:; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' cdnjs.cloudflare.com www.google-analytics.com *.googleapis.com static.ads-twitter.com connect.facebook.net snap.licdn.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.google.com www.gstatic.com analytics.twitter.com static.zdassets.com cdn.jsdelivr.net mstat.acestream.net http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io cdn.dashly.app *.adroll.com openfpcdn.io https://fpcdn.io platform.twitter.com https://appleid.cdn-apple.com https://accounts.google.com/gsi/client; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com https://accounts.google.com/gsi/style; img-src 'self' data: https: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; font-src 'self' fonts.gstatic.com fonts.googleapis.com data: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io cdn.dashly.app at.alicdn.com; connect-src 'self' www.google-analytics.com *.googleapis.com www.facebook.com stats.g.doubleclick.net www.google.com copybet.zendesk.com ekr.zdassets.com sentry.copybet.com mc.yandex.ru http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com *.dashly.app wss://*.dashly.app https://adservice.google.com o895193.ingest.sentry.io stats.g.doubleclick.net d.adroll.com *.openfpcdn.io https://*.fptls.com/ https://*.api.fpjs.io https://fpjscdn.net https://*.fptls2.com https://*.linkedin.oribi.io https://accounts.google.com/gsi/; frame-src 'self' www.google.com pay.skrill.com test-api.sumsub.com api.sumsub.com bid.g.doubleclick.net stats.g.doubleclick.net www.facebook.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io platform.twitter.com https://accounts.google.com/gsi/; 1 font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.gstatic.com *.typekit.net *.trustedshops.com *.trustpilot.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.nosto.com *.nos.to *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.dotdigital-pages.com *.dotdigital.com *.nosto.com *.nos.to *.sharethis.com *.addthis.com *.moatads.com *.mastercard.com *.paypal.com *.livechatinc.com *.vimeo.com *.pinterest.com/ *.doubleclick.net *.adsrvr.org *.trustpilot.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com https://img.youtube.com *.nosto.com *.nos.to *.zipmoney.com.au *.gstatic.com *.googleapis.com beaumont-tiles.com.au *.beaumont-tiles.com.au *.google.com *.adnxs.com *.pinterest.com *.ggpht.com *.sharethis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://api.addressfinder.io polyfill.io www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com s.pinimg.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com s7.addthis.com *.nosto.com *.nos.to *.sharethis.com *.addthis.com *.moatads.com *.addthisedge.com *.googleapis.com *.newrelic.com *.nr-data.net *.mastercard.com *.zipmoney.com.au *.livechatinc.com *.roomvo.com *.pinimg.com *.serving-sys.com *.adsrvr.org *.adnxs.com *.zip.co *.trustpilot.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://api.addressfinder.io *.fontawesome.com maxcdn.bootstrapcdn.com *.nosto.com *.nos.to *.bootstrapcdn.com *.cloudflare.com *.typekit.net *.googleapis.com *.trustpilot.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://api.addressfinder.io *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com ekr.zdassets.com/ *.nosto.com *.nos.to *.demdex.net *.sharethis.com *.addthis.com *.nr-data.net *.zipmoney.com.au *.zip.co *.paypal.com *.livechatinc.com *.google-analytics.com *.serving-sys.com *.pinterest.com maps.googleapis.com *.doubleclick.net *.roomvo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' *.googleapis.com *.gstatic.com www.openstreetmap.org secure.ogone.com *.youtube.com player.vimeo.com *.vimeocdn.com ; report-uri /WebResource.axd?cspReport=true; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com ajax.aspnetcdn.com *.google-analytics.com translate.google.com *.readspeaker.com *.googleapis.com www.openlayers.org openlayers.org *.openstreetmap.org *.typekit.net www.googletagmanager.com matomoembraceklantportaal.azurewebsites.net; connect-src 'self' *.typekit.net *.google-analytics.com *.stats.g.doubleclick.net *.umbraco.org *.openstreetmap.org *.googleapis.com ws://portaal.nl matomoembraceklantportaal.azurewebsites.net; img-src 'self' *.umbraco.org umbraco.tv www.gravatar.com pbs.twimg.com cdn.jsdelivr.net *.typekit.net *.google-analytics.com placehold.it *.gstatic.com www.google.com translate.googleapis.com *.googleapis.com *.openstreetmap.org www.openlayers.org openlayers.org api.maptiler.com ; media-src 'self' ; font-src 'self' data: *.typekit.net *.gstatic.com ; style-src 'self' 'unsafe-inline' *.typekit.net *.googleapis.com www.openlayers.org openlayers.org www.gstatic.com ; frame-ancestors 'self' ; 1 connect-src 'self' https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://bnp-privacy.my.onetrust.com https://quotes.bnpparibasmarkets.be https://quotes.bnpparibasmarkets.ch https://quotes.produitsdebourse.bnpparibas.fr https://quotes.bnpparibasmarkets.nl https://quotes.varant.bnpparibas.com.tr https://cdn.cookielaw.org https://cib.sc.omtrdc.net https://geolocation.onetrust.com https://in.hotjar.com https://stats.g.doubleclick.net https://syndication.twitter.com https://vc.hotjar.io https://web-sdk-eu.aptrinsic.com https://www.google-analytics.com https://www.youtube-nocookie.com wss://websockets.bnpparibasmarkets.be wss://websockets.bnpparibasmarkets.ch wss://websockets.produitsdebourse.bnpparibas.fr wss://websockets.bnpparibasmarkets.nl wss://websockets.varant.bnpparibas.com.tr; default-src 'self'; frame-ancestors 'self' https://*.rewardsatwork.be https://www.iex.nl; frame-src 'self' https://forms.klug-newmedia.de https://platform.twitter.com https://syndication.twitter.com https://vars.hotjar.com https://www.youtube.com/iframe_api https://www.youtube-nocookie.com; script-src 'self' https://*.googletagmanager.com https://assets.adobedtm.com https://bnp-privacy.my.onetrust.com https://cdn.cookielaw.org https://cdn.syndication.twimg.com https://cib.sc.omtrdc.net https://platform.twitter.com https://script.hotjar.com https://static.hotjar.com https://storage.googleapis.com https://www.youtube.com 'sha256-d26KPbO5JnCveBSpn7HS2ZGhVyD0bECnt3+OlmLV/RY=' 'sha256-hbsKiu0kqNRj+jtfXhSDeqmNwcqBsLKek9UU5mU2Vms=' 'nonce-VbPO2/tsrXZcraoKF8UcPENmZUfpn+iL3bENg51aXrQ='; report-uri https://vicompany.report-uri.com/r/d/csp/reportOnly; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdnjs.cloudflare.com *.gstatic.com www.google-analytics.com *.facebook.net *.facebook.com www.google.com www.youtube.com mc.yandex.ru www.google.az www.googletagmanager.com img.youtube.com *.doubleclick.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com https://cdn.livechatinc.com https://secure.livechatinc.com https://fonts.google.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://www.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com https://secure.livechatinc.com https://widget.trustpilot.com https://consentcdn.cookiebot.com https://www.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com www.feedoptimise.com cdn.feedoptimise.com *.amazonaws.com maps.gstatic.com https://cdn.livechatinc.com https://secure.livechatinc.com https://cdn.livechat-static.com https://cdn.livechat-files.com/ https://bat.bing.com https://www.google.co.uk https://s.ytimg.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ jquery.sellxed.com widget.freshworks.com m2epro.freshdesk.com www.feedoptimise.com cdn.feedoptimise.com maps.googleapis.com https://api.livechatinc.com https://cdn.livechatinc.com https://secure.livechatinc.com https://cdn.livechat-static.com https://widget.trustpilot.com https://bat.bing.com https://script.thisisbeacon.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://cdnjs.cloudflare.com https://js-agent.newrelic.com https://bam.nr-data.net connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://cdn.livechatinc.com https://secure.livechatinc.com https://cdn.livechat-static.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.googleapis.com widget.freshworks.com m2epro.freshdesk.com ws.postcoder.com https://api.livechatinc.com https://cdn.livechatinc.com https://secure.livechatinc.com https://youtube.com https://google.com https://fonts.google.com https://v5api.thisisbeacon.com https://consentcdn.cookiebot.com https://bam.nr-data.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src https://api.livechatinc.com https://cdn.livechatinc.com https://secure.livechatinc.com https://youtube.com https://google.com https://fonts.google.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 base-uri 'none'; object-src 'none'; script-src https://overgrow.com/logs/ https://overgrow.com/sidekiq/ https://overgrow.com/mini-profiler-resources/ https://overgrow.com/assets/ https://overgrow.com/brotli_asset/ https://overgrow.com/extra-locales/ https://overgrow.com/highlight-js/ https://overgrow.com/javascripts/ https://overgrow.com/plugins/ https://overgrow.com/theme-javascripts/ https://overgrow.com/svg-sprite/ 'report-sample' https://grower.cz/piwik/piwik.js https://js.stripe.com/v3/ https://assets.mantisadnetwork.com/mantodea.min.js https://ecs.mantisadnetwork.com/website/ads 'sha256-9MdCJGZqoXb6/d816rvLgJt14oUMkZptgCfncCZfl5k=' https://direct.mantisadnetwork.com/website/ads https://ad.doubleclick.net https://tags.crwdcntrl.net https://tags.crwdcntrl.net/* https://ad.doubleclick.net/*; worker-src 'self' https://overgrow.com/assets/ https://overgrow.com/brotli_asset/ https://overgrow.com/javascripts/ https://overgrow.com/plugins/; report-uri https://overgrow.com/csp_reports 1 object-src 'none';base-uri 'self';script-src 'nonce-yoFbDvNWgXVOrckgrhUyKw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data: blob: android-webview-video-poster:; font-src * data:; connect-src * blob:; media-src * blob:; frame-src * blob: navigate:; worker-src 'self' blob:; frame-ancestors https://commentsold.com dashboard.popshop.live dashboard.dev.popshop.live; form-action 'self' www.facebook.com tr.snapchat.com pos.commentsold.com; object-src 'none'; manifest-src *; child-src 'self' blob:; report-uri https://o43862.ingest.sentry.io/api/239693/security/?sentry_key=deb2fc6b7d104f7ea6241356c26c14d0 1 script-src 'sha256-/Lv75OFGUbV9zQUFKPOvBD7barOFbXvnecq4YWVTmN4=' 'self' 'self' *.empregoligado.net *.levee.com *.empregoligado.com.br static.zdassets.com analytics.tiktok.com *.facebook.net *.singular.net *.google-analytics.com *.cloudflareinsights.com *.hotjar.com *.googletagmanager.com www.termsfeed.com googleads.g.doubleclick.net www.googleadservices.com cdnjs.cloudflare.com www.cookieconsent.com analytics.trovit.com convcdn.indeed.tech; connect-src 'self' *.empregoligado.net *.levee.com *.empregoligado.com.br *.zdassets.com *.zendesk.com *.sentry.io sentry.io *.hotjar.com www.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com *.cloudflareinsights.com *.facebook.net *.facebook.com www.cookieconsent.com www.termsfeed.com fonts.googleapis.com googleads.g.doubleclick.net www.googleadservices.com *.google-analytics.com analytics.google.com analytics.tiktok.com unleash.levee.com.br fonts.gstatic.com www.google.com www.google.com.br *.appspot.com stats.g.doubleclick.net *.singular.net api.amplitude.com api-js.mixpanel.com; form-action 'self'; frame-ancestors 'none'; object-src 'none'; style-src 'self' *.levee.com *.empregoligado.net *.empregoligado.com.br 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net; font-src 'self' *.levee.com *.empregoligado.net *.empregoligado.com.br fonts.googleapis.com fonts.gstatic.com cdn.jsdelivr.net; frame-src 'self' form.typeform.com *.facebook.com *.doubleclick.net; img-src 'self' data: *.levee.com *.empregoligado.net *.empregoligado.com.br empregoligado-production-images.s3.amazonaws.com *.google-analytics.com *.singular.net *.appspot.com www.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com *.facebook.net *.facebook.com www.cookieconsent.com www.termsfeed.com fonts.googleapis.com googleads.g.doubleclick.net www.googleadservices.com analytics.tiktok.com unleash.levee.com.br fonts.gstatic.com www.google.com www.google.com.br www.google-analytics.com stats.g.doubleclick.net api.amplitude.com api-js.mixpanel.com; media-src 'self' *.levee.com *.empregoligado.net *.empregoligado.com.br 1 object-src 'none';base-uri 'self';script-src 'nonce-RfhGIjyYvU7o3vSuNEK40w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-pLodOM45pc5vvRNfyqdlLQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 upgrade-insecure-requests; default-src 'none'; object-src 'self'; media-src 'self'; connect-src 'self'; frame-ancestors 'none'; frame-src https://www.youtube.com; img-src 'self' data: https://www.google-analytics.com https://maps.gstatic.com https://csi.gstatic.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; script-src 'self' 'nonce-831d5183749c34a4a63c84103358071c060599d9' 'sha256-NeueIEO8rwnaeJW0jYHRwrarPP+KzGzhk6xBJ06ntlw=' https://www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://maps.googleapis.com; 1 font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com widgets.trustedshops.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cleverreach.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.facebook.com https://cdn.consentmanager.net https://delivery.consentmanager.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com js.playground.klarna.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.cloudfront.net *.google.de *.google.com *.facebook.com https://widgets.trustedshops.com https://cdn.consentmanager.net https://delivery.consentmanager.net https://b.delivery.consentmanager.net *.sooqr.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com cdn.pay1.de x.klarnacdn.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ tagmanager.google.com https://www.googletagmanager.com *.google.com *.googleapis.com *.gstatic.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://connect.facebook.net https://widgets.trustedshops.com https://cognito-identity.eu-central-1.amazonaws.com https://cdn.consentmanager.net https://delivery.consentmanager.net https://b.delivery.consentmanager.net *.sooqr.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com widgets.trustedshops.com *.fontawesome.com *.sooqr.com unsafe-inline assets.braintreegateway.com d.ratepay.com d.payla.io dr.payla.io 'self' 'unsafe-inline'; object-src https://cdn.consentmanager.net https://delivery.consentmanager.net 'self' 'unsafe-inline'; media-src *.adobe.com https://cdn.consentmanager.net https://delivery.consentmanager.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net https://www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://region1.google-analytics.com https://cognito-identity.eu-central-1.amazonaws.com https://cdn1.api.trustedshops.com https://cdn.consentmanager.net https://delivery.consentmanager.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com payments.amazon.de d.ratepay.com jsctool.com eu.playground.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://cdn.consentmanager.net https://delivery.consentmanager.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'none'; script-src 'self' 'report-sample'; style-src 'self' 'report-sample'; img-src 'self'; connect-src 'self'; font-src 'self'; media-src 'self'; report-uri https://65ca64ee7b1c737c892f5dd1.endpoint.csper.io?v=0; form-action 'self'; frame-ancestors 'none'; object-src 'none'; frame-src 'self'; worker-src 'none'; manifest-src 'self'; base-uri 'self'; block-all-mixed-content; upgrade-insecure-requests 1 connect-src 'self' https://s.yimg.com https://rtr.innovid.com https://*.yahoo.com https://*.oath.com https://*.media.net https://*.advertising.com https://*.cdn.yimg.com https://*.yahoo.net https://ad.doubleclick.net; style-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yimg.com https://*.yahoo.com 'self' 'unsafe-inline' data: blob:; script-src https://*.btrll.com https://cdn.cmp.advertising.com https://*.oath.com https://*.yahoo.com https://*.yimg.com 'self' 'unsafe-inline' https://platform.twitter.com https://*.btrll.com data: blob:; img-src 'self' data: blob: about: https://*.yimg.com https://*.yahoo.com https://sb.scorecardresearch.com https://*.doubleclick.net https://*.adsafeprotected.com https://*.googlesyndication.com; frame-ancestors https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.huffingtonpost.com https://www.aol.com https://*.yahoo.com https://*.autoblog.com https://*.search.yahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com ; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage®ion=US&lang=en-US&device=desktop&yrid=68n16upj09i4o&partner=; 1 font-src maxcdn.bootstrapcdn.com fonts.gstatic.com *.yotpo.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com account.fetchify.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.google.com *.facebook.com *.paypal.com *.paypalobjects.com *.braintreegateway.com storage.googleapis.com *.livechatinc.com *.kaptcha.com *.doubleclick.net *.instagram.com sibautomation.com *.brevo.com cutlistevo.com *.trustpilot.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.facebook.com *.google.com *.google.co.uk paypal-eu-arh.cloudiq.com *.paypal.com *.bing.com *.googletagmanager.com *.cloudfront.net *.yotpo.com *.clarity.ms *.luckyorange.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.google.com *.gstatic.com *.googletagmanager.com *.googleoptimize.com *.livechatinc.com *.facebook.net *.bing.com googleads.g.doubleclick.net paypal-eu-cdn.cloudiq.com *.paypal.com *.cloudfront.net *.craftyclicks.co.uk *.luckyorange.com *.clarity.ms *.qeryz.net *.instagram.com *.debugbear.com *.sendinblue.com sibautomation.com *.brevo.com https://cdn.jsdelivr.net/npm/@growthbook/growthbook/dist/bundles/index.js *.trustpilot.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com cc-cdn.com maxcdn.bootstrapcdn.com unsafe-inline *.googleapis.com *.cloudfront.net *.luckyorange.com *.myfonts.net *.stackpathcdn.com *.trustpilot.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google.com stats.g.doubleclick.net *.luckyorange.com settings.luckyorange.net wss://realtime.luckyorange.com wss://visitors.live wss://in.visitors.live *.facebook.com *.paypal.com *.clarity.ms qeryz.com *.googleapis.com *.googlesyndication.com *.brevo.com *.debugbear.com *.growthbook.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://rootbg.report-uri.com/r/d/csp/reportOnly 1 font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com js.mollie.com *.doubleclick.net *.onetrust.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com https://www.mollie.com *.ctfassets.net *.arvesta.eu *.google.be *.adnxs.com *.bing.com *.gstatic.com *.googleapis.com *.cookielaw.org *.facebook.com *.clarity.ms *.onetrust.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com js.mollie.com *.hotjar.com *.googleoptimize.com *.bing.com *.facebook.net *.adnxs.com gtmadapter-node-cbjg5cz5hq-ew.a.run.app *.clarity.ms *.googleapis.com *.npmcdn.com *.convertexperiments.com *.cookielaw.org *.onetrust.com *.googletagmanager.com tagmanager.google.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.typekit.net *.npmcdn.com tagmanager.google.com fonts.google.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io *.cookielaw.org *.analytics.google.com *.doubleclick.net *.clarity.ms gtmadapter-node-cbjg5cz5hq-ew.a.run.app *.googleapis.com *.npmcdn.com *.hotjar.com *.onetrust.com *.google-analytics.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 frame-ancestors 'self'; script-src 'unsafe-inline' 'unsafe-eval' *.williamdam.dk *.skybooks.dk *.cloudflare.com *.cloudflareinsights.com *.googletagmanager.com *.gstatic.com *.google.com *.googlesyndication.com *.googleadservices.com *.googleapis.com *.viabill.com *.trustpilot.com *.clarity.ms *.bing.com *.facebook.net *.facebook.com *.fontawesome.com *.jsdelivr.net *.bootstrapcdn.com *.jquery.com *.bog.nu *.w3.org *.schema.org *.postnord.com *.postnord.dk *.pubhub.dk; report-uri /csp_report.php 1 object-src 'none';base-uri 'self';script-src 'nonce-eIqREMhXddAE5Z_QSBUmSA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 frame-ancestors 'none';object-src 'none';base-uri 'none';frame-src 'self' https://www.facebook.com https://www.google.com https://*.googlesyndication.com https://player.vimeo.com https://*.doubleclick.net https://*.surveypal.com https://www.youtube.com;default-src 'unsafe-eval' 'unsafe-inline' 'self' data: https: 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.qualtrics.com *.siteintercept.qualtrics.com *.yul1.qualtrics.com; object-src 'self'; base-uri 'none'; worker-src 'self' blob:; frame-ancestors 'self' https://*.skandia.co https://*.skandia.com.co https://skandia.co https://skandia.com.co; upgrade-insecure-requests 1 font-src data: *.gstatic.com oct8necdneu.azureedge.net *.klarnacdn.net *.hspvst.com *.stripe.com klarna.com *.klarna.com *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com sis-t.redsys.es:* sis.redsys.es sis-t.sermepa.es:* sis.sermepa.es *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.hspvst.com 'self' 'unsafe-inline'; frame-ancestors *.googleapis.com *.hspvst.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.langshop.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.vimeo.com *.oct8ne.com *.cookiebot.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.hspvst.com *.doubleclick.net *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.googleapis.com *.google.com *.google.es *.google.com.br *.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net oct8necdneu.azureedge.net *.ggpht *.klarna.com *.klarnaevt.com *.klarnacdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.rawgit.com *.jsdelivr.net *.hspvst.com hspvst.com *.w55c.net w55c.net hotjar.com *.hotjar.com *.arkeero.net *.kelkoogroup.net *.mailchimp.com adroll.com *.adroll.com *.mmgo.io awin.com motionmailapp.com google.pt *.google.pt *.bidswitch.net *.outbrain.com *.openx.net *.rubiconproject.com *.pubmatic.com *.yahoo.com *.taboola.com *.adnxs.com *.3lift.com *.casalemedia.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com chimpstatic.com downloads.mailchimp.com *.list-manage.com polyfill.io *.googleapis.com *.google.com *.google.es *.google.com.br *.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.cookiebot.com *.oct8ne.com *.adyen.com *.klarna.com *.klarnacdn.net *.klarnaservices.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hspvst.com hspvst.com *.w55c.net w55c.net hotjar.com *.hotjar.com *.arkeero.net *.kelkoogroup.net *.mailchimp.com *.amazonaws.com adroll.com *.adroll.com *.mmgo.io awin.com motionmailapp.com *.kk-resources.com *.stripe.com klarna.com *.klarnaevt.com www.xtento.com cdn.xtento.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.googleapis.com *.klarnacdn.net unsafe-inline assets.braintreegateway.com *.googletagmanager.com *.hspvst.com hspvst.com *.w55c.net w55c.net *.arkeero.net *.kelkoogroup.net *.mailchimp.com adroll.com *.adroll.com *.mmgo.io awin.com motionmailapp.com 'self' 'unsafe-inline'; object-src *.hspvst.com 'self' 'unsafe-inline'; media-src *.adobe.com *.hspvst.com 'self' 'unsafe-inline'; manifest-src *.hspvst.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.oct8ne.com *.adyen.com *.googleapis.com *.cookiebot.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.hspvst.com *.adroll.com *.stripe.com klarna.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com *.hspvst.com http: https: blob: 'self' 'unsafe-inline'; default-src *.hspvst.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.hspvst.com 'self' 'unsafe-inline'; 1 font-src *.gstatic.com data: *.cloudfront.net *.reviews.io *.reviews.co.uk *.paypalobjects.com *.klarnaservices.com *.klarnacdn.net *.google.com fonts.googleapis.com *.fontawesome.com service.force.com *.salesforceliveagent.com *.my.salesforce-sites.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.reviews.io *.reviews.co.uk *.paypalobjects.com *.klarnaservices.com *.klarnacdn.net *.google.com google.com ggmmoebel.com www.ggmmoebel.com *.facebook.com service.force.com *.salesforceliveagent.com *.my.salesforce-sites.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com www.google.com media.ggmmoebel.com *.reviews.io *.reviews.co.uk *.paypalobjects.com *.klarnaservices.com *.klarnacdn.net *.google.com google.com *.googletagmanager.com backend.ggmmoebel.com ggmmoebel.com www.ggmmoebel.com *.facebook.com *.pinterest.com service.force.com *.salesforceliveagent.com *.my.salesforce-sites.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com *.gstatic.com *.googleapis.com media.ggmmoebel.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.paypalobjects.com *.klarnaservices.com *.klarnacdn.net *.google.com google.com *.googletagmanager.com backend.ggmmoebel.com ggmmoebel.com www.ggmmoebel.com https://images.unsplash.com *.bing.com *.smarketer.de *.pinimg.com *.facebook.com *.pinterest.com *.facebook.net *.google.de *.hotjar.com service.force.com *.salesforceliveagent.com *.my.salesforce-sites.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.adyen.com polyfill.io *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ media.ggmmoebel.com *.reviews.io *.reviews.co.uk *.paypalobjects.com *.klarnaservices.com *.klarnacdn.net *.google.com google.com widget.freshworks.com m2epro.freshdesk.com *.googletagmanager.com backend.ggmmoebel.com ggmmoebel.com www.ggmmoebel.com cdn.jsdelivr.net *.avada.io www.youtube.com *.bing.com *.smarketer.de *.pinimg.com *.facebook.com *.facebook.net *.hotjar.com service.force.com *.salesforceliveagent.com *.my.salesforce-sites.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.paypalobjects.com *.klarnaservices.com *.klarnacdn.net *.google.com fonts.googleapis.com widget.freshworks.com m2epro.freshdesk.com *.googletagmanager.com backend.ggmmoebel.com ggmmoebel.com www.ggmmoebel.com cdn.jsdelivr.net *.fontawesome.com service.force.com *.salesforceliveagent.com *.my.salesforce-sites.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.cloudfront.net *.reviews.io *.reviews.co.uk *.paypalobjects.com *.klarnaservices.com *.klarnacdn.net *.google.com google.com widget.freshworks.com m2epro.freshdesk.com ggmmoebel.com www.ggmmoebel.com https://get.geojs.io *.avada.io stats.g.doubleclick.net *.google-analytics.com *.pinterest.com *.smarketer.de *.facebook.com *.hotjar.com *.googlesyndication.com service.force.com *.salesforceliveagent.com *.my.salesforce-sites.com 'self' 'unsafe-inline'; child-src media.ggmmoebel.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self'; report-uri https://csp.loopia.se;form-action 'self' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://bib.eway2pay.com https://ticket.siriusit.net https://payment.architrade.com https://www.facebook.com;font-src 'self' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://tpc.googlesyndication.com https://fonts.gstatic.com https://chat.puzzel.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://chat.puzzel.com https://www.google.com https://www.googletagmanager.com https://ssl.google-analytics.com https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://www.youtube.com https://*.ytimg.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.se https://bat.bing.com https://connect.facebook.net https://api.exponea.com https://widget.trustpilot.com https://static.hotjar.com https://script.hotjar.com https://active24.ladesk.com https://api.infinario.com https://g.microsoft.com https://snap.licdn.com https://sc.lfeeder.com;connect-src 'self' https://chat.puzzel.com https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://www.facebook.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.exponea.com https://in.hotjar.com https://bat.bing.com https://vc.hotjar.io https://api.infinario.com https://datainsights.loopia.se https://sc.lfeeder.com wss://*.hotjar.com https://www.google.com https://www.google.se https://www.google.be https://cdn.linkedin.oribi.io https://*.analytics.google.com https://adservice.google.com https://analytics.google.com https://content.hotjar.io;img-src 'self' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://ssl.google-analytics.com https://*.ytimg.com https://track.double.net https://tbs.tradedoubler.com https://sealserver.trustkeeper.net https://www.gstatic.com https://track.adform.net https://www.googletagmanager.com https://chat.puzzel.com https://www.google.com.cy https://www.google.no https://www.google.rs https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.es https://googleads.g.doubleclick.net https://www.facebook.com https://www.google.se https://bat.bing.com https://www.google.fi https://www.google.gr data: https://*.ads.linkedin.com https://www.linkedin.com https://www.google.be https://fonts.gstatic.com https://tr.lfeeder.com;media-src https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://chat.puzzel.com;frame-src https://*.facebook.com https://player.vimeo.com https://*.mynewsdesk.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.soundcloud.com https://www.youtube.com https://widget.trustpilot.com https://vars.hotjar.com https://active24.ladesk.com https://1-vbus-eu.ladesk.com https://datainsights.loopia.se;object-src 'self';style-src 'self' 'unsafe-inline' https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://chat.puzzel.com https://fonts.googleapis.com;script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://chat.puzzel.com https://www.google.com https://www.googletagmanager.com https://ssl.google-analytics.com https://*.loopia.se https://*.loopia.no https://*.loopia.com https://*.loopia.rs https://www.youtube.com https://*.ytimg.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.se https://bat.bing.com https://connect.facebook.net https://api.exponea.com https://widget.trustpilot.com https://static.hotjar.com https://script.hotjar.com https://active24.ladesk.com https://api.infinario.com https://g.microsoft.com https://snap.licdn.com https://sc.lfeeder.com https://www.gstatic.com 1 font-src *.klevu.com *.ksearchnet.com *.fontawesome.com *.typekit.net https://widgets.trustedshops.com *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://seo.mageplaza.com www.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://*.dpdconnect.nl *.dpdconnect.nl service2.loyaltyinabox.com *.pinterest.com www.facebook.com www.youtube.com view.publitas.com www.google.com www.google.nl www.google.de maps.google.com chat.babypark.nl td.doubleclick.net widget.trustpilot.com *.cookiebot.com *.cookiebot.eu c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.klevu.com *.ksearchnet.com www.babypark.nl www.babypark.de m2.babypark.mavendev.com m2.babypark-de.mavendev.com www.ikenik.nl m2.ikenik.mavendev.com m2.babydump.mavendev.com m2.babydump-de.mavendev.com www.google.com www.google.nl www.google.de www.google.com.ua www.facebook.com ct.pinterest.com www.googletagmanager.com www.zenaps.com www.awin1.com static.zdassets.com bat.bing.com www.thuiswinkel.org i.ytimg.com img.youtube.com blob: lantern.roeye.com *.bing.com *.clarity.ms *.cookiebot.com *.cookiebot.eu www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: maps.gstatic.com https://widgets.trustedshops.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com https://*.dpdconnect.nl js.klevu.com *.ksearchnet.com *.avada.io www.googletagmanager.com checkout.buckaroo.nl *.clarity.ms lantern.roeyecdn.com widgets.trustedshops.com web-sdk.smartlook.com www.dwin1.com s.pinimg.com connect.facebook.net static.buckaroo.nl view.publitas.com api.360productviewer.com googleads.g.doubleclick.net bat.bing.com static.zdassets.com js-agent.newrelic.com *.livechatinc.com bam.eu01.nr-data.net chat.babypark.nl widget.trustpilot.com *.pinterest.com *.hotjar.com *.cookiebot.com *.cookiebot.eu assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.google.com *.gstatic.com maps.googleapis.com https://widgets.trustedshops.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.typekit.net checkout.buckaroo.nl unsafe-inline *.googleapis.com *.gstatic.com https://widgets.trustedshops.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.klevu.com *.ksearchnet.com *.clarity.ms *.pinterest.com stats.g.doubleclick.net manager.eu.smartlook.cloud ekr.zdassets.com babyparkgmbh.zendesk.com wss://widget-mediator.zopim.com api.360productviewer.com www.facebook.com livechat.fabulor.eu bam.eu01.nr-data.net region1.analytics.google.com analytics.google.com bat.bing.com *.cookiebot.com *.cookiebot.eu www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google-analytics.com *.trustedshops.com *.etrusted.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1 font-src *.gstatic.com https://*.typekit.net *.opayo.eu.elavon.com *.stripe.com *.google.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.opayo.eu.elavon.com *.stripe.com *.google.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com https://*.doubleclick.net https://*.braintreegateway.com https://*.paypal.com https://*.laybuy.com https://*.trustpilot.com *.google.com https://*.hotjar.com *.opayo.eu.elavon.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://*.googleapis.com https://*.gstatic.com *.google.com https://*.paypal.com https://*.visualwebsiteoptimizer.com https://*.doubleclick.net https://*.google.co.uk https://*.cloudfront.net *.paypal.com *.opayo.eu.elavon.com ebizmarts-website.s3.amazonaws.com *.stripe.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://*.googleapis.com *.google.com https://www.gstatic.com https://*.cloudfront.net https://*.google-analytics.com https://*.doubleclick.net https://*.paypal.com https://*.trustpilot.com https://*.zdassets.com https://*.crazyegg.com https://*.prommt.com https://*.salesfire.co.uk https://smct.co https://*.smct.co https://*.convertize.io https://*.visualwebsiteoptimizer.com https://*.pcapredict.com/js/sensor.js https://www.googletagmanager.com https://*.hotjar.com https://secure.leadforensics.com *.opayo.eu.elavon.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://*.cloudfront.net https://*.klevu.com https://*.prommt.com *.google.com https://*.typekit.net *.opayo.eu.elavon.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://*.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://*.freshdesk.com https://*.hotjar.com wss://*.hotjar.com https://*.googleapis.com wss://*.zopim.com https://*.google.com https://*.salesfire.co.uk https://*.smartmetrics.co.uk https://*.zdassets.com https://*.zendesk.com https://*.appspot.com https://*.increasingly.co https://*.indicative.com https://*.adobedc.net https://*.nr-data.net *.paypal.com *.opayo.eu.elavon.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.gstatic.com https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.cloudflare.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com www.searchanise.com *.searchserverapi.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com www.searchanise.com *.searchserverapi.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.searchanise.com *.searchserverapi.com *.twitter.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com https://www.magezon.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.twitter.com *.twimg.com www.google.ru www.searchanise.com *.searchserverapi.com s3.amazonaws.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com tagmanager.google.com https://www.googletagmanager.com gateway.payulatam.com sandbox.api.payulatam.com maf.pagosonline.net devicefingerprinting.fraudvault.com *.googleapis.com *.google.com *.gstatic.com *.google.com/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com http://viacep.com.br *.openpix.com.br *.openpix.dev *.sentry.io *.ingest.sentry.io https://plugin.openpix.dev/v1/openpix-dev.js https://api.openpix.dev https://graphql.openpix.dev/openpix/graphql https://graphql.openpix.dev/shopper/graphql https://plugin.openpix.com.br/v1/openpix.js https://api.openpix.com.br/openpix/graphql https://api.openpix.com.br/shopper/graphql js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com *.searchserverapi.com *.searchanise.com api.amplitude.com *.twitter.com *.twimg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.cloudflare.com *.fontawesome.com *.google.com *.gstatic.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com unsafe-inline assets.braintreegateway.com www.searchanise.com *.searchserverapi.com searchanise-ef84.kxcdn.com s3.amazonaws.com *.twitter.com ton.twimg.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com cdn.ampproject.org https://www.google-analytics.com maf.pagosonline.net devicefingerprinting.fraudvault.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com api.amplitude.com stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.bootstrapcdn.com *.edrone.me *.googleapis.com *.google.com/recaptcha *.google-analytics.com https://cdnjs.cloudflare.com *.fontawesome.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.payline.com *.gstatic.com *.google.com/recaptcha *.google.com *.google-analytics.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.payline.com *.criteo.com *.facebook.net *.gstatic.com *.edrone.me *.cloudfront.net *.googleapis.com *.trustedshops.com *.google.com/recaptcha *.hotjar.com *.google-analytics.com *.cookiebot.com *.addthis.com *.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * secure.payu.com merch-prod.snd.payu.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com https://img.youtube.com https://i.ytimg.com *.google-analytics.com *.googleadservices.com *.google.pl *.ssl.gstatic.com *.edrone.me *.cloudfront.net *.googleapis.com *.trustedshops.com *.google.com/recaptcha https://csr.onet.pl *.inistrack.net *.pixel.wp.pl https://pixel.wp.pl/api *.clarity.ms https://t.co *.bing.com *.yahoo.com *.criteo.com https://x.bidswitch.net https://ib.adnxs.com https://secure.adnxs.com https://contextual.media.net https://pixel.rubiconproject.com https://match.sharethrough.com https://rtb-csync.smartadserver.com https://sync-t1.taboola.com https://criteo-sync.teads.tv https://sync-criteo.ads.yieldmo.com https://criteo-partners.tremorhub.com https://eb2.3lift.com https://cm.adform.net https://visitor.omnitagjs.com https://r.casalemedia.com https://id5-sync.com https://ad.360yield.com https://matching.ivitrack.com https://exchange.mediavine.com https://sync.outbrain.com https://simage2.pubmatic.com https://ad.yieldlab.net https://dpm.demdex.net https://beacon.krxd.net https://a.twiago.com https://s.thebrighttag.com *.addthisedge.com *.twitter.com *.alothemes.com *.magepow.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com static.payu.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.ssl.google-analytics.com *.googleadservices.com *.criteo.com *.criteo.net *.savecart.pl *.trustedshops.com *.edrone.me *.cloudfront.net *.googleapis.com http://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/api.js *.goadservices.com *.onet.pl *.tagmanager.google.com https://ocdn.eu *.cardinalcommerce.com *.hotjar.com https://live-chat.chatbotize.com/chatbotize-entrypoint.min.js *.pixel.wp.pl https://pixel.wp.pl/w/tr.js https://pixel.wp.pl *.inistrack.net https://cdn.jsdelivr.net/npm/@finsweet/cookie-consent@1/fs-cc.js *.cookiebot.com *.bing.com *.twitter.com *.inis360.com *.cdngazeta.com *.cdngazeta.pl cdngazeta.pl *.googleoptimize.com *.clarity.ms https://artemis-cdn.ocdn.eu https://p.gsitrix.com https://o.gsitrix.com/sys.php https://bam.eu01.nr-data.net https://static.ads-twitter.com https://analytics.tiktok.com https://ec.monplat-cdn.com *.luigisbox.com https://cdnjs.cloudflare.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.alothemes.com *.magepow.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com secure.payu.com secure.snd.payu.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.bootstrapcdn.com *.edrone.me *.trustedshops.com *.google.com/recaptcha *.tagmanager.google.com *.google-analytics.com *.cookiebot.com *.savecart.pl https://fonts.googleapis.com https://cdnjs.cloudflare.com *.fontawesome.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src https://tolpapl.savecart.pl 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.edrone.me *.trustedshops.com *.google.com/recaptcha http://d3bo67muzbfgtl.cloudfront.net/externals *.cardinalcommerce.com *.onet.pl *.hotjar.com https://www.googleapis.com/pagespeedonline *.googleapis.com *.savecart.pl *.cookiebot.com *.clarity.ms https://p.gsitrix.com https://bam.eu01.nr-data.net https://clk.leadexpert.pl https://analytics.tiktok.com *.luigisbox.com ekr.zdassets.com/ *.alothemes.com *.magepow.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com google.com secure.payu.com merch-prod.snd.payu.com t.elasticsuite.io *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.instagram.com *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cdninstagram.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.instagram.com *.google.com/ *.googletagmanager.com https://www.googletagmanager.com tagmanager.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com cdn.ampproject.org www.gstatic.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com www.gstatic.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.google-analytics.com https://www.google-analytics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com cdn.ampproject.org www.googleapis.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' *.sitepen.com; base-uri 'self'; child-src *; connect-src 'self' stats.g.doubleclick.net www.google-analytics.com region1.google-analytics.com; font-src 'self' fonts.gstatic.com use.typekit.net; form-action 'self'; frame-ancestors 'self'; frame-src *; img-src *; media-src *; object-src 'self'; report-to default; report-uri https://sitepen.report-uri.com/r/d/csp/reportOnly; script-src 'self' 'unsafe-inline' www.google-analytics.com player.vimeo.com; script-src-elem 'self' 'unsafe-inline' www.google-analytics.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; worker-src 'self' 1 font-src *.googleapis.com *.gstatic.com data: 'self' data: *.doubleclick.net *.facebook.com *.stripe.com *.google.com *.opayo.eu.elavon.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.stripe.com *.google.com *.opayo.eu.elavon.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com www.xtento.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com *.opayo.eu.elavon.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com www.xtento.com cdn.xtento.com *.trackedlink.net *.stripe.com ebizmarts-website.s3.amazonaws.com *.paypal.com *.opayo.eu.elavon.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.googleapis.com *.gstatic.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com www.xtento.com cdn.xtento.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com *.opayo.eu.elavon.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com assets.shipperhq.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com *.google.com *.opayo.eu.elavon.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com assets.shipperhq.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com *.paypal.com *.opayo.eu.elavon.com www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com ovs.shipperhq.com rms.shipperhq.com wss://rms.shipperhq.com/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 script-src 'self' 'unsafe-eval' 'unsafe-inline' *.flagman.kiev.ua www.googletagmanager.com www.google-analytics.com yandex.st mc.yandex.ru clck.yandex.ru api-maps.yandex.ru geocode-maps.yandex.ru *.multichannel.demo.owox.com *.retailrocket.ru *.retailrocket.net *.retailrocket.de *.retailrocket.nl *.retailrocket.es *.retailrocket.cl; default-src 'self' fonts.gstatic.com *.flagman.kiev.ua; frame-src *.flagman.kiev.ua vkontakte.ru yastatic.net www.facebook.com vk.com; img-src *.flagman.kiev.ua data: yastatic.net www.google-analytics.com stats.g.doubleclick.net api-maps.yandex.ru *.maps.yandex.net google-analytics.bi.owox.com 130.211.91.193 nullpoint.owox.com *.multichannel.demo.owox.com; style-src 'unsafe-inline' 'self' fonts.googleapis.com *.flagman.kiev.ua; connect-src 'self' mc.yandex.ru www.youtube.com *.googlevideo.com www.google-analytics.com google-analytics.bi.owox.com 130.211.91.193; object-src 'self' www.youtube.com fonts.gstatic.com *.flagman.kiev.ua; 1 font-src *.bounceexchange.com *.google-analytics.com *.gstatic.com likeshop.me *.global-e.com data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.bounceexchange.com *.facebook.com *.nosto.com *.nos.to 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.affirm.com *.affirm.ca *.authorize.net www.xtento.com *.shoprunner.com *.agilone.com *.facebook.com insight.adsrvr.org match.adsrvr.org *.signifyd.com *.online-metrix.net *.doubleclick.net *.cookiebot.com *.bounceexchange.com *.office365.com *.google.com *.google.lv *.bglobale.com *.global-e.com *.nosto.com *.nos.to https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.affirm.com *.affirm.ca store.paradoxlabs.com www.xtento.com cdn.xtento.com *.shoprunner.com *.bounceexchange.com *.bouncex.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.gstatic.com *.googleapis.com *.facebook.com connect.facebook.net www.google.lv *.bing.com *.lafayette148ny.com *.signifyd.com *.online-metrix.net *.postcodeanywhere.co.uk *.doubleclick.net heapanalytics.com *.heapanalytics.com *.bizrate.com *.dashhudson.com likeshop.me *.atdmt.com *.cdnwidget.com *.bglobale.com *.global-e.com *.clarity.ms *.cloudfront.net *.nosto.com *.nos.to https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.affirm.com *.affirm.ca *.authorize.net sandbox-assets.secure.checkout.visa.com www.xtento.com cdn.xtento.com *.shoprunner.io *.shoprunner.com *.googletagmanager.com www.google.com www.google.lv www.gstatic.com *.agilone.com *.bing.com *.upsellit.com connect.facebook.net *.sociomantic.com js.adsrvr.org *.algolianet.com *.algolia.net *.signifyd.com *.pcapredict.com *.addressy.com *.bizrate.com *.googleapis.com *.heapanalytics.com *.zdassets.com tag.wknd.ai *.bounceexchange.com *.dashhudson.com *.luckyorange.com *.cookiebot.com *.securedvisit.com *.pingdom.net *.cloudfront.net *.newrelic.com *.nr-data.net klear.com *.mczbf.com *.bglobale.com *.global-e.com *.clarity.ms cdn.noibu.com *.nosto.com *.nos.to https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.bounceexchange.com *.googleapis.com *.addressy.com *.bizrate.com *.bglobale.com *.global-e.com *.cloudfront.net *.nosto.com *.nos.to 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudfront.net *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.affirm.com *.affirm.ca *.authorize.net *.shoprunner.io *.shoprunner.com *.signifyd.com *.signifyd.com:* *.addressy.com *.bing.com *.bounceexchange.com *.bouncex.net *.zdassets.com *.zendesk.com *.zopim.com *.doubleclick.net *.google-analytics.com *.googleapis.com likeshop.me *.heapanalytics.com wss: *.luckyorange.net *.cookiebot.com *.cdnbasket.net *.cdnwidget.com *.pingdom.net *.nr-data.net *.facebook.com klear.com *.mczbf.com *.sjwoe.com *.clarity.ms input.noibu.com *.nosto.com *.nos.to https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src *.bounceexchange.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com fonts.gstatic.com fonts.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.facebook.com https://secure-test.worldpay.com/shopper/3ds/ddc.html 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.doubleclick.net *.facebook.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com cdn.cookielaw.org *.trustpilot.com payments-test.worldpay.com payments.worldpay.com www.zenaps.com https://pay.google.com https://secure-test.worldpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.trackedlink.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com cdn.cookielaw.org optanon.blob.core.windows.net www.facebook.com bat.bing.com www.google.pl www.google.com/ *.clarity.ms c.bing.com services.postcodeanywhere.co.uk frontend-api.logicvapes.co.uk maps.googleapis.com nordicspirit.co.uk www.awin1.com tags.srv.stackadapt.com www.zenaps.com srv.stackadapt.com *.cloudflare.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com www.google.com *.googletagmanager.com connect.facebook.net *.facebook.net *.doubleclick.net *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com tags.affiliatefuture.com widget.trustpilot.com invitejs.trustpilot.com *.gstatic.com bat.bing.com cdn.jsdelivr.net *.pcapredict.com storage.googleapis.com tags.srv.stackadapt.com r1-t.trackedlink.net js-agent.newrelic.com bam-cell.nr-data.net *.trustpilot.com cdn.cookielaw.org bam.eu01.nr-data.net www.dwin1.com *.clarity.ms services.postcodeanywhere.co.uk logicvapes-uk-headless-frontend.api.test.jtiweb.co.uk www.zenaps.com the.sciencebehindecommerce.com payments.worldpay.com https://www.google.com/recaptcha/api.js *.cloudflare.com https://pay.google.com/gp/p/js/pay.js https://applepay.cdn-apple.com/jsapi/v1/apple-pay-sdk.js https://payments.worldpay.com/resources/cse/js/worldpay-cse-1.0.2.min.js 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.doubleclick.net *.facebook.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com downloads.mailchimp.com fonts.gstatic.com fonts.googleapis.com tags.srv.stackadapt.com services.postcodeanywhere.co.uk payments.worldpay.com *.cloudflare.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com nordic-spirit-assets.s3.eu-west-2.amazonaws.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.facebook.com *.facebook.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com stats.g.doubleclick.net tags.srv.stackadapt.com *.trustpilot.com cdn.cookielaw.org bam.eu01.nr-data.net bat.bing.com *.clarity.ms privacyportal-eu.onetrust.com services.postcodeanywhere.co.uk maps.googleapis.com pagead2.googlesyndication.com/pagead/buyside_topics/set/ privacy.jti.com/request/v1/consentreceipts frontend-api.logicvapes.co.uk the.sciencebehindecommerce.com nominatim.openstreetmap.org prod.idscan.cloud poc.idscan.cloud 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.doubleclick.net *.azureedge.net www.google.com analytics.google.com www.google.com.vn *.facebook.com *.useinsider.com api.mobio.vn *.gstatic.com cdnjs.cloudflare.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 object-src 'none';base-uri 'self';script-src 'nonce-UL1nJa4edcBbxfhe6N9ZCA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; object-src https:; style-src 'unsafe-inline' https:; img-src https: 'self' data:; media-src https:; frame-src https:; font-src https: data:; connect-src https: wss:; report-uri /report-csp-violation 1 script-src 'report-sample' 'nonce-WWG25IGiRWy5' 'strict-dynamic' https: http: 'unsafe-eval'; base-uri 'self'; report-to endpoint-report; report-uri https://membre.carenity.com/csp/report/public; font-src https://www.carenity.com/ data: https://appleid.cdn-apple.com/ https://fonts.gstatic.com ; frame-src https://td.doubleclick.net https://m.youtube.com https://myaccount.google.com https://accounts.google.com/ https://www.googletagmanager.com/ https://www.youtube.com/ https://www.carenity.com/ https://drive.google.com/ https://www.google.com/recaptcha/; object-src https://www.youtube.com/ https://membre.carenity.com/static/docs/; style-src 'unsafe-inline' https://www.carenity.com/ https://www.amcharts.com/ https://ajax.googleapis.com/ https://accounts.google.com/gsi/style https://fonts.googleapis.com https://www.googletagmanager.com https://www.gstatic.com; form-action https://www.carenity.com/ https://membre.carenity.com/; 1 connect-src 'self' https://accounts.google.com https://cdn.cookielaw.org https://*.onetrust.com https://sentry.io https://api.mirego.com; default-src 'none'; font-src 'self' fonts.mirego.com fonts.gstatic.com *.typekit.net www.mirego.com; form-action 'self'; frame-src https://accounts.google.com https://js.stripe.com https://www.youtube.com; img-src 'self' blob: data: https://*.googleusercontent.com https://cdn.cookielaw.org https://images.mirego.com www.mirego.com; media-src 'self' www.mirego.com https://images.mirego.com; script-src 'sha256-nj1qx5Vbzv5vkNDHlbLRWhoDY7B0OxNCVe77G54VSXw=' 'self' 'unsafe-inline' https://accounts.google.com https://cdn.cookielaw.org https://js.stripe.com https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js https://www.googletagmanager.com https://www.youtube.com ; script-src-elem 'sha256-nj1qx5Vbzv5vkNDHlbLRWhoDY7B0OxNCVe77G54VSXw=' 'self' 'unsafe-inline' https://accounts.google.com https://cdn.cookielaw.org https://js.stripe.com https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js https://www.googletagmanager.com https://www.youtube.com ; style-src 'self' 'unsafe-inline' fonts.googleapis.com accounts.google.com www.mirego.com; 1 default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors https://*.workable.com/; report-uri https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubcbe8d2ef0966e8645a91099cfac490bb&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=%40http.headers.cfray%3A86b3ee879ff1fa12 1 font-src cdn.jsdelivr.net fonts.gstatic.com *.fontawesome.com *.almapay.com *.cloudflare.com *.typekit.net *.trustpilot.com *.avis-verifies.com *.bing.com *.sc.omtrdc.net 'self' data: https://cdnjs.cloudflare.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com admin.nootica.fr *.nootica.fr *.nootica.com *.nootica.es *.nootica.de *.nootica.it 'self'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.demdex.net *.hub-side.com admin.nootica.fr *.nootica.fr *.nootica.com *.nootica.es *.nootica.de *.nootica.it *.sc.omtrdc.net 'self' data: *.addthis.com *.trustpilot.com sibautomation.com *.doubleclick.net *.weltpixel.com https://player.vimeo.com https://www.youtube-nocookie.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com blob: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io cdn.doofinder.com *.google.com maps.googleapis.com *.google.fr *.doubleclick.net *.googletagmanager.com *.cloudflare.com https://cdn.klarna.com *.paypal.com https://s.ytimg.com *.usercentrics.eu *.avis-verifies.com *.bing.com *.omtrdc.net *.demdex.net *.everesttech.net flagcdn.com *.nootica.fr *.nootica.com *.nootica.es *.nootica.de *.nootica.it *.gstatic.com https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com data: 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.jsdelivr.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ cdn.doofinder.com *.cloudflare.com *.google-analytics.com *.doubleclick.net *.google.com *.google.fr *.googleapis.com *.googletagmanager.com *.googleoptimize.com *.trustpilot.com *.avis-verifies.com *.usercentrics.eu *.bing.com *.iesnare.com *.hipay-tpp.com *.hipay.com *.sc.omtrdc.net 'self' data: *.addthis.com *.addthisedge.com *.moatads.com *.getdrip.com *.newrelic.com *.nr-data.net *.bugherd.com *.freshworks.com sibautomation.com https://cdnjs.cloudflare.com https://www.googletagmanager.com tagmanager.google.com https://player.vimeo.com https://www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src cdn.jsdelivr.net fonts.googleapis.com *.doofinder.com *.fontawesome.com *.cloudflare.com *.typekit.net *.trustpilot.com *.avis-verifies.com *.usercentrics.eu *.bing.com *.sc.omtrdc.net 'self' data: https://fonts.googleapis.com https://cdnjs.cloudflare.com tagmanager.google.com http://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.getalma.eu *.doofinder.com wss://*.doofinder.com *.google-analytics.com *.googlesyndication.com *.analytics.google.com *.doubleclick.net *.googleapis.com *.cloudflare.com *.paypal.com *.bing.com *.demdex.net *.sc.omtrdc.net *.hipay-tpp.com *.hipay.com 'self' data: ws: *.addthis.com *.nr-data.net *.brevo.com https://www.google-analytics.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.glia.com https://bcdn.integration.projectcorvette.us https://cdn.amplitude.com https://cdn.polyfill.io https://cdn.tiny.cloud https://js.stripe.com https://js.verygoodvault.com https://libs.salemove.com https://nexus.ensighten.com https://rec.smartlook.com https://siteintercept.qualtrics.com https://static.zdassets.com https://staticw2.yotpo.com https://www.google-analytics.com https://www.googletagmanager.com https://zn3ibrpkldazquxaq-consumerinfo.siteintercept.qualtrics.com https://cdn.plaid.com https://bat.bing.com https://www.google.com https://www.googleadservices.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdn.tiny.cloud https://cdnjs.cloudflare.com https://fonts.googleapis.com https://hello.myfonts.net https://libs.salemove.com https://www.google.co.uk https://www.tiny.cloud https://staticw2.yotpo.com https://www.gstatic.com https://cdn.honey.io; img-src 'self' blob: data: https://cdn.gabi.com https://nexus.ensighten.com https://sp.tinymce.com https://www.gabi.com https://www.google-analytics.com https://www.google.com https://i.insider.com https://www.nextinsure.com https://www.googletagmanager.com https://tags.w55c.net https://p.yotpo.com https://googleads.g.doubleclick.net https://translate.google.com https://api.yotpo.com https://siteintercept.qualtrics.com https://fonts.gstatic.com https://www.google.com.mx https://www.google.com.pr https://www.google.com.ph https://www.google.ca https://www.google.co.in https://www.gstatic.com https://pixel.pointmediatracker.com https://sp.analytics.yahoo.com https://libs.salemove.com; connect-src 'self' https://api.amplitude.com https://api.glia.com https://api.salemove.com https://api.yotpo.com https://assets-proxy.smartlook.cloud https://bcwup.integration.projectcorvette.us https://client-logger.salemove.com https://ekr.zdassets.com https://gabihelp.zendesk.com https://gabihelp1605922745.zendesk.com https://globalsiteanalytics.com https://log-einsti3test.us.v2.customers.biocatch.com https://manager.eu.smartlook.cloud https://region1.analytics.google.com https://region1.google-analytics.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://siteintercept.qualtrics.com https://stats.g.doubleclick.net https://web-writer.eu.smartlook.cloud https://www.google-analytics.com https://www.google.co.uk https://www.google.co.in https://www.google.com.pr https://www.google.com.ph wss://pubsub.salemove.com https://web-writer.us.smartlook.cloud https://smarty.staging.gabi.com https://smarty.insurance.experian.com https://www.routingnumbers.info https://pubsub.salemove.com https://us-autocomplete-pro.api.smartystreets.com https://us-autocomplete-pro.api.smarty.com https://www.google.ca https://www.google.com https://kluster.salemove.com wss://kluster.salemove.com https://staticw2.yotpo.com https://bat.bing.com https://www.google.com.mx; font-src 'self' data: https://fonts.gstatic.com https://hello.myfonts.net https://www.tiny.cloud https://staticw2.yotpo.com https://static.zip.co; frame-src 'self' https://js.stripe.com https://6375438.fls.doubleclick.net https://js.verygoodvault.com https://cdn.plaid.com https://www.facebook.com https://10178839.fls.doubleclick.net; media-src 'self' https://libs.salemove.com; worker-src 'self' blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub6266f5d846cb5713666132c0f0ffe817&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:production 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: pnapi.invoca.net bat.bing.com cdnjs.cloudflare.com *.googleapis.com *.doubleclick.net jscloud.net eum.instana.io *.facebook.net netdna.bootstrapcdn.com solutions.invocacdn.com *.gstatic.com www.google.com analytics.google.com maxcdn.bootstrapcdn.com www.captcha.eu widgets.rr.skeepers.io www.googletagmanager.com adservice.google.com widget.trustpilot.com eum-red-saas.instana.io www.google-analytics.com pro.fontawesome.com *.facebook.com stackpath.bootstrapcdn.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 object-src 'none';base-uri 'self';script-src 'nonce-8zt4us-OD04T4lG2blfKgQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-0r9gaaKSrU0gGQ4baiJ93g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.hotjar.com bm-rx.atatus.com *.googleapis.com *.livechatinc.com *.gstatic.com launch.aleaplay.com *.cloudfront.net www.google-analytics.com www.googletagmanager.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 font-src *.cloudflare.com *.typekit.net *.trustedshops.com *.fontawesome.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com youtu.be *.vimeo.com *.addthis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cloudflare.com https://cdn.klarna.com *.paypal.com https://s.ytimg.com *.usercentrics.eu blob: www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.cloudflare.com *.google-analytics.com *.google.com *.gstatic.com *.googleadservices.com *.googleapis.com *.trustedshops.com *.usercentrics.eu *.addthis.com *.addthisedge.com *.moatads.com s7.addthis.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.typekit.net *.trustedshops.com *.usercentrics.eu fonts.googleapis.com *.fontawesome.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cloudflare.com *.paypal.com *.googleapis.com ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 base-uri 'self'; form-action 'self'; default-src 'self'; connect-src 'self' data: https://nederhost.matomo.cloud/ https://zammad.nederhost.nl/ wss://zammad.nederhost.nl/; frame-ancestors 'none'; frame-src 'self'; img-src 'self' data:; report-to csp-endpoint; report-uri /_/report_csp_violation; script-src 'self' 'nonce-pEzVvwlRBqotrrqV' 'unsafe-eval' https://nederhost.matomo.cloud/ https://cdn.matomo.cloud/nederhost.matomo.cloud/ https://zammad.nederhost.nl/; style-src 'self' data: 'nonce-pEzVvwlRBqotrrqV' https://zammad.nederhost.nl/; style-src-attr 'unsafe-inline'; 1 font-src *.preppergunshop.com *.twitter.com *.googleapis.com *.paypalobjects.com *.paypal.com *.gstatic.com *.zopim.com 'self' data: *.typekit.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.preppergunshop.com *.twitter.com *.paypalobjects.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com *.preppergunshop.com *.twitter.com *.paypalobjects.com *.paypal.com *.addthis.com *.google.com www.youtube.com *.trustedsite.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.preppergunshop.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.gstatic.com *.paypal.com *.twitter.com *.resellerratings.com *.zopim.com *.mailchimp.com *.amazonaws.com *.ywxi.net *.googletagmanager.com prepperstorage.blob.core.windows.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.polyfill.io maps.googleapis.com *.preppergunshop.com *.twitter.com *.google-analytics.com *.google.com *.googletagmanager.com *.googleapis.com *.paypalobjects.com *.paypal.com https://polyfill.io *.mailchimp.com *.list-manage.com *.zopim.com *.addthis.com *.zdassets.com *.moatads.com *.addthisedge.com *.gstatic.com *.resellerratings.com *.pinterest.com *.aftership.com *.ywxi.net *.trustedsite.com chimpstatic.com *.newrelic.com *.nr-data.net *.avada.io downloads.mailchimp.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.preppergunshop.com *.googleapis.com *.twitter.com *.resellerratings.com *.mailchimp.com *.typekit.net *.fontawesome.com downloads.mailchimp.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.preppergunshop.com *.paypalobjects.com *.paypal.com static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.preppergunshop.com *.twitter.com *.paypal.com *.zdassets.com *.zopim.com wss://widget-mediator.zopim.com *.addthis.com *.resellerratings.com *.google-analytics.com google-analytics.com *.googleapis.com stats.g.doubleclick.net *.amazonaws.com *.nr-data.net preppergunshop.zendesk.com region1.analytics.google.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com store.paradoxlabs.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io chimpstatic.com downloads.mailchimp.com *.list-manage.com *.authorize.net https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.authorize.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-REK6XzW0xOpvpYn4KqKrmQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 style-src-elem 'self' 'unsafe-inline' data: *.klarnacdn.net *.adbr.io maxcdn.bootstrapcdn.com *.googleapis.com *.fontawesome.com; font-src data: pushpad.xyz *.adbr.io *.gstatic.com *.bootstrapcdn.com *.fontawesome.com 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors 'self' my.adabra.com next.adabra.com *.adbr.io; frame-src 'self' *.klarna.com ad4m.at *.ad4m.at ck.solocpm.com my.adabra.com next.adabra.com *.adbr.io *.addthis.com *.cookiebot.com ck.tangooserver.com pixel-rmk.blueknow.com *.paypal.com *.paypalobjects.com *.doubleclick.net *.weltpixel.com 'self' 'unsafe-inline'; img-src data: 'self' data: https: widgets.magentocommerce.com *.adbr.io track.adform.net c1.adform.net ad4m.at *.ad4m.at *.adserver01.de *.casalemedia.com *.blueknow.com secure.adnxs.com ads.creative-serving.com adservice.google.com bat.bing.com rtgcloudsql.solocpm.com 'self' 'unsafe-inline'; script-src pushpad.xyz *.adbr.io *.cloudfront.net *.newrelic.com ad4m.at *.ad4m.at *.mainadv.com *.mndtrk.com track.adabra.com *.addthis.com *.addthisedge.com *.moatads.com clk.solocpm.com *.cookiebot.com secure-gateway.hipay-tpp.com libs.hipay.com mpsnare.iesnare.com bam.eu01.nr-data.net bat.bing.com *.tradetracker.net *.google-analytics.com *.googletagmanager.com www.googletagmanager.com *.paypal.com *.paypalobjects.com *.doubleclick.net *.facebook.com *.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: *.klarnacdn.net *.adbr.io *.googleapis.com maxcdn.bootstrapcdn.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src commerce.adobedc.net *.datatrics.com *.klarnaevt.com *.adbr.io *.addthis.com *.cookiebot.com bat.bing.com bam.eu01.nr-data.net ad4m.at *.ad4m.at pushpad.xyz *.paypal.com *.google.com *.google.it *.google-analytics.com 'self' 'unsafe-inline'; child-src ad4m.at *.ad4m.at track.adabra.com *.adabra.com *.adbr.io *.addthis.com *.cookiebot.com *.paypal.com *.paypalobjects.com 'self' 'unsafe-inline'; default-src data: *.saninforma.it saninforma.netribegroup.com *.webformatlabs.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-Oto6Eep8Z78DWUbxhOR5eg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 upgrade-insecure-requests; block-all-mixed-content; default-src 'self' goconfluent.com; form-action 'self'; script-src 'self' ajax.cloudflare.com static.cloudflareinsights.com; connect-src cloudflareinsights.com; 1 object-src 'none';base-uri 'self';script-src 'nonce-PbuoYzCKyXuuuRbfLh2Z5g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-aLmGaDWrKv4qH6p-RnTYVg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-K5noC5fF2k1GCB7DKhDgHQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-Ni8oicNZfuMQHiiElus6jw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src https:;script-src https: 'strict-dynamic' 'nonce-3116389071988ebd5c1ed1cffebe52e8f3da04114b2ed2afc11e83169d6e1ca6' 'unsafe-inline' 'unsafe-eval' 'report-sample';style-src https: 'unsafe-inline';img-src https: data:;connect-src https: wss:;font-src https: data:;object-src 'none';media-src https: blob: data:;frame-src https: null data: blob:;child-src 'self' https:;form-action 'self';frame-ancestors 'none';base-uri 'self' https://insights.sitesearch360.com;worker-src 'self' blob:;manifest-src 'self' https://cdn.firespring.com;report-uri /csp_log 1 default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-369b3d2ac933471cae7bb50a4d8d9f9b' https://myreidhealth.org 'self';img-src https://* 'self' blob: data:;style-src https://myreidhealth.org 'self' 'unsafe-inline';form-action 'self';media-src https://* 'self'; 1 default-src 'self' https://*.amf.se;connect-src 'self' https://*.amf.se https://amf.piwik.pro https://*.ace.teliacompany.com https://*.ace.teliacompany.net;form-action 'self' https://*.amf.se https://*.minpension.se;frame-src 'self' https://*.amf.se https://amf.fondlista.se https://dreambroker.com https://*.infogram.com https://infogram.com https://*.jobylon.com https://*.ace.teliacompany.com https://*.ace.teliacompany.net https://*.youtube-nocookie.com;img-src 'self' data: https://*.amf.se https://amf.piwik.pro https://*.ace.teliacompany.com https://*.ace.teliacompany.net https://*.ytimg.com;media-src 'self' https://*.amf.se https://*.ace.teliacompany.com https://*.ace.teliacompany.net;script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://amf.piwik.pro https://*.infogram.com https://infogram.com https://*.ace.teliacompany.com https://*.ace.teliacompany.net https://*.youtube.com;style-src 'self' data: 'unsafe-inline' https://*.ace.teliacompany.com https://*.ace.teliacompany.net;report-uri /_csp_uri;report-to csp 1 object-src 'none';base-uri 'self';script-src 'nonce-8WaqS71m5iAXVqRxJLgeRQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.googleapis.com *.zopim.com *.zendesk.com ekr.zdassets.com *.gstatic.com www.googletagmanager.com static.zdassets.com fast.wistia.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 default-src 'self' https://api.twilio.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://ipinfo.io https://maps.googleapis.com https://googleapis.com https://js.stripe.com https://sdk.twilio.com https://media.twiliocdn.com https://binaries.webex.com https://zoom.us https://*.zoom.us; style-src 'self' 'unsafe-inline'; frame-src 'self' https://js.stripe.com; img-src 'self' blob: data: https://maps.googleapis.com https://googleapis.com https://maps.gstatic.com; connect-src 'self' *.boostlingo.com https://us-prod.service.signalr.net wss://us-prod.service.signalr.net https://maps.googleapis.com https://googleapis.com https://*.cloud.zoom.us https://*.zoom.us https://*.dv.zoom.us https://*.vn.zoom.us https://*.sc.zoom.us https://*.hy.zoom.us https://*.hk.zoom.us https://*.fr.zoom.us https://*.tr.zoom.us https://*.ny.zoom.us https://*.sy.zoom.us https://*.ty.zoom.us https://*.am.zoom.us *.twilio.com wss://*.twilio.com wss://*.vss.twilio.com wss://*.gll.twilio.com wss://*.au1.twilio.com wss://*.br1.twilio.com wss://*.de1.twilio.com wss://*.ie1.twilio.com wss://*.in1.twilio.com wss://*.jp1.twilio.com wss://*.sg1.twilio.com wss://*.us1.twilio.com wss://*.us2.twilio.com wss://*.au.interpretmanager.com wss://*.eu.interpretmanager.com wss://*.uk.interpretmanager.com wss://*.ca.interpretmanager.com wss://*.tr.zoom.us wss://*.fr.zoom.us wss://*.cloud.zoom.us wss://*.am.zoom.us wss://*.dv.zoom.us wss://*.storage.googleapis.com; font-src 'self' data: https://fonts.gstatic.com https://assets.quadpay.com https://*.zoom.us; media-src 'self' https://api.twilio.com https://com-twilio-us1-media-compositions.s3.amazonaws.com https://*.zoom.us; worker-src 'self' blob:; style-src-elem 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://*.zoom.us; report-uri https://app.boostlingo.com/api/web/csp-report/report; report-to default; 1 object-src 'none';base-uri 'self';script-src 'nonce-uDY8laqg7JSqT_XacNh2Lg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-aKesgFEpV1AlFmwfEnQB3g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.hotjar.com *.klevu.com *.typekit.net *.xsellco.com maxcdn.bootstrapcdn.com fonts.gstatic.com *.finance-calculator.co.uk *.fontawesome.com *.gstatic.com *.yotpo.com *.googleapis.com www.fiercepc.co.uk data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.hotjar.com *.facebook.com *.yotpo.com www.fiercepc.co.uk 'self' 'unsafe-inline'; frame-ancestors www.fiercepc.co.uk 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com/ *.hotjar.com *.youtube.com *.addthis.com *.xsellco.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com account.fetchify.com platform.twitter.com *.finance-calculator.co.uk *.deko.finance *.dekopay.com *.dekopay.org www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.trustpilot.com *.yotpo.com www.fiercepc.co.uk 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.adyen.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.klevu.com *.doubleclick.net *.google.com *.google.co.uk *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.cloudfront.net *.xsellco.com https://images.unsplash.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com validate.fishpig.co.uk pinterest.com assets.pinterest.com syndication.twitter.com *.finance-calculator.co.uk *.dekopay.com 'self' data: https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.com *.googleadservices.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com www.fiercepc.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.gstatic.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.hotjar.com *.zdassets.com *.trackedlink.net *.addthis.com *.klevu.com *.trustpilot.com *.moatads.com *.addthisedge.com *.crazyegg.com *.noibu.com *.facebook.com *.pcapredict.com *.xsellco.com chimpstatic.com downloads.mailchimp.com *.list-manage.com connect.facebook.net graph.facebook.com business.facebook.com twitter.com platform.twitter.com *.finance-calculator.co.uk *.dekopay.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.googleadservices.com *.google-analytics.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com www.fiercepc.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.myfonts.net *.klevu.com *.typekit.net *.googleapis.com *.xsellco.com *.unpkg.com downloads.mailchimp.com cc-cdn.com maxcdn.bootstrapcdn.com https://static.klaviyo.com *.fontawesome.com unsafe-inline *.trustpilot.com *.yotpo.com www.fiercepc.co.uk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com *.xsellco.com www.fiercepc.co.uk 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.hotjar.com *.hotjar.io *.zdassets.com *.zopim.com *.doubleclick.net *.google-analytics.com *.google.com *.google.co.uk *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.crazyegg.com *.zendesk.com *.noibu.com wss://input.noibu.com *.xsellco.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.finance-calculator.co.uk *.dekopay.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io stats.g.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com www.fiercepc.co.uk 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com www.fiercepc.co.uk http: https: blob: 'self' 'unsafe-inline'; default-src www.fiercepc.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-NoCFeRE-KkUtKEmY984qUQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.fontawesome.com *.gstatic.com *.bootstrapcdn.com 'unsafe-inline' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://live.streamdays.com lightwidget.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'unsafe-inline' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io camo.githubusercontent.com cdn.doofinder.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com https://cdn.klarna.com *.shore.co.uk https://s.ytimg.com *.google.com *.google.co.uk *.googletagmanager.com *.jsdelivr.net *.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com cdn.doofinder.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com *.gstatic.com *.googleapis.com *.jsdelivr.net https://live.streamdays.com https://cdn.lightwidget.com https://www.googletagmanager.com tagmanager.google.com unpkg.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.doofinder.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.cloudflare.com *.bootstrapcdn.com *.googleapis.com *.jsdelivr.net tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.doofinder.com wss://*.doofinder.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cloudflare.com *.google-analytics.com *.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.gstatic.com fonts.googleapis.com *.fontawesome.com data: *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com www.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com landofcoder.com *.cookiebot.com *.trustpilot.com *.hotjar.com www.youtube.com www.facebook.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.bluebirdday.io *.misterb.com *.misterjock.com *.google.com *.google.nl www.google.nl www.facebook.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.googletagmanager.com tagmanager.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com landofcoder.com *.fontawesome.com *.cookiebot.com *.trustpilot.com *.doubleclick.net *.hotjar.com *.nr-data.net *.newrelic.com connect.facebook.net www.facebook.com secure.authorize.net test.authorize.net *.vimeo.com *.sharethis.com chimpstatic.com downloads.mailchimp.com *.list-manage.com v2.zopim.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com *.fontawesome.com tagmanager.google.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.google-analytics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com landofcoder.com *.cookiebot.com *.hotjar.com *.nr-data.net *.klaviyo.com *.newrelic.com *.doubleclick.net *.googleapis.com/ stats.g.doubleclick.net *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-wfk2VomrXUjPRD5Xa1cwhw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.sagepay.com *.bglobale.com *.global-e.com *.fontawesome.com *.gstatic.com 'self' data: fonts.gstatic.com *.cloudflare.com fonts.googleapis.com 'unsafe-inline' data: static.paddockspares.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.sagepay.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.sagepay.com *.bglobale.com *.global-e.com *.mondu.ai/ *.mondu.local localhost:*/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * widget.trustpilot.com lpcdn.lpsnmedia.net *.paypalobjects.com secure.livechatinc.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.paypal.com *.sagepay.com ebizmarts-website.s3.amazonaws.com *.bglobale.com *.global-e.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com *.cloudflare.com *.mdoq.io *.ibottles.co.uk *.google.com *.google.co.uk media.paddockspares.com static.paddockspares.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.sagepay.com widget.freshworks.com m2epro.freshdesk.com *.bglobale.com *.global-e.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.mondu.ai/widget.js *.mondu.local/widget.js localhost:*/dist/widget.js js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com *.gstatic.com *.trustpilot.com *.googletagmanager.com tagmanager.google.com *.cloudflare.com *.twitter.com *.fontawesome.com *.liveperson.net *.lpsnmedia.net *.newrelic.com *.livechatinc.com bam.nr-data.net static.paddockspares.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sagepay.com widget.freshworks.com m2epro.freshdesk.com *.bglobale.com *.global-e.com https://static.klaviyo.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com *.trustpilot.com tagmanager.google.com fonts.google.com *.cloudflare.com *.bootstrapcdn.com fonts.googleapis.com static.paddockspares.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.livechatinc.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.paypal.com *.sagepay.com widget.freshworks.com m2epro.freshdesk.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.cloudflare.com stats.g.doubleclick.net bam.nr-data.net *.livechatinc.com static.paddockspares.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://zero1.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1 default-src 'self'; img-src 'self'; script-src 'unsafe-eval' 'unsafe-inline'; report-uri https://njunktr7.uriports.com/reports/report; report-to default 1 font-src *.fontawesome.com *.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com static.addtoany.com vimeo.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.feedoptimise.com cdn.feedoptimise.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com cdn.cookielaw.org www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com songbirdstag.cardinalcommerce.com chimpstatic.com downloads.mailchimp.com *.list-manage.com www.feedoptimise.com cdn.feedoptimise.com s7.addthis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js-agent.newrelic.com static.zdassets.com api.eu-1.smooch.io cdn.cookielaw.org static.addtoany.com www.xtento.com cdn.xtento.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.fontawesome.com *.googleapis.com *.addtoany.com unsafe-inline cloud.typography.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com thm.visa.com ekr.zdassets.com/ http://dpm.demdex.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com avocahelp.zendesk.com cdn.cookielaw.org api.eu-1.smooch.io bam.nr-data.net geolocation.onetrust.com widget-mediator.zopim.com privacyportaluat.onetrust.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-QCAo74bbK4AaTtTA1XHeGA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-upWeGTsOZlCmTvUCUDLX3g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-K_U5Xca4-etygnQ6s3ISYA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-BcpNu99mbkQ9bLmV1ofE0Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self'; font-src 'self' fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com ;img-src 'self'; script-src 'self' 'nonce-cjJjVFhickZVJE5BYkE0V0YyQUU5U1lSZVY0QVVhYzc=' ; style-src 'self' 'unsafe-inline' fonts.googleapis.com maxcdn.bootstrapcdn.com ;base-uri 'self'; object-src 'self'; report-uri https://www.dynabyte.ch/xtend/aspx/cspreport.aspx 1 default-src 'self'; script-src 'self' *.segment.com *.tiktok.com *.googleapis.com *.google.com *.googletagmanager.com *.youtube.com *.gstatic.com *.segment.io vercel.live *.hotjar.com *.google-analytics.com *.adroll.com *.bing.com *.facebook.net googleads.g.doubleclick.net widget.trustpilot.com www.googleadservices.com https://unpkg.com/pdfjs-dist@2.12.313/legacy/build/pdf.worker.min.js join.com *.join.com 'nonce-Y2FlM2I1MjAtNzYxYy00ZGY0LWI2YjgtNTA3MTRlOTE4M2Zh' 'sha256-uX+XoKJ05/+HuYuDFIJWtfn5cpqNRoOz2kXq7ObarMs=' 'sha256-4LlEhJn74jj+GqYX/Oi7MTy3C+KHEtfnbEWfeqgMgZg=' 'sha256-/Z6+Dk2ZTVo1CBDYPQcWgzgsjU6hM6J0WRF4PdAOT84=' 'sha256-mnvsF5SZMx1z2VfaUJ/O5Rqs+i01Wv7mPwqYFHSj6K4='; style-src 'self' 'unsafe-inline' *.googleapis.com cdn.join.com; connect-src 'self' https://pflegia-backend-prod.herokuapp.com/graphql wss://pflegia-backend-prod.herokuapp.com/graphql *.vercel-insights.com *.segment.com *.googleapis.com *.segment.io *.tiktok.com *.lottiefiles.com *.microsoftonline.com *.s3.eu-west-1.amazonaws.com *.sentry.io analytics.google.com *.analytics.google.com stats.g.doubleclick.net bat.bing.com *.hotjar.com *.hotjar.io *.google-analytics.com *.googlesyndication.com ws.hotjar.com wss://ws.hotjar.com analytics.pangle-ads.com adservice.google.com vercel.live join.com cdn.join.com facebook.com *.facebook.com google.com *.google.com googleads.g.doubleclick.net eu.i.posthog.com; font-src 'self' data: *.gstatic.com cdn.join.com; img-src 'self' blob: data: cdn.jsdelivr.net chaos-prod.s3.eu-west-1.amazonaws.com static.ghost.org pflegia.ghost.io www.google.at www.google.ba www.google.be www.google.bg www.google.ca www.google.ch www.google.co.in www.google.co.uk www.google.com www.google.cz www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.gr www.google.hu www.google.in www.google.it www.google.lu www.google.ma www.google.nl www.google.pl www.google.ro www.google.ru www.google.si www.google.sk www.google.tn www.google.tr *.s3.eu-west-1.amazonaws.com maps.googleapis.com *.github.io *.slack-edge.com *.gravatar.com *.wp.com *.gstatic.com bat.bing.com www.facebook.com d.adroll.com www.google-analytics.com www.googletagmanager.com dsum-sec.casalemedia.com x.bidswitch.net pixel.rubiconproject.com us-u.openx.net sync.outbrain.com image2.pubmatic.com ups.analytics.yahoo.com sync.taboola.com eb2.3lift.com ib.adnxs.com i.ytimg.com googleads.g.doubleclick.net react-admin-telemetry.marmelab.com cm.g.doubleclick.net idsync.rlcdn.com pippio.com tags.rd.linksynergy.com segments.company-target.com cdn.join.com; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' www.facebook.com; frame-src 'self' *.youtube.com *.google.com *.microsoftonline.com td.doubleclick.net www.facebook.com view.officeapps.live.com widget.trustpilot.com 1 default-src 'self' ccbuchner.de www.ccbuchner.de https://secure.ogone.com https://ogone.test.v-psp.com captcha.wirth-horn.de cookiemanager.wirth-horn.de whstatistics-api.wirth-horn.de https://www.click-and-teach.de https://www.click-and-study.de https://www.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://www.googleadservices.com *.g.doubleclick.net https://*.googleapis.com https://connect.facebook.net https://www.facebook.com https://www.youtube.com https://www.youtube-nocookie.com https://*.googleusercontent.com https://www.instagram.com 'unsafe-eval' 'unsafe-inline'; img-src data: *; media-src *; font-src data: 'self' https://fonts.gstatic.com https://fonts.googleapis.com; report-uri /csp-report.cfm 1 font-src *.fontawesome.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io store.paradoxlabs.com 'self' data: *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.avada.io *.google.com *.gstatic.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.googleapis.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com https://get.geojs.io *.avada.io t.elasticsuite.io *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none'; script-src 'self' apps.elfsight.com https://cdn.datatables.net https://cdn.jsdelivr.net https://maps.googleapis.com https://platform.twitter.com https://www.google.com kit.fontawesome.com static.zdassets.com; script-src-attr 'self'; style-src 'self' https://cdn.datatables.net 'unsafe-inline'; style-src-attr 'self'; frame-ancestors 'self' *.sportsdigita.com 1 default-src 'self' 'unsafe-eval' https://intelligence.airbus.com https://cdn.cookielaw.org https://*.onetrust.com https://*.fontawesome.com https://storage.googleapis.com https://intelligence-airbusds.piwik.pro https://intelligence-airbusds.containers.piwik.pro https://www.google-analytics.com https://api.hubspot.com https://forms.hscollectedforms.net https://forms.hubspot.com *.hubspot.com *.hsforms.com px.ads.linkedin.com https://td.doubleclick.net www.youtube.com youtube.com *.youtube-nocookie.com https://pagead2.googlesyndication.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com www.google.com google.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com www.googleadservices.com *.g.doubleclick.net adservice.google.com *.google.com google.fr *.google.fr; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.cookielaw.org https://www.googletagmanager.com px.ads.linkedin.com https://track.hubspot.com https://forms.hsforms.com *.hsforms.com *.hsforms.net px4.ads.linkedin.com https://storage.googleapis.com https://forms-na1.hsforms.com js.hscta.net no-cache.hubspot.com *.hubspot.com https://www.google.fr https://www.google.com https://*.hotjar.com https://i.ytimg.com https://tile.openstreetmap.org openstreetmap.org https://*.amazonaws.com www.linkedin.com linkedin.com fonts.gstatic.com www.google-analytics.com *.analytics.google.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.cookielaw.org https://intelligence-airbusds.containers.piwik.pro https://js.hsforms.net https://js.hs-scripts.com https://*.onetrust.com/ https://*.fontawesome.com https://www.google-analytics.com https://snap.licdn.com https://js.hs-analytics.net https://js.usemessages.com https://js.hs-banner.com https://js.hscollectedforms.net https://js.hsleadflows.net *.hsadspixel.net *.hs-analytics.net *.hs-scripts.com js.hscta.net *.hubspot.com *.hsforms.net *.hsforms.com https://www.googletagmanager.com https://www.youtube.com https://pagead2.googlesyndication.com https://www.google.com https://www.gstatic.com https://*.doubleclick.net https://www.linkedin.com https://*.hotjar.com www.googleadservices.com; font-src 'self' 'unsafe-eval' data: https://*.fontawesome.com https://*.hotjar.com fonts.googleapis.com github.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.fontawesome.com fonts.googleapis.com www.google-analytics.com google-analytics.com; 1 default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data: www.googletagmanager.com; object-src 'none'; script-src 'self' https: 'unsafe-eval' blob: https://www.googletagmanager.com 'sha256-KswlGchel47n7WTeUxBzRtxr7gctpeiJjNnPkN3IEAU=' 'sha256-kOCO9LYFL9BkGKPGI5Y833BJH1SVuyZfTY5U4TOJi4A=' 'nonce-++lK4TGXijtEU+KLZjJbwA=='; style-src 'self' https: 'unsafe-inline'; connect-src 'self' https: *; media-src https: blob: data:; child-src blob:; report-uri /csp-report/index 1 default-src 'self'; script-src 'self' https: filesystem: https://*.googletagmanager.com https://unpkg.com https://static.addtoany.com 'sha256-gFcdOHegy0YKPS19uWoGjqElLi63Yof987gOXWZ8zLo=' 'sha256-6OvoMuEehl5lMoLt1M423sjF8jkUJVVmnYiI/GkDEsA=' 'sha256-yElBEKucE35qwHf8qWcAvqD25zOJ7TqTptcHyzGhOxw=' 'sha256-n+tHfMxuRGvnG0BQrRbz9yKiayUtNJ1c0tDdceZlE2Y=' 'sha256-5vPIU5OJBuEuneT8BrS3QFFal4pPLRovoGBfDoIos3U=' 'sha256-8vcv/HA/ZUKSmu6Em8ckWEMQGT43DEfRFWxN+2LFBpA=' 'sha256-iBm7Y5wnqtZkLHD5mqIAIKXxEswOdMeSLFWO1lM+Xcw=' 'sha256-M1WfpjZDDmpD3ULz+6R0TEjEFA9RNObU5+wVXCW27mQ=' 'sha256-yUXrkvbo8KKgAjKQsgseJ6Fchh4UlWKfAZn/rSjxB4k=' 'sha256-Gk0CLQ8tARQRz15yPFsP8Ut2x2hsFxU5uejr8AYuSFs=' 'sha256-UdSO5qm7FySihyfS7eXuZQDsTJNZtI/Wum51uvuzP0A=' 'sha256-/sv7hNQR0RpoTLX45JQoO05bVYXbdfPEIt24KFJhoPM=' 'nonce-f3a7f25185'; style-src 'self' 'unsafe-inline' https:; img-src 'self' https: data: filesystem:; font-src 'self' data:; frame-ancestors 'self' filesystem: *.jacksonphysiciansearch.com; frame-src 'self' filesystem: *.jacksonphysiciansearch.com player.vimeo.com 1 default-src 'unsafe-eval' 'unsafe-inline' blob: data: https: ws: wss:; img-src 'unsafe-inline' blob: data: *; report-uri https://csp.test.orlo.tech/report; 1 upgrade-insecure-requests; report-uri https://bbcsp.report-uri.com/r/d/csp/reportOnly 1 font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.googleapis.com *.fontawesome.com *.bootstrapcdn.com 'self' data: *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.twitter.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.twitter.com *.google.com *.addthis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.weltpixel.com *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.cloudflare.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.vtdns.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://img.youtube.com store.paradoxlabs.com *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.cloudflare.com *.twitter.com *.google-analytics.com googletagmanager.com *.google.com *.gstatic.com *.trustedshops.com *.fontawesome.com *.addthis.com s7.addthis.com m.addthis.com z.moatads.com *.addthisedge.com apis.google.com graph.facebook.com widgets.pinterest.com www.facebook.com connect.facebook.net business.facebook.com *.avada.io *.authorize.net *.yotpo.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline cdn.dnky.co webchat.dotdigital.com *.cloudflare.com *.googleapis.com *.twitter.com *.gstatic.com *.typekit.net *.fontawesome.com *.bootstrapcdn.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.cloudflare.com *.twitter.com *.paypal.com *.vtdns.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com ekr.zdassets.com/ https://get.geojs.io *.avada.io *.authorize.net *.google-analytics.com *.yotpo.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-h64bNGa9-3sokN_KjFTmTg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-pUN8XlN9_9rzOCOOOkumMg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src https://www.gstatic.com data: https://fonts.gstatic.com fonts.gstatic.com *.fontawesome.com 'self' data: data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com https://player.vimeo.com https://www.youtube-nocookie.com landofcoder.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://www.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://player.vimeo.com https://www.youtube.com https://unpkg.com https://*.cloudfront.net landofcoder.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com assets.shipperhq.com https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.fontawesome.com https://fonts.googleapis.com http://fonts.googleapis.com unsafe-inline 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io https://uploader.orbus.com wss://uploader.orbus.com https://unpkg.com https://s3.amazonaws.com https://settings.luckyorange.net landofcoder.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com ovs.shipperhq.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: nexus.ensighten.com images.tradeservice.com *.licdn.com survalyzer.survalyzer.swiss *.adsrvr.org www.google-analytics.com *.msecnd.net *.mktoresp.com c.az.contentsquare.net *.azureedge.net cdn.jsdelivr.net analytics.formstack.com p.brsrvr.com www.google.com runtimeapi.survalyzer-swiss.app k-us1.az.contentsquare.net *.googleapis.com dc.services.visualstudio.com *.linkedin.com files.survalyzer.swiss media.distributordatasolutions.com *.gstatic.com *.facebook.net t.contentsquare.net *.doubleclick.net munchkin.marketo.net ideadigitalasset.com *.marketo.com cdns.brsrvr.com *.windows.net *.facebook.com www.ideadigitalcontent.com *.cloudfront.net www.googletagmanager.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 object-src 'none';base-uri 'self';script-src 'nonce-esiBQVHAqXWVQq5kikw3HQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.zendesk.com *.zdassets.com *.zopim.com connect.facebook.net 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com *.addthis.com *.pinterest.com www.facebook.com checkout.tabby.ai testourcode.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.facebook.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com *.zdassets.com *.samma3a.com checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io maps.googleapis.com *.googletagmanager.com *.facebook.net *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.zendesk.com *.zdassets.com *.zopim.com wss://widget-mediator.zopim.com analytics.tiktok.com *.doubleclick.net *.youtube.com *.artfut.com checkout.tabby.ai widgets.tabby.ai cdn.segment.com connect.facebook.net www.googletagmanager.com www.google.com cdn.sift.com score.jcsc.online seondf.com deviceinf.com getdeviceinf.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com *.samma3a.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.google-analytics.com *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com *.zendesk.com *.zdassets.com *.zopim.com wss://widget-mediator.zopim.com analytics.tiktok.com *.doubleclick.net *.artfut.com *.youtube.com checkout.tabby.ai widgets.tabby.ai cdn.segment.com api.segment.com api.amplitude.com *.seondfresolver.com *.deviceinfresolver.com *.getdeviceinfresolver.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.seondnsresolve.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-O2wTjQJvKemznO4WuDXJ1g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.afremov.com *.ladesk.com *.twitter.com *.ads-twitter.com t.co *.gstatic.com data: *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.afremov.com *.ladesk.com *.twitter.com *.ads-twitter.com t.co *.cardinalcommerce.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.paypalobjects.com *.afremov.com *.ladesk.com *.twitter.com *.ads-twitter.com t.co c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://secure.2checkout.com https://2pay-js.2checkout.com https://secure.avangate.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.google.com.ua *.afremov.com *.ladesk.com *.twitter.com *.ads-twitter.com t.co www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://secure.2checkout.com https://2pay-js.2checkout.com https://secure.avangate.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.afremov.com *.ladesk.com *.twitter.com *.ads-twitter.com t.co *.paypal.com *.sandbox.paypal.com *.paypalobjects.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://secure.2checkout.com https://2pay-js.2checkout.com https://secure.avangate.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com stats.g.doubleclick.net *.afremov.com *.ladesk.com *.twitter.com *.ads-twitter.com t.co *.paypal.com *.sandbox.paypal.com *.paypalobjects.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: comunicaciones.globalbank.com.pa gb-pd.widget.konecta.global adservice.google.com wss://api.app.konecta.global cdnjs.cloudflare.com www.google.com *.gstatic.com api.app.konecta.global *.doubleclick.net www.googletagmanager.com analytics.google.com www.google.com.pa *.googleapis.com *.facebook.net www.youtube.com konecta-widget.net *.facebook.com konecta-widget.netlify.app www.google-analytics.com cdn.jsdelivr.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 object-src 'none';base-uri 'self';script-src 'nonce-Nsoef8gTECGj8Sm6weO3BA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 style-src 'self' static.omegazero.org 'report-sample'; report-uri https://api.omegazero.org/v2/meta/report?t=sec_t 1 font-src *.squarecdn.com https://www.googletagmanager.com *.googleapis.com *.gstatic.com dc89tf1ynkwmh.cloudfront.net use.typekit.net data: font.static.useinsider.com *.typekit.net *.cloudfront.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.iequalchange.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com widgets.sandbox.afterpay.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.instagram.com *.trustpilot.com *.braintreegateway.com *.kaptcha.com e.issuu.com nationaltiles.api.useinsider.com nationaltiles-ardemo-eau.azurewebsites.net *.prontoavenue.biz *.hotjar.com data: *.useinsider.com www.youtube-nocookie.com *.iequalchange.com http://www.sandbox.paypal.com *.twitter.com *.dpm.demdex.net *.openpay.com.au *.afterpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.afterpay.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.googleapis.com *.cdninstagram.com www.nationaltiles.com.au hnd.stats.paypal.com v2assets.zopim.io scontent-syd2-1.cdninstagram.com static.openpay.com.au log.api.useinsider.com site-assets.afterpay.com nationaltiles-ardemo-eau.azurewebsites.net *.google.com.au *.google.com.vn *.google.com.ph image.useinsider.com *.google.com *.facebook.com *.useinsider.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com tagmanager.google.com https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.instagram.com unpkg.com widget.trustpilot.com cdn.scarabresearch.com static.zipmoney.com.au widgets.staging.openpay.com.au recommender.scarabresearch.com webchannel-content.eservice.emarsys.net payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com nt.api.useinsider.com *.scarabresearch.com *.zdassets.com *.zendesk.com *.zopim.com nationaltiles.api.useinsider.com hit.api.useinsider.com js-agent.newrelic.com bam-cell.nr-data.net iec.3dcstaging.com.au secure.ewaypayments.com connect.facebook.net *.hotjar.com eitri.api.useinsider.com *.openpay.com.au *.google.com *.google.com.au *.google.com.vn *.google.com.ph data: *.useinsider.com *.iequalchange.com apps.jobadder.com static.zdassets.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bing.com *.braintree-api.com *.afterpay.com *.amplitude.com *.dpm.demdex.net *.cardinalcommerce.com *.ccdc02.com *.doubleclick.net *.braintreegateway.com *.unpkg.com *.trustpilot.com *.zipmoney.com.au *.emarsys.net cdn.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static.afterpay.com/ *.squarecdn.com unsafe-inline assets.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com fonts.googleapis.com assets.api.useinsider.com *.useinsider.com *.cloudflare.com *.braintree-api.com *.gstatic.com *.typekit.net *.trustedshops.com *.fontawesome.com 'self' 'unsafe-inline'; object-src nationaltiles-ardemo-eau.azurewebsites.net 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com *.zdassets.com nationaltiles-ardemo-eau.azurewebsites.net data: *.useinsider.com *.zopim.com *.zopim.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com *.googleapis.com unpkg.com widget.trustpilot.com cdn.scarabresearch.com static.zipmoney.com.au widgets.staging.openpay.com.au recommender.scarabresearch.com webchannel-content.eservice.emarsys.net payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com nt.api.useinsider.com *.scarabresearch.com *.zdassets.com *.zendesk.com *.zopim.com wss://widget-mediator.zopim.com nationaltiles.api.useinsider.com hit.api.useinsider.com js-agent.newrelic.com bam-cell.nr-data.net iec.3dcstaging.com.au secure.ewaypayments.com socialproof.api.useinsider.com nationaltiles-ardemo-eau.azurewebsites.net api.zipmoney.com.au *.zip.co location.api.useinsider.com carrier.useinsider.com segment.api.useinsider.com stats.g.doubleclick.net *.hotjar.com wss://*.hotjar.com *.hotjar.io abacus.api.useinsider.com data: *.useinsider.com *.cloudflare.com *.twitter.com *.twimg.com *.zopim.io *.google-analytics.com https://stats.g.doubleclick.net *.openpay.com.au *.amplitude.com *.dpm.demdex.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.example.com/; report-to report-endpoint; 1 object-src 'none';base-uri 'self';script-src 'nonce-OTK3mt4X3yTL3euhZ-EYWg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'none'; form-action 'none'; frame-ancestors 'none'; report-uri https://interparking.report-uri.com/r/d/csp/wizard 1 font-src 'self' https://fonts.gstatic.com data: *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action 'self' 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ 'self' https://www.kiyoh.com https://vars.hotjar.com https://www.googletagmanager.com/ js.mollie.com *.sendcloud.sc 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.bird.eu ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com 'self' https://www.google.nl https://bat.bing.com https://images.unsplash.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.cdninstagram.com *.fbcdn.net https://www.mollie.com 'self' data: data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com 'self' 'unsafe-inline' 'unsafe-eval' *.google.com https://www.gstatic.com https://*.google-analytics.com https://*.doubleclick.net https://ecookie.nl https://*.ecookie.nl https://www.googletagmanager.com https://www.googleoptimize.com https://www.googleadservices.com https://chimpstatic.com https://static.hotjar.com https://bat.bing.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ js.mollie.com *.sendcloud.sc *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src downloads.mailchimp.com 'self' 'unsafe-inline' https://fonts.googleapis.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com 'self' https://*.google-analytics.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-FYoHi5I7BN4BIeDbQA12cw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: pixel-geo.prfct.co ekr.zdassets.com cdnjs.cloudflare.com *.doubleclick.net *.facebook.com www.google.com.au analytics.google.com www.pages0b.net *.gstatic.com *.hotjar.com v2assets.zopim.io www.tower.co.nz shielded.co.nz *.zendesk.com vc.hotjar.io www.sc.pages0b.net www.google.co.nz ampcid.google.com www.google.com www.googletagmanager.com content.hotjar.io my-api.tower.co.nz *.zopim.com ampcid.google.co.nz secure.adnxs.com adservice.google.com b2262927.smushcdn.com *.googlesyndication.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 font-src *.googleapis.com *.gstatic.com data: cdn.radiall.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net distributors.radiall.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com cdn.radiall.com *.cookiebot.com *.livechatinc.com distributors.radiall.com https://player.vimeo.com https://www.youtube-nocookie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.googleapis.com *.bird.eu cdn.radiall.com *.cookiebot.com *.linkedin.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ cdn.radiall.com *.livechatinc.com *.bc0a.com api.brightedge.com snap.licdn.com *.linkedin.oribi.io *.googletagmanager.com *.google-analytics.com analytics.google.com *.doubleclick.net *.cookiebot.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.avada.io https://player.vimeo.com https://www.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.radiall.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.googleapis.com cdn.radiall.com *.linkedin.com *.bc0a.com api.brightedge.com *.google-analytics.com *.doubleclick.net *.cookiebot.com *.linkedin.oribi.io analytics.google.com https://get.geojs.io *.avada.io https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://n5mcn64l2tp5piztj1c2b0wj.httpschecker.net/report 1 font-src https://cdn.livechatinc.com https://dev.click2mail.com/ https://stage.click2mail.com/ https://www.click2mail.com/ https://click2mail.com/ https://fonts.gstatic.com https://click2mail.cloudflareaccess.com/ data: https://staticw2.yotpo.com/ *.fontawesome.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://td.doubleclick.net/ https://v3mdvz78qnm1.statuspage.io/ https://industry-templates.click2mail.com/ https://templates.click2mail.com/ https://stage-industry-templates.click2mail.com/ https://stage-templates.click2mail.com/ https://dev-industry-templates.click2mail.com/ https://dev-templates.click2mail.com/ https://click2mail.kayako.com/ https://amc.demdex.net/ https://forms.helpdesk.com/ https://click2mail.kb.help/ https://dev.click2mail.com/ https://stage.click2mail.com/ https://www.click2mail.com/ https://click2mail.com/ https://secure.livechatinc.com https://www.youtube.com https://s7.addthis.com https://imgs.signifyd.com/ https://h.online-metrix.net/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://compliancy-group.com/ https://notify.bugsnag.com/ https://google.com/ https://www.google.com/ https://www.google.co.in/ https://click2mail.kayako.com/ https://assets.kayako.com/ https://templates.click2mail.com https://stage-templates.click2mail.com/ https://dev-templates.click2mail.com/ https://img.youtube.com/ https://zapier-images.imgix.net https://zapier.com https://seal-dc-easternpa.bbb.org https://i0.wp.com https://click2mail.wpcomstaging.com/ https://i0.wp.com/click2mail.wpcomstaging.com/ https://industry-templates.click2mail.com/ https://dev.click2mail.com/ https://stage.click2mail.com/ https://click2mail.com/ https://click2mail.cloudflareaccess.com/ https://www.click2mail.com/ https://data.pendo.io https://blog.click2mail.com https://dev-blog.click2mail.com/ https://stage-blog.click2mail.com/ https://p.yotpo.com/ https://cdn-yotpo-images-production.yotpo.com/ https://yotpo-editor-production.s3.amazonaws.com/ https://maps.gstatic.com/ https://maps.googleapis.com/ https://amcglobal.sc.omtrdc.net https://imgs.signifyd.com/ https://cdn.klarna.com/ https://store.paradoxlabs.com/ https://sealserver.trustwave.com/ https://w2txo5aane2loy5fxwduxmtkesjvfskqugiqazyy7eb55235936d6b30am1.e.aa.online-metrix.net/ store.paradoxlabs.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://googleads.g.doubleclick.net/ https://google.com/ https://status.click2mail.com/ https://click2mail.kayakocdn.com/ https://assets.kayako.com/ https://d2wy8f7a9ursnm.cloudfront.net/ https://click2mail.kayako.com/ wss://kre.kayako.net/ https://api-public.addthis.com/ https://cdn.calltrk.com/ https://js.calltrk.com/ https://zapier.com/ https://cdn.zapier.com/ https://code.jquery.com/ https://cdnjs.cloudflare.com/ https://www.gstatic.com https://ekr.zendesk.com/ http://cdn.livechatinc.com/ https://dev.click2mail.com/ https://stage.click2mail.com/ https://www.click2mail.com/ https://click2mail.com/ https://maps.googleapis.com/ https://www.google.com https://api.livechatinc.com https://cdn.livechatinc.com https://cdn4.mxpnl.com/ https://static.zdassets.com/ https://www.googletagmanager.com/ https://imgs.signifyd.com/ https://secure.livechatinc.com https://cdn.pendo.io https://data.pendo.io https://ajax.cloudflare.com/ https://d2z0bn1jv8xwtk.cloudfront.net https://staticw2.yotpo.com https://s7.addthis.com https://z.moatads.com https://static.cloudflareinsights.com/ https://v1.addthisedge.com https://m.addthis.com https://apis.google.com *.cardinalcommerce.com https://sealserver.trustwave.com/ https://click2mail.cloudflareaccess.com/ chimpstatic.com downloads.mailchimp.com *.list-manage.com *.avada.io *.authorize.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://cdn.zapier.com/ https://fonts.googleapis.com/ https://click2mail.cloudflareaccess.com/ https://staticw2.yotpo.com/ https://dev.click2mail.com/ https://stage.click2mail.com/ https://www.click2mail.com/ https://click2mail.com/ *.fontawesome.com downloads.mailchimp.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://click2mail.kayakocdn.com/ https://google.com/ https://assets.kayako.com/ https://js.calltrk.com/ https://d2wy8f7a9ursnm.cloudfront.net/ https://click2mail.kayako.com/ wss://kre.kayako.net/ https://api-public.addthis.com/ https://stats.g.doubleclick.net/ https://analytics.google.com/ https://ekr.zendesk.com/ https://zendesk-eu.my.sentry.io/ https://zapier.com/ https://api.zapier.com/ https://dev.click2mail.com/ https://data.pendo.io/ https://stage.click2mail.com/ https://www.click2mail.com/ https://click2mail.com/ https://m.addthis.com/live/ https://jstest.authorize.net https://staticw2.yotpo.com/ https://maps.googleapis.com/ https://api.livechatinc.com https://amcglobal.sc.omtrdc.net https://ekr.zdassets.com/ https://click2mail.zendesk.com/ https://imgs.signifyd.com/ https://www.google-analytics.com/ https://cdn4.mxpnl.com/ https://get.geojs.io *.avada.io *.authorize.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-tuEjD23u4m_s2HQLb4Swjg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' static.addtoany.com secure.gravatar.com fonts.gstatic.com fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com ssl.google-analytics.com script.addtoany.com static.addtoany.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: jigsaw.w3.org www.w3.org www.google-analytics.com ssl.google-analytics.com www.linkedin.com static.addtoany.com s.w.org secure.gravatar.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' static.addtoany.com; report-uri https://bishnet.report-uri.io/r/default/csp/reportOnly; 1 object-src 'none';base-uri 'self';script-src 'nonce-Pgc4foOCLLniri5lsSWR7g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-inline' cloud.ccm19.de; script-src 'self' 'unsafe-inline' consentcdn.cookiebot.com www.google-analytics.com www.googletagmanager.com consent.cookiebot.com data: boniversum.botcamp.ai www.gstatic.com cloud.ccm19.de code.etracker.com www.etracker.de eval mailto connect.facebook.net wasm-eval chrome-extension fonts.gstatic.com translate.google.com; connect-src 'self' 'unsafe-inline' consentcdn.cookiebot.com www.google-analytics.com data: consent.cookiebot.com www.googletagmanager.com boniversum.botcamp.ai cloud.ccm19.de www.etracker.de eval boniversum-dsp.botcamp.ai fonts.gstatic.com; frame-src 'self' 'unsafe-inline' consentcdn.cookiebot.com www.googletagmanager.com www.google-analytics.com consent.cookiebot.com boniversum.botcamp.ai data: code.etracker.com meinboniversum.de mozbar.moz.com; child-src 'self' 'unsafe-inline' consentcdn.cookiebot.com www.googletagmanager.com www.google-analytics.com boniversum.botcamp.ai data: consent.cookiebot.com translate.google.com; img-src 'self' 'unsafe-inline' www.google-analytics.com www.googletagmanager.com data: consent.cookiebot.com www.youtube.com boniversum.botcamp.ai cloud.ccm19.de wasm-eval fonts.gstatic.com translate.googleapis.com; media-src 'self' 'unsafe-inline' data:; font-src 'self' 'unsafe-inline' www.google-analytics.com boniversum.botcamp.ai www.googletagmanager.com data: consent.cookiebot.com; style-src 'self' 'unsafe-inline' www.googletagmanager.com boniversum.botcamp.ai www.google-analytics.com www.gstatic.com consent.cookiebot.com data: cloud.ccm19.de 1 object-src 'none';base-uri 'self';script-src 'nonce-AKMXJqzI8wBz3HTP9JTSWA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src 'self' fonts.googleapis.com fonts.gstatic.com themes.googleusercontent.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com https://cdn.rawgit.com https://platform.twitter.com https://vjs.zencdn.net maps.googleapis.com; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' cdn.optimizely.com *.googletagmanager.com widgets.muuuh.de cookiehub.com *.cookiehub.com *.cookiehub.eu *.youtube.com www.google-analytics.com acdn.adnxs.com bat.bing.com *.hotjar.com *.doubleclick.net s.pinimg.com *.facebook.net https://js.adsrvr.org https://diffuser-cdn.app-us1.com https://c5.adalyser.com https://secure.adnxs.com *.tiktok.com https://s.pinimg.com https://prism.app-us1.com *.googleadservices.com https://cdn.mookie1.com https://trackcmp.net https://ct.pinterest.com https://js.stripe.com data.my.permaleads.ch https://cdn.rawgit.com https://platform.twitter.com https://vjs.zencdn.net maps.googleapis.com; style-src 'self' https://cdn.jsdelivr.net https://vjs.zencdn.net; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' cookiehub.com *.cookiehub.com *.cookiehub.eu fonts.googleapis.com https://cdn.jsdelivr.net https://vjs.zencdn.net; frame-ancestors 'self' https://www.youtube.com; report-uri https://www.worldvision.de/report-uri/reportOnly 1 object-src 'none';base-uri 'self';script-src 'nonce-bG1SwrZVqDHkLgi-AAfVJg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com https://widgets.trustedshops.com https://integrations.etrusted.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.sharethis.com www.google.com *.google.com *.doubleclick.net *.facebook.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://*.dpdconnect.nl js.mollie.com *.sendcloud.sc *.jsdelivr.net www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.sharethis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://belco-prod.s3-eu-central-1.amazonaws.com https://www.mollie.com *.amazonaws.com www.magmodules.eu *.squeezely.tech ts.tradetracker.net https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com www.xtento.com cdn.xtento.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://cdn.belco.io https://*.dpdconnect.nl *.avada.io *.sooqr.com *.spotlersearch.com spotlersearchanalytics.com js.mollie.com chimpstatic.com *.newrelic.com *.sendcloud.sc *.jsdelivr.net squeezely.tech www.squeezely.tech *.squeezely.tech tm.tradetracker.net https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com www.xtento.com cdn.xtento.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com *.sooqr.com *.spotlersearch.com *.sendcloud.sc *.jsdelivr.net https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com https://integrations.etrusted.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com wss://chat.belco.io https://cdn.belco.io https://get.geojs.io *.avada.io *.nr-data.net *.newrelic.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com squeezely.tech *.squeezely.tech *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.typekit.net fonts.gstatic.com use.typekit.net https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com www.googletagmanager.com https://customcheckout-uat.bambora.net.au https://customcheckout.bambora.com.au https://www.facebook.com https://www.google.com https://www.google.com.au https://secure.livechatinc.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net p.typekit.net *.ftcdn.net *.behance.net data: https://www.google.com https://www.google.com.au https://analytics.sleeknote.com https://cdn.na.bambora.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net https://cdn.livechatinc.com https://api.livechatinc.com https://sc.lfeeder.com https://js-agent.newrelic.com https://sleeknotecustomerscripts.sleeknote.com https://www.googletagmanager.com https://www.google.com https://www.google.com.au https://www.gstatic.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://hosted.mastersoftgroup.com https://customcheckout-uat.bambora.net.au https://customcheckout.bambora.com.au https://www.dwin1.com https://sleeknotestaticcontent.sleeknote.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://www.google.com https://www.google.com.au https://fonts.googleapis.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.paypal.com *.adobe.io performance.typekit.net *.sentry.io https://bam.nr-data.net https://hosted.mastersoftgroup.com https://api.livechatinc.com https://www.google.com https://www.google.com.au https://www.googleadservices.com https://www.google-analytics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-4sT3nahZcLQqFLBuZ_haLg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-mQvuO-FoxQJRKCuhmxNjxg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-jdOV3_HPg6615nKe5rqGtQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src https: 'strict-dynamic' 'report-sample' 'nonce-HG7f4iPusN1XDnRI3bZ8JLr20Loaxm7yUVG+t4644bs='; base-uri 'self';report-to csp-endpoint 1 object-src 'none';base-uri 'self';script-src 'nonce-UL1zwlLqowI2_Cl1beVzmw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-4OZhI7DBkc5hp2Jz-xSyGg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-YZVMk9Hp0Iz8YeVsq2or1w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce--2srVZw6djGzqDWjfEUi7g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-h8Ocv-pvwdrWC6iHzV4OSw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-QUCSiy2EkCIRtG31EiU5oQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-Qm4pcMYpDyhWvD-F8XI8zw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-MqqLaqgSSfEd0yOCkQDG0Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-FEWYuYbmBOwJwNNozAPyZg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-HEshK1gb-qpfxeKXn9ZyVg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-UtZqtKMEhyUwyx7UbX3O7Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-YE67QyLQM2JAJZ_uOW2Rhg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-XeT7SbsJq4KuLLifWEi_Tg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 connect-src client.diffuse.tools widget.freshworks.com 'self' stats.g.doubleclick.net www.google-analytics.com; img-src s.w.org www.googletagmanager.com 'self' data: px.ads.linkedin.com secure.gravatar.com www.google-analytics.com www.google.com www.google.nl; script-src-elem cdn.mxpnl.com widget.freshworks.com 'self' 'unsafe-inline' www.googletagmanager.com code.diffuse.nl cdnjs.cloudflare.com checkout.stripe.com snap.licdn.com www.google-analytics.com; report-uri https://whatsit.report-uri.com/r/d/csp/wizard 1 object-src 'none';base-uri 'self';script-src 'nonce-UiAN7hEmJQ7_W6k6bXFs0A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-inline' cdnjs.cloudflare.com cdn.jsdelivr.net *.googletagmanager.com *.zdassets.com cdn.brcdn.com *.googleapis.com *.google-analytics.com *.google.com *.trustpilot.com *.newrelic.com bam.nr-data.net *.amazonaws.com *.jquery.com fonts.fontawesome.com fonts.gstatic.com use.fontawesome.com sarnova-dev.s3.amazonaws.com *.akstat.io 1 object-src 'none';base-uri 'self';script-src 'nonce-flEObrB7ntyXO5csiYr-yg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-6nfwDJOy9eQhFuteG7Iolg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-o5J7cnMdpI0Xe7YXpJxl9Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-yp0jv_5sJCIc0nNqUsPZ7A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-jzOk4bkcG1B04Om3VK2yUA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-DxB7W7XE0Wy-soHK3HXDAA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-2DkMRwzIebvIxdgD4ren-Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-xYcUZY_kPlud7VcfeZ-daQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 upgrade-insecure-requests; default-src 'self' data: 'unsafe-inline'; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.googletagmanager.com connect.facebook.net platform.twitter.com *.twimg.com platform.linkedin.com cdnjs.cloudflare.com s.ytimg.com; script-src-elem 'self' data: 'unsafe-inline' *.google-analytics.com *.googletagmanager.com *.googleapis.com translate.google.com; connect-src 'self' data: 'unsafe-inline' *.googleapis.com *.google-analytics.com *.googletagmanager.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com platform.twitter.com *.twimg.com cdnjs.cloudflare.com; img-src 'self' data: blob: mosaico.io *.google.com *.googleapis.com *.gstatic.com www.facebook.com *.twitter.com *.twimg.com yt3.ggpht.com i.ytimg.com *.mailchimp.com *.global.ssl.fastly.net nwu.org; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com themes.googleusercontent.com; frame-src 'self' data: *.google.com www.facebook.com platform.twitter.com syndication.twitter.com www.youtube.com *.soundcloud.com *.vimeo.com; worker-src 'self' data: blob: platform.twitter.com www.facebook.com www.youtube.com cdn.gtranslate.net 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com *.cloudfront.net t.contentsquare.net *.googleapis.com files.survalyzer.swiss p.brsrvr.com *.marketo.com ideadigitalasset.com www.ideadigitalcontent.com survalyzer.survalyzer.swiss cdns.brsrvr.com *.azureedge.net runtimeapi.survalyzer-swiss.app *.gstatic.com www.vikingelectric.com *.facebook.com images.tradeservice.com www.google-analytics.com k-us1.az.contentsquare.net *.doubleclick.net munchkin.marketo.net dc.services.visualstudio.com c.az.contentsquare.net *.mktoresp.com media.distributordatasolutions.com www.googletagmanager.com *.adsrvr.org *.msecnd.net cdn.jsdelivr.net nexus.ensighten.com analytics.formstack.com *.windows.net digitalcontentcenter.compas.siemens-info.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com *.livechatinc.com *.plyr.io https://widgets.trustedshops.com https://integrations.etrusted.com *.klarnacdn.net 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.net *.facebook.com https://seo.mageplaza.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.iubenda.com *.googletagmanager.com *.pinterest.com *.livechatinc.com *.facebook.net *.facebook.com *.linkedin.com *.googleapis.com *.klarna.com https://www.googletagmanager.com/ secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com *.iubenda.com pixel.mathtag.com sync.mathtag.com *.trustedshops.com *.linkedin.com *.google.de *.facebook.net *.facebook.com *.livechatinc.com *.yahoo.com *.truoptik.com *.pinterest.com maps.gstatic.com *.doubleclick.net *.ytimg.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://widgets.trustedshops.com https://integrations.etrusted.com *.klarna.com *.klarnaevt.com *.klarnacdn.net cdn.pay1.de x.klarnacdn.net *.cloudfront.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.iubenda.com chimpstatic.com *.roomvo.com *.trustedshops.com *.livechatinc.com *.cloudflare.com *.getsitecontrol.com *.pinimg.com *.mouseflow.com *.doubleclick.net *.licdn.com *.facebook.net *.facebook.com *.yimg.com *.teads.tv *.pinterest.com *.getsitectrl.com *.googletagmanager.com *.klarna.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ downloads.mailchimp.com *.list-manage.com https://widgets.trustedshops.com https://integrations.etrusted.com *.klarnacdn.net *.klarnaservices.com s7.addthis.com *.avada.io secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com https://widgets-qa.trustedshops.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com downloads.mailchimp.com https://widgets.trustedshops.com https://integrations.etrusted.com *.klarnacdn.net d.ratepay.com d.payla.io dr.payla.io unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.iubenda.com *.roomvo.com chimpstatic.com *.trustedshops.com *.livechatinc.com *.cloudflare.com *.getsitecontrol.com *.pinimg.com *.mouseflow.com *.doubleclick.net *.licdn.com *.facebook.net *.facebook.com *.yimg.com *.teads.tv *.pinterest.com *.getsitectrl.com *.googletagmanager.com *.linkedin.oribi.io *.linkedin.com *.klarnaevt.com *.klarna.com *.noembed.com *.plyr.io http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.etrusted.com *.klarnacdn.net *.klarnaservices.com ekr.zdassets.com/ https://get.geojs.io *.avada.io payments.amazon.de d.ratepay.com jsctool.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google-analytics.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.typekit.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://unpkg.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://unpkg.com *.typekit.net downloads.mailchimp.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src https://fonts.gstatic.com *.gstatic.com *.fontawesome.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.icomoon.io egwguns.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.reviews.io *.reviews.co.uk *.facebook.com egwguns.com 'self' 'unsafe-inline'; frame-ancestors egwguns.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://*.online-metrix.net *.subconvertize.com https://imgs.signifyd.com *.dotdigital-pages.com *.dotdigital.com *.reviews.io *.reviews.co.uk landofcoder.com *.js.stripe.com https://googleads.g.doubleclick.net egwguns.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com http://img.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://imgs.signifyd.com *.subconvertize.com https://*.online-metrix.net *.googleapis.com *.gstatic.com validate.fishpig.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ store.paradoxlabs.com https://redchamps.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.bing.com *.google.co.in *.facebook.com https://googleads.g.doubleclick.net egwguns.com data: 'self' 'unsafe-inline'; script-src *.assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com *.subconvertize.com data: *.googleapis.com *.gstatic.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.authorize.net *.reviews.io *.reviews.co.uk landofcoder.com *.addtoany.com *.bing.com *.zdassets.com *.facebook.com https://unpkg.com https://googleads.g.doubleclick.net https://connect.facebook.net egwguns.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com https://static.klaviyo.com *.fontawesome.com *.googleapis.com *.addtoany.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.icomoon.io https://googleads.g.doubleclick.net data: egwguns.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com egwguns.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.subconvertize.com https://imgs.signifyd.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.get.geojs.io *.avada.io http://dpm.demdex.net *.authorize.net *.cloudfront.net *.reviews.io *.reviews.co.uk landofcoder.com *.zendesk.com *.zdassets.com *.bing.com https://yedelec.sbs/ *.api.purechat.com https://stats.g.doubleclick.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.paypalobjects.com *.demdex.net *.signifyd.com https://genstech.shop https://googleads.g.doubleclick.net egwguns.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com egwguns.com http: https: blob: 'self' 'unsafe-inline'; default-src egwguns.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none' ; base-uri 'self' ; font-src 'self' https://fonts.gstatic.com https://www.booxi.eu; manifest-src 'self' ; media-src 'self' ; frame-ancestors 'self' ; worker-src 'none' ; report-uri /api/csp-reports ; connect-src 'self' https://cognito-idp.eu-west-3.amazonaws.com https://maps.googleapis.com https://api.opngo.com https://static.indigoneo.eu; frame-src 'self' https://www.booxi.eu https://trxb26zqxg.execute-api.eu-west-3.amazonaws.com https://payment.opngo.com https://webpayment.payline.com https://secure.ogone.com https://payment.direct.ingenico.com https://api.opngo.com https://now.opngo.com https://assets.opngo.com https://v2-sim.preprod.psp-solutions.com https://methodurl.psp-solutions.com; 1 script-src 'nonce-XDD+U7RaOZr4Pr2IV5wRyA==' 'strict-dynamic' 'unsafe-eval' 'report-sample' https: 'unsafe-inline'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=IhtFzGbkZDmK0C316pB4ktc646L0zMdqAgMyC8QXd9MW0d9v6W3omXdihnO0sNU1dplmIQ==&policy_id=10&user_id=&request_id=d447bda8-fdc7-460f-8bd4-8b866d505d5b; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: http://cnt.invoicebox.ru; font-src https: data:; report-uri /csp-report 1 font-src *.fontawesome.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es https://www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es https://redchamps.com maps.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es maps.googleapis.com www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://www.paypalobjects.com 'self' 'unsafe-inline'; 1 font-src *.googleapis.com *.gstatic.com data: maxcdn.bootstrapcdn.com https://fonts.googleapis.com/ https://fonts.gstatic.com/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com https://consentcdn.cookiebot.eu/ https://www.google.com/ https://www.jsctool.com/ https://secure.pay1.de/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com js.playground.klarna.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com *.cloudfront.net https://stats.g.doubleclick.net/ https://www.googleadservices.com/ http://www.google.com/ads/ http://www.google.de/ads/ https://www.google-analytics.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com cdn.pay1.de x.klarnacdn.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://*.cookiebot.eu/ *.google-analytics.com https://www.googletagmanager.com/ https://secure.pay1.de/ *.ratepay.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com/ https://www.gstatic.com unsafe-inline assets.braintreegateway.com d.ratepay.com d.payla.io dr.payla.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com https://consentcdn.cookiebot.eu/ https://stats.g.doubleclick.net/ https://*.google-analytics.com/ *.ratepay.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com payments.amazon.de d.ratepay.com jsctool.com eu.playground.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 script-src *.googleapis.com *.facebook.net *.facebook.com *.typekit.net *.pingdom.net *.pinterest.com *.google.com *.google-analytics.com *.googleadservices.com *.g.doubleclick.net *.gstatic.com seal-easttexas.bbb.org *.brightcove.com *.brightcove.net *.eccmp.com *.annies-publishing.com *.zencdn.net *.bing.com code.jquery.com *.shareasale.com *.emjcd.com *.googletagservices.com *.googlesyndication.com *.googletagmanager.com api.annies-publishing.com *.attn.tv *.attentivemobile.com cdn.polyfill.io *.kaptcha.com *.securedvisit.com cdn.jsdelivr.net *.akamaihd.net *.audioeye.com *.clarity.ms mptyxz.annieskitclubs.com *.liadm.com 'self' 'unsafe-inline' 'unsafe-eval'; worker-src blob://* data://*; connect-src *.googleapis.com *.facebook.net *.facebook.com *.typekit.net *.pingdom.net *.pinterest.com *.google.com *.google-analytics.com *.googleadservices.com *.g.doubleclick.net *.gstatic.com seal-easttexas.bbb.org *.brightcove.com *.brightcove.net *.eccmp.com *.annies-publishing.com *.zencdn.net *.bing.com code.jquery.com *.shareasale.com *.emjcd.com *.googletagservices.com *.googlesyndication.com *.googletagmanager.com api.annies-publishing.com *.attn.tv *.attentivemobile.com cdn.polyfill.io *.kaptcha.com *.securedvisit.com cdn.jsdelivr.net *.akamaihd.net *.audioeye.com *.clarity.ms mptyxz.annieskitclubs.com *.liadm.com 'self'; report-uri /ajax/content_policy_violation.php 1 report-uri /csp-report; default-src 'self' https://shop.stpancras.com https://google.co.uk https://www.google.co.uk https://www.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://connect.facebook.net/en_US/fbevents.js https://d10lpsik1i8c69.cloudfront.net/w.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://js.createsend1.com/javascript/copypastesubscribeformlogic.js https://*.hotjar.com maps.googleapis.com; style-src 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://createsend.com https://maps.googleapis.com https://settings.luckyorange.net https://www.facebook.com https://www.google-analytics.com https://analytics.google.com https://*.hotjar.io https://*.google-analytics.com https://*.analytics.google.com wss://ws.hotjar.com https://*.google.co.uk https://*.doubleclick.net; font-src 'self' https://use.typekit.net https://fonts.gstatic.com; frame-src 'self' https://www.youtube.com https://player.vimeo.com https://widget-3bcbfadb1b0e462e809ce25304fd6efd.elfsig.ht https://map.stpancras.com https://*.doubleclick.net; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data: https://www.facebook.com https://www.google-analytics.com https://www.googletagmanager.com www.googletagmanager.com img.fat.dev; manifest-src 'self'; media-src 'self'; worker-src 'self'; upgrade-insecure-requests 1 object-src 'none';base-uri 'self';script-src 'nonce-fPNdbB02-DDeN0_aViVJew' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-iITJIZT_9C9lhoIe4o-hag' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-SLJbK2MbmOlFnGoZEOqBVg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src 'self' https://cdn.jsdelivr.net https://js.stripe.com https://unpkg.com https://www.google-analytics.com 'unsafe-inline'; script-src-attr 'self'; style-src 'self' fonts.googleapis.com https://cdn.jsdelivr.net https://fonts.googleapis.com 'unsafe-inline'; style-src-attr 'self'; frame-ancestors 'self' 1 font-src *.sagepay.com *.bglobale.com *.global-e.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.gstatic.com *.googleapis.com *.google.com *.newrelic.com *.nr-data.net *.arcot.com *.hsforms.net *.hsforms.com *.hubspot.com *.embedsocial.com *.ometria.com *.clarity.ms *.twitter.com *.pinterest.com cdn-ometria-com.s3.eu-west-1.amazonaws.com *.google.co.uk bat.bing.com *.hotjar.io embedsocial.com *.cookiebot.com use.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.sagepay.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.facebook.com *.ipg-online.com *.hsforms.net *.hsforms.com *.hubspot.com *.embedsocial.com *.ometria.com *.clarity.ms *.twitter.com *.pinterest.com cdn-ometria-com.s3.eu-west-1.amazonaws.com *.google.co.uk bat.bing.com *.hotjar.io embedsocial.com *.cookiebot.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.awin1.com *.zenaps.com *.fls.doubleclick.net *.sagepay.com account.fetchify.com *.bglobale.com *.global-e.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.trustpilot.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.googleapis.com *.google.com *.newrelic.com *.facebook.com *.nr-data.net meetanshi.com *.arcot.com *.hsforms.net *.hsforms.com *.hubspot.com *.embedsocial.com *.ometria.com *.clarity.ms *.twitter.com *.pinterest.com cdn-ometria-com.s3.eu-west-1.amazonaws.com *.google.co.uk bat.bing.com *.hotjar.io embedsocial.com *.cookiebot.com www.xtento.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.awin1.com *.zenaps.com https://cdn.clerk.io *.paypal.com *.sagepay.com ebizmarts-website.s3.amazonaws.com *.bglobale.com *.global-e.com *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com meetanshi.com *.arcot.com *.hsforms.net *.hsforms.com *.hubspot.com *.cookiepro.com *.embedsocial.com *.ometria.com *.clarity.ms *.twitter.com *.pinterest.com cdn-ometria-com.s3.eu-west-1.amazonaws.com *.google.co.uk bat.bing.com *.hotjar.io embedsocial.com *.cookiebot.com www.xtento.com cdn.xtento.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com s.pinimg.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com https://api.clerk.io https://cdn.clerk.io *.sagepay.com *.bglobale.com *.global-e.com js.klevu.com *.ksearchnet.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.trustpilot.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com unpkg.com *.googleapis.com *.google.com *.newrelic.com *.nr-data.net *.hotjar.com *.cookiepro.com *.doubleclick.net *.facebook.com *.facebook.net *.onetrust.com *.hsforms.net *.hsforms.com *.arcot.com *.hubspot.com *.embedsocial.com *.ometria.com *.clarity.ms *.twitter.com *.pinterest.com cdn-ometria-com.s3.eu-west-1.amazonaws.com *.google.co.uk bat.bing.com *.hotjar.io embedsocial.com *.cookiebot.com www.xtento.com cdn.xtento.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://api.clerk.io https://cdn.clerk.io *.sagepay.com cc-cdn.com *.bglobale.com *.global-e.com *.klevu.com *.ksearchnet.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.trustpilot.com tagmanager.google.com *.facebook.com *.ipg-online.com *.arcot.com *.hsforms.net *.hsforms.com *.hubspot.com *.embedsocial.com *.ometria.com *.clarity.ms *.twitter.com *.pinterest.com cdn-ometria-com.s3.eu-west-1.amazonaws.com *.google.co.uk bat.bing.com *.hotjar.io embedsocial.com *.cookiebot.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com fonts.googleapis.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com https://the.sciencebehindecommerce.com *.paypal.com *.sagepay.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.googleapis.com *.newrelic.com *.nr-data.net *.hotjar.com *.cookiepro.com *.doubleclick.net *.facebook.com *.facebook.net *.hsforms.net *.unpkg.com *.hscollectedforms.net *.arcot.com *.hsforms.com *.hubspot.com *.embedsocial.com *.ometria.com *.clarity.ms *.twitter.com *.pinterest.com cdn-ometria-com.s3.eu-west-1.amazonaws.com *.google.co.uk bat.bing.com *.hotjar.io embedsocial.com *.cookiebot.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src https://www.gstatic.com data: https://fonts.gstatic.com *.gstatic.com *.fontawesome.com 'self' data: data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com www.xtento.com https://*.google.com *.google.com *.google.com.ua *.google.co.uk https://player.vimeo.com https://www.youtube-nocookie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * checkout.sezzle.com sandbox.checkout.sezzle.com checkout.eu.sezzle.com sandbox.checkout.eu.sezzle.com tracking.sezzle.com tracking.eu.sezzle.com *.weltpixel.com *.freshchat.com https://d2ctti3psvmpb4.cloudfront.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://*.gstatic.com *.googleapis.com store.paradoxlabs.com www.xtento.com cdn.xtento.com blueskytechmage.com mageblueskytech.com placehold.jp ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://*.google.com https://*.googleapis.com https://*.googleusercontent.com *.google.com *.google.com.ua *.google.co.uk *.gstatic.com *.doubleclick.net blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com media.sezzle.com stats.g.doubleclick.net *.listrakbi.com *.videoly.co *.brandlock.io data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.xtento.com cdn.xtento.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com s7.addthis.com *.google.com *.google.com.ua *.google.co.uk *.gstatic.com *.googletagmanager.com *.doubleclick.net https://player.vimeo.com https://www.youtube.com *.authorize.net assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com checkout-sdk.sezzle.com sandbox.checkout-sdk.sezzle.com checkout-sdk.eu.sezzle.com sandbox.checkout-sdk.eu.sezzle.com widget.sezzle.com widget.eu.sezzle.com widget.sezzle.in *.clikdata.com *.freshchat.com *.listrakbi.com *.videoly.co d2ctti3psvmpb4.cloudfront.net https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com https://fonts.googleapis.com *.googleapis.com *.googletagmanager.com *.fontawesome.com http://fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.freshchat.com *.listrakbi.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com ekr.zdassets.com/ *.google-analytics.com *.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.gstatic.com use.typekit.net *.fontawesome.com https://cdnjs.cloudflare.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.facebook.com 3dsecure.nexi.it *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.nexigroup.com *.redsys.es *.sia.eu *.vinea.es *.ing.ro *.landbank.com *.eewosecure.com *.sibs.ro *.mercurypaymentservices.it *.netsgroup.com *.cic.fr *.creditmutuel.fr *.modirum.com *.secure.lcl.fr *.arcot.com www.securesuite.co.uk *.wlp-acs.com *.otpbank.hu *.3ds-hanseaticbank.de *.abanca.com *.securesuite.co.uk *.revolut.com *.apata.io *.ing.com *.psa.at *.stripeauthentications.com www.secure22gw.ro *.secure22gw.ro *.winbank.gr *.piraeusbank.gr www.rsa3dsauth.co.uk *.n26.com *.egcp.com *.cardcomplete.com *.sibs.pt *.swedbank.se *.3dsecure.no *.citibank.pl 3dsecure-vrp.de *.3dsecure-vrp.de *.consorsfinanz.de *.emlpayments.com *.bnpparibas.pl *.pluscard.de *.sgb.pl *.cm-cic.com *.edb.com *.cyris.com *.garantibank.ro *.kombank.com:8449 *.pkobp.pl *.sebkort.com *.enfuce.com:* *.cardcenter.ch *.bankmillennium.pl *.nbg.gr *.easybank.at *.bpcprocessing.com *.capitalone.com *.kbcard.com *.sparebank1.no *.viseca.ch *.luottokunta.fi *.csi-processing.com *.cld.asseco-see.hr *.bankid.no *.ibotta.com *.marqeta.com *.raiffeisen.hu *.fisglobal.com *.3debspay.boc.cn *.btrl.ro *.sparkassen-kreditkarten.de *.firstdata.de *.bonuscard.ch *.cornercard.ch *.dkb.de *.sparkasse.at *.uobgroup.com *.bkm.com.tr *.garanti.com.tr *.acb.com.vn:* *.borica.bg *.hdbank.com.vn:* *.kredobank.com.ua *.mbank.pl *.s-id-check-sparkassen.de *.six-group.com *.sbanken.no *.credit-agricole.pl *.samsungcard.com *.mycardplace.com *.otpbanka.hr *.apac.citibank.com *.monzo.com *.alinma.com *.rsa3dsauth.com rsa3dsauth.com easyabc.95599.cn *.easyabc.95599.cn *.bov.com *.ipc.kg *.oschadbank.ua *.qnb.com *.seglan.com *.placetopay.com *.postfinance.ch *.leobank.az *.maybank.com.sg *.raiffeisenbank.rs *.tatrabanka.sk *.ocbc.com *.cupdapp.cn *.fssnet.co.in *.gc.ge *.luminorgroup.com *.swisscard.ch *.targobank.de *.bankofafrica.ma *.rba.hr *.privatbank.ua *.3dsecure-csas.cz *.smartsecure.tsys.co.uk *.ccb.com.cn *.2c2p.com *.bci.cl *.commerzbank.de mycardsecure.com *.mycardsecure.com *.citadele.lv *.creditcard.ecitic.com *.monext.fr *.pekao24.pl *.nonghyup.com *.acs.cmbchina.com *.comdirect.de *.mutuauniversal.net *.centrum24.pl *.acdcproc.com *.akbank.com.tr *.paylife.at *.hanacard.co.kr:* *.ufc.ge *.gpesecure.com *.cafis-paynet.jp *.lloydsbankinggroup.com *.mitid.dk *.nccc.com.tw *.cebbank.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.sharethis.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.gigya.com pay.google.com consentcdn.cookiebot.com www.youtube.com vimeo.com *.facebook.com https://www.yumpu.com/ *.snapchat.com *.doubleclick.de *.doubleclick.ne *.doubleclick.net *.sc-static.net sc-static.net *.container.webgains.link 3dsecure.nexi.it *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.recaptcha.net *.google.com *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.nexigroup.com *.redsys.es *.sia.eu *.vinea.es *.ing.ro *.landbank.com *.eewosecure.com *.sibs.ro *.mercurypaymentservices.it *.netsgroup.com *.cic.fr *.creditmutuel.fr *.modirum.com *.secure.lcl.fr *.arcot.com www.securesuite.co.uk *.wlp-acs.com *.otpbank.hu *.3ds-hanseaticbank.de *.abanca.com *.securesuite.co.uk *.revolut.com *.apata.io *.ing.com *.psa.at *.stripeauthentications.com www.secure22gw.ro *.secure22gw.ro *.winbank.gr *.piraeusbank.gr www.rsa3dsauth.co.uk *.n26.com *.egcp.com *.cardcomplete.com *.sibs.pt *.swedbank.se *.3dsecure.no *.citibank.pl 3dsecure-vrp.de *.3dsecure-vrp.de *.consorsfinanz.de *.emlpayments.com *.bnpparibas.pl *.pluscard.de *.sgb.pl *.cm-cic.com *.edb.com *.cyris.com *.garantibank.ro *.kombank.com:8449 *.pkobp.pl *.sebkort.com *.enfuce.com:* *.cardcenter.ch *.bankmillennium.pl *.nbg.gr *.easybank.at *.bpcprocessing.com *.capitalone.com *.kbcard.com *.sparebank1.no *.viseca.ch *.luottokunta.fi *.csi-processing.com *.cld.asseco-see.hr *.bankid.no *.ibotta.com *.cardinalcommerce.com *.marqeta.com *.raiffeisen.hu *.fisglobal.com *.3debspay.boc.cn *.btrl.ro *.sparkassen-kreditkarten.de *.firstdata.de *.bonuscard.ch *.cornercard.ch *.dkb.de *.sparkasse.at *.uobgroup.com *.bkm.com.tr *.garanti.com.tr *.acb.com.vn:* *.borica.bg *.hdbank.com.vn:* *.kredobank.com.ua *.mbank.pl *.s-id-check-sparkassen.de *.six-group.com *.sbanken.no *.credit-agricole.pl *.samsungcard.com *.mycardplace.com *.otpbanka.hr *.apac.citibank.com *.monzo.com *.alinma.com *.rsa3dsauth.com rsa3dsauth.com easyabc.95599.cn *.easyabc.95599.cn *.bov.com *.ipc.kg *.oschadbank.ua *.qnb.com *.seglan.com *.placetopay.com *.postfinance.ch *.leobank.az *.maybank.com.sg *.raiffeisenbank.rs *.tatrabanka.sk *.ocbc.com *.cupdapp.cn *.fssnet.co.in *.gc.ge *.luminorgroup.com *.swisscard.ch *.targobank.de *.bankofafrica.ma *.rba.hr *.privatbank.ua *.3dsecure-csas.cz *.smartsecure.tsys.co.uk *.ccb.com.cn *.2c2p.com *.bci.cl *.commerzbank.de mycardsecure.com *.mycardsecure.com *.citadele.lv *.creditcard.ecitic.com *.monext.fr *.pekao24.pl *.nonghyup.com *.acs.cmbchina.com *.comdirect.de *.mutuauniversal.net *.centrum24.pl *.acdcproc.com *.akbank.com.tr *.paylife.at *.hanacard.co.kr:* *.ufc.ge *.gpesecure.com *.cafis-paynet.jp *.lloydsbankinggroup.com *.mitid.dk *.nccc.com.tw *.cebbank.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net commerce.adobe.io widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com *.sharethis.com *.gigya.com 'self' data: 'unsafe-inline' data: *.magentosite.cloud panini.it *.googleapis.com *.gstatic.com bam.nr-data.net www.panini.it www.paninibelgium.com www.panini.co.il www.panini.es www.panini.co.uk www.panini.fr www.panini.ch www.panininederland.com www.paninihungary.com www.panini.pl www.paniniportugal.com www.paninistore.com www.panini.ro www.panini.com.gr www.panini.de collectibles.paniniamerica.net www.paninisuomi.com www.paninisverige.com www.paninidanmark.com www.panininorge.com *.bing.com ib.adnxs.com *.facebook.com *.tiktok.com *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.cookiebot.com *.doubleclick.net *.google.com *.google.it *.google.fr *.google.es *.google.be *.twitter.com *.store-cdc-us-collectibles.collectibles.paniniamerica.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.sharethis.com jquery.sellxed.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.gigya.com https://cdnjs.cloudflare.com *.panini.it *.facebook.net *.googleapis.com js-agent.newrelic.com bam.eu01.nr-data.net bam.nr-data.net consent.cookiebot.com consentcdn.cookiebot.com *.clarity.ms cdn.noibu.com wss://*.noibu.com https://*.noibu.com *.queue-it.net *.bing.com *.sc-static.net sc-static.net *.adnxs.com *.acdn.adnxs.com acdn.adnxs.com https://players.yumpu.com *.snapchat.com *.facebook.com *.connect.facebook.net connect.facebook.net *.ads-twitter.com *.google.com *.google.it *.recaptcha.net *.tiktok.com analytics.webgains.io *.webgains.link *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.collectibles.paniniamerica.net *.paniniamerica.net *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.cardinalcommerce.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.sharethis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com 'unsafe-inline' data: *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com js-agent.newrelic.com *.panini.it *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.collectibles.paniniamerica.net *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net qa-api.magedevteam.com *.adyen.com *.sharethis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.panini.it *.gigya.com *.pnn.webformat.cloud *.googleapis.com consentcdn.cookiebot.com consent.cookiebot.com *.facebook.com google.com/pay pay.google.com wss://*.noibu.com https://*.noibu.com bam.nr-data.net paninitutor-be-stage.nw.r.appspot.com paninitutor-be-prod.nw.r.appspot.com clarity.ms *.clarity.ms paniniadrenalyn.com *.paniniadrenalyn.com paninitutor-be-stage.appspot.com paninitutor-be-prod.appspot.com *.snapchat.com *.google.com *.google.it *.doubleclick.net *.pagead2.googlesyndication.com *.tiktok.com *.webgains.io *.paninibelgium.com *.panini.co.il *.panini.es *.panini.co.uk *.panini.fr *.panini.ch *.panininederland.com *.paninihungary.com *.panini.pl *.paniniportugal.com *.paninistore.com *.panini.ro *.panini.com.gr *.panini.de *.paninisuomi.com *.paninisverige.com *.paninidanmark.com *.panininorge.com *.paniniamerica.net *.bing.com *.google.fr *.google.es *.google.be *.googlesyndication.com *.store-cdc-us-collectibles.collectibles.paniniamerica.net *.cardinalcommerce.com t.elasticsuite.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src wss://*.noibu.com https://*.noibu.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';report-uri https://www.panini.co.uk/shp_gbr_en/webformat_csptools/report/; 1 font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com https://static.hotjar.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://seo.mageplaza.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://www.facebook.com/tr/ *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://asistenciawebv2.grupokonecta.co https://api.retargetly.com https://cookieless-campaign.prd-00.retargetly.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.gstatic.com *.googleapis.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://asistenciawebv2.grupokonecta.co https://bucket-poa-images-prod.s3.amazonaws.com https://static.hotjar.com https://alpina.com https://mcprod.alpina.com https://patleeman.github.io http://patricklee.nyc https://www.google.com.co https://www.pages02.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://developer.adobe.com https://magento.com https://asistenciawebv2.grupokonecta.co https://poa.cognitivegrupokonectacloud.com:7072/assets/Bridge.js https://code.jquery.com/ https://asistenciawebv2-dev.grupokonecta.co:5005/CustomerAlpina/EbChatAlpina/js/iframe-poa.js https://asistenciawebv2-dev.grupokonecta.co:5005/CustomerAlpina/EbClickToCallAlpina/js/iframe-poa.js https://static.hotjar.com https://js-agent.newrelic.com https://www.sc.pages02.net https://asistenciawebv2.grupokonecta.co:8443/EbChatAlpina/js/iframe-poa.min.js https://connect.facebook.net https://static.ads-twitter.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://static.hotjar.com https://asistenciawebv2-dev.grupokonecta.co:5005/CustomerAlpina/EbChatAlpina/css/iframe-poa.css https://asistenciawebv2-dev.grupokonecta.co:5005/CustomerAlpina/EbClickToCallAlpina/css/iframe-poa.css https://asistenciawebv2.grupokonecta.co https://asistenciawebv2.grupokonecta.co:8443/EbChatAlpina/css/iframe-poa.min.css https://asistenciawebv2.grupokonecta.co:8443/EbClickToCallAlpina/css/iframe-poa.min.css unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.googleapis.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://developer.adobe.com http://stats.g.doubleclick.net http://www.google-analytics.com/ https://poa.cognitivegrupokonectacloud.com:7072 https://json.geoiplookup.io https://static.hotjar.com https://api.ipify.org https://bam.nr-data.net https://edge.adobedc.net https://pdp-service.retargetly.com https://analytics.google.com wss://ws.hotjar.com https://analytics.tiktok.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://static.hotjar.com https://static.hotjar.io wss://*.hotjar.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-AvRp7jr2VXu8N4GC8q82fw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' wss: *.gravatar.com *.civicplus.com *.civicplus.pro *.civic.place *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.publicstuff.com *.googletagmanager.com *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com connect.facebook.net static.addtoany.com https://widgets.nrel.gov *.openstreetmap.org cdn-images.mailchimp.com platform.twitter.com blob:; object-src 'self' 'unsafe-inline' 'unsafe-eval' translate.googleapis.com iframe.publicstuff.com; style-src 'self' 'unsafe-inline' iframe.publicstuff.com *.civicplus.com *.civicplus.pro *.civicclerk.com *.civic.place engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com *.ctctcdn.com cdn-images.mailchimp.com data: *.typekit.net; img-src 'self' 'unsafe-inline' iframe.publicstuff.com *.civicplus.com *.civicplus.pro *.civicclerk.com *.civic.place engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com www.facebook.com https://widgets.nrel.gov www.facebook.com *.openstreetmap.org cdn-images.mailchimp.com i.ytimg.com data:; media-src 'self' translate.googleapis.com iframe.publicstuff.com data:; frame-src 'self' 'unsafe-inline' iframe.publicstuff.com *.youtube.com *.airtable.com *.swagit.com *.google.com *.civicplus.com *.novusagenda.com *.publicstuff.com *.audioeye.com acg.is *.maps.arcgis.com https://www.google.com/maps/embed *.googletagmanager.com https://www.youtube.com/embed https://www.youtube-nocookie.com/embed static.addtoany.com www.facebook.com m.facebook.com my.matterport.com ltfl.librarything.com player.vimeo.com *.granicus.com data:; frame-ancestors 'self' *.civicplus.com *.civicplus.pro *.civic.place *.civicclerk.com; child-src 'self' 'unsafe-inline' iframe.publicstuff.com *.youtube.com *.airtable.com *.swagit.com *.google.com *.civicplus.com *.novusagenda.com *.publicstuff.com *.audioeye.com acg.is *.maps.arcgis.com https://www.google.com/maps/embed *.googletagmanager.com https://www.youtube.com/embed https://www.youtube-nocookie.com/embed static.addtoany.com www.facebook.com m.facebook.com my.matterport.com ltfl.librarything.com player.vimeo.com *.granicus.com data:; font-src 'self' 'unsafe-inline' 'unsafe-eval' *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com user.govoutreach.com syndication.twitter.com data: *.typekit.net; connect-src 'self' 'unsafe-inline' iframe.publicstuff.com *.civicplus.com *.civicplus.pro *.civic.place *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdnjs.cloudflare.com static.cloudflareinsights.com stats.g.doubleclick.net; report-uri /report-csp-violation 1 default-src 'self'; font-src 'self' *.typekit.net *.gstatic.com https://widget.whisbi.com https://maxcdn.bootstrapcdn.com data:; script-src 'self' *.typekit.net *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.google-analytics.com *.googleadservices.com *.facebook.net *.ads-twitter.com https://wurfl.io https://config1.veinteractive.com https://static.whisbi.com https://px.veinteractive.com https://api.ipify.org https://library.whisbi.com https://code.jquery.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com widget.whisbi.com https://nebula-cdn.kampyle.com https://www.irishlife.ie https://script.crazyegg.com https://secure.quantserve.com https://snap.licdn.com https://bat.bing.com https://asset.gomoxie.solutions https://screencapture.kampyle.com https://screencaptue-cdn.kampyle.com https://cdn.cookielaw.org/scripttemplates/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://rules.quantcount.com/rules-p-YVPTYyQxqBHy-.js https://analytics.twitter.com/i/ https://cdn.cookielaw.org/consent/f16f9427-5e76-4da0-81ad-7617fbf6cdf4/OtAutoBlock.js https://cdn.cookielaw.org/ https://bat.bing.com/ https://cdn.cookielaw.org/ https://cdnjs.cloudflare.com/ https://googleads.g.doubleclick.net/ https://platform.twitter.com/ https://player.vimeo.com/ https://rules.quantcount.com/ https://script.crazyegg.com/ https://secure.quantserve.com/ https://static.ads-twitter.com/ https://www.google-analytics.com/ https://www.pagespeed-mod.com/ https://www.permanenttsb.ie/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.typekit.net https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://widget.whisbi.com https://www.irishlife.ie https://script.crazyegg.com *.gomoxie.solutions https://config1.veinteractive.com/scripts/ https://cdn.honey.io/ https://md-scp.kampyle.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ 'unsafe-inline'; frame-src 'self' *.googletagmanager.com *.google.com *.vimeo.com *.fls.doubleclick.net https://www.irishlife.ie https://config1.veinteractive.com https://script.crazyegg.com *.fls.doubleclick.net https://nebula-cdn.kampyle.com *.gomoxie.solutions https://permanenttsb.ehosts.net https://pay.realexpayments.com/ https://block.opendns.com/ https://filter.techloq.com/ https://gateway.zscalerthree.net/ https://gateway.zscalertwo.net/ https://td.doubleclick.net/ https://www.youtube.com/ https://zscaler-blockpage.endress.com/ https://zswpmanager.wip.mmc.com/;img-src 'self' *.google.ie *.typekit.net *.google-analytics.com *.gstatic.com *.googleapis.com *.google.com *.fls.doubleclick.net https://stats.g.doubleclick.net https://udc-neb.kampyle.com data: about: https://a.volvelle.tech https://x.bidswitch.net https://cookiee1.veinteractive.com https://www.irishlife.ie https://nebula-cdn.kampyle.com https://moxie-concierge.s3.amazonaws.com https://asset.gomoxie.solutions https://bat.bing.com/action/ https://t.co/i/ https://www.google.co.uk/pagead/ https://pixel.quantserve.com/ https://px.ads.linkedin.com/ https://www.facebook.com/tr/ https://p.adsymptotic.com/d/px/ https://www.linkedin.com/px/ https://www.google.co.uk/ads/ https://cdn.cookielaw.org/logos/ https://ad.doubleclick.net/ddm/ https://www.googletagmanager.com/ https://px4.ads.linkedin.com/ https://analytics.twitter.com/ https://ad.doubleclick.net/https://analytics.twitter.com/ https://i.vimeocdn.com/ https://i.ytimg.com/ https://lh3.ggpht.com/ https://pixel.quantserve.com/ https://prreqcroab.icu/ https://t.co/ https://udc-neb.kampyle.com/ https://www.google.ae/ https://www.google.at/ https://www.google.be/ https://www.google.ca/ https://www.google.ch/ https://www.google.co.il/ https://www.google.co.in/ https://www.google.co.nz/ https://www.google.co.th/ https://www.google.co.uk/ https://www.google.com/ https://www.google.com.ar/ https://www.google.com.au/ https://www.google.com.br/ https://www.google.com.co/ https://www.google.com.gi/ https://www.google.com.kh/ https://www.google.com.ng/ https://www.google.com.pe/https://www.google.com.sa/ https://www.google.cz/ https://www.google.de/ https://www.google.ee/ https://www.google.es/ https://www.google.fr/ https://www.google.gr/ https://www.google.hu/ https://www.google.im/ https://www.google.it/ https://www.google.lu/ https://www.google.nl/ https://www.google.pl/ https://www.google.pt/ https://www.google.ro/ https://www.permanenttsb.ie/ https://ad.doubleclick.net/;connect-src 'self' *.typekit.net *.google-analytics.com https://www.google.co.uk/ads/ https://bats.bing.com https://analytics.google.com/ https://privacyportal-de.onetrust.com https://cookiee1.veinteractive.com https://api.whisbi.com https://sessionapi.veinteractive.com https://dtrc.veinteractive.com https://apps.irishlife.ie https://script.crazyegg.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com *.gomoxie.solutions https://asset.gomoxie.solutions https://cdn.cookielaw.org/consent/ https://cdn.cookielaw.org/scripttemplates/ https://panel-settings-cdn-e1.ve.com/panelsettings/live/ https://stats.g.doubleclick.net/ https://panel-settings-cdn-e1.ve.com https://tracking.crazyegg.com/ https://pagestates-tracking.crazyegg.com/healthcheck https://assets-tracking.crazyegg.com/healthcheck https://fontawesome.com/ https://cookies-data.onetrust.io/bannersdk/ https://panel-settings-cdn-e1.veinteractive.com/da20settings/live/ https://region1.analytics.google.com/g/ https://drs2.veinteractive.com/ https://bat.bing.com/actionp/ https://adservice.google.com/ https://api.blocksly.org/ https://api.datacloudstat.com/ https://api.solarspireconsulting.com/ https://maps.googleapis.com/ https://pixel.quantcount.com/ https://stats.g.doubleclick.net/ https://translate.googleapis.com/ https://wurfl.io/ https://www.google.ie/ https://cdn.cookielaw.org/ ;worker-src 'self' blob:;object-src 'self' blob:; report-uri /api/contentSecurityPolicy/log 1 font-src https://cdn.checkout.com use.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.google.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com cdn.lightwidget.com lightwidget.com cdn.beautyamora.com cdn.beautyamora.com.au cdn.beautyamora.co.uk data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com *.twitter.com *.google.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com cdn.lightwidget.com lightwidget.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com https://js.checkout.com *.klarna.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com *.twitter.com *.google.com maps.googleapis.com scontent.cdninstagram.com cdn.lightwidget.com lightwidget.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.google.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com cdn.lightwidget.com lightwidget.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com cdn.beautyamora.com cdn.beautyamora.com.au g-image.beautyamora.com cdn.beautyamora.co.uk *.google.com.hk *.pinterest.com c.clarity.ms c.bing.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com https://cdn.checkout.com *.klarnacdn.net yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com cdn.lightwidget.com lightwidget.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com cdn.beautyamora.com cdn.beautyamora.com.au cdn.beautyamora.co.uk *.helpscout.net *.g.doubleclick.net *.pinimg.com *.pinterest.com *.clarity.ms 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://cdn.checkout.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com cdn.lightwidget.com lightwidget.com unsafe-inline cdn.beautyamora.com cdn.beautyamora.com.au cdn.beautyamora.co.uk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://js.checkout.com *.klarnaevt.com yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com cdn.lightwidget.com lightwidget.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com cdn.beautyamora.com cdn.beautyamora.com.au cdn.beautyamora.co.uk *.g.doubleclick.net *.clarity.ms 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-DSz_YEZKW8yQQExpAMYdyg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-ZgNwXxpZPuFtjirk6kVKfA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 upgrade-insecure-requests;default-src 'self';script-src 'self' 'unsafe-inline' https://file-cdn.mercyforanimals.org https://file-stg.mercyforanimals.org https://mfa.cachefly.net https://mfacdn.cachefly.net https://common.mercyforanimals.org https://act.mercyforanimals.org https://act.escolhaveg.com.br https://assets.gospringboard.io https://doublethedonation.com https://tgbwidget.com https://js.dev.shift4.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://www.google.com https://www.gstatic.com https://code.jquery.com https://ajax.googleapis.com https://platform-api.sharethis.com https://buttons-config.sharethis.com https://kit.fontawesome.com https://use.fontawesome.com https://player.vimeo.com https://www.youtube.com https://www.youtube-nocookie.com https://youtube.com https://youtube-nocookie.com https://platform.twitter.com https://www.instagram.com https://public.tableau.com https://connect.facebook.net https://go.mercyforanimals.org https://pi.pardot.com https://googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://www.googleoptimize.com https://bat.bing.com https://snap.licdn.com https://cdn.optimizely.com https://static.hotjar.com https://script.hotjar.com https://static.ads-twitter.com;style-src 'self' 'unsafe-inline' https://*.mercyforanimals.org https://mfa.cachefly.net https://cdnjs.cloudflare.com https://*.typekit.net https://cdn.jsdelivr.net https://fonts.cdnfonts.com https://hello.myfonts.net https://maxcdn.bootstrapcdn.com https://cloud.typography.com https://fonts.googleapis.com https://*.fontawesome.com https://db.onlinewebfonts.com https://googletagmanager.com https://tagmanager.google.com https://static.hotjar.com https://script.hotjar.com;font-src 'self' data: https://fonts.gstatic.com https://*.typekit.net https://cdnjs.cloudflare.com https://fonts.cdnfonts.com https://wpit.cachefly.net https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://*.fontawesome.com https://db.onlinewebfonts.com https://script.hotjar.com;img-src 'self' data: https://doublethedonation.com https://*.mercyforanimals.org https://mercyforanimals.org https://mercyforanimals.org.br https://mfa.cachefly.net https://mfacdn.cachefly.net https://wpit.cachefly.net https://*.wpengine.com https://storage.googleapis.com https://cdn.shopify.com https://*.ytimg.com https://*.ggpht.com https://*.fbcdn.net https://*.cdninstagram.com https://*.pinimg.com https://*.youtube.com https://images1-focus-opensocial.googleusercontent.com https://platform-cdn.sharethis.com https://*.vimeocdn.com https://public.tableau.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.ca https://*.google.com.br https://*.google.co.in https://*.google.com.mx https://googleads.g.doubleclick.net https://www.google.com https://google.com https://www.google-analytics.com https://www.google.com.br https://www.googletagmanager.com https://www.facebook.com https://bat.bing.com https://*.ads.linkedin.com https://cdn.linkedin.oribi.io https://p.adsymptotic.com https://gw.linkedin.oribi.io https://dc.ads.linkedin.com https://sjs.bizographics.com https://www.linkedin.com https://static.hotjar.com https://script.hotjar.com https://survey-images.hotjar.com https://analytics.twitter.com https://ads-twitter.com https://ads-api.twitter.com https://t.co https://rms.gospringboard.io;frame-ancestors 'self';connect-src 'self' https://*.fontawesome.com https://vimeo.com https://store.mercyforanimals.org https://file-cdn.mercyforanimals.org https://file-stg.mercyforanimals.org https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ca https://*.google.com.br https://*.google.co.in https://*.google.com.mx https://www.google-analytics.com https://stats.g.doubleclick.net https://analytics.google.com https://www.google.com https://www.google.com.br https://www.facebook.com https://bat.bing.com https://*.ads.linkedin.com https://p.adsymptotic.com https://gw.linkedin.oribi.io https://dc.ads.linkedin.com https://sjs.bizographics.com https://*.hotjar.com https://*.hotjar.io wss://ws.hotjar.com https://analytics.twitter.com https://ads-twitter.com https://ads-api.twitter.com;object-src 'self';media-src 'self' https://*.mercyforanimals.org https://mfa.cachefly.net;manifest-src 'self';worker-src 'self';base-uri 'self';frame-src https://tgbwidget.com https://act.chooseveg.com https://go.mercyforanimals.org https://mymfa.mercyforanimals.org https://give.mercyforanimals.org https://player.vimeo.com https://www.youtube.com https://www.youtube-nocookie.com https://youtube.com https://youtube-nocookie.com https://platform.twitter.com https://www.instagram.com https://public.tableau.com https://bid.g.doubleclick.net https://td.doubleclick.net https://www.facebook.com;report-uri https://us-central1-telemetry-417013.cloudfunctions.net/csp-report;report-to csp-endpoint 1 font-src https://fonts.gstatic.com maxcdn.bootstrapcdn.com *.bootstrapcdn.com *.googleapis.com *.gstatic.com data: *.cloudfront.net *.olark.com *.formstack.com *.cloudflare.com *.klaviyo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.facebook.com *.formstack.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.affirm.com *.affirm.ca www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com platform.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.proworldinc.com *.formstack.com *.trustpilot.com *.gstatic.com *.google.com *.doubleclick.net *.olark.com *.google.co.in *.criteo.com *.criteo.net *.inksoft.com *.attn.tv *.hotjar.com ct.pinterest.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net https://sync-tm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.affirm.com *.affirm.ca https://helloextend-static-assets.s3.amazonaws.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ pinterest.com assets.pinterest.com syndication.twitter.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.contextweb.com/ *.fwmrm.net *.sitescout.com *.adfarm1.adition.com *.adgrx.com *.adform.net *.shareasale.com https://public-prod-dspcookiematching.dmxleo.com/ https://hb.yahoo.net/ *.omappapi.com *.shopperapproved.com *.gstatic.com *.cloudfront.net *.google.com *.google.co.in *.bing.com *.olark.com *.doubleclick.net *.attentivemobile.com *.klaviyo.com www.gravatar.com *.helpdocs.io *.clmbtech.com *.media.net *.teads.tv *.tapad.com *.outbrain.com *.postrelease.com *.yahoo.com *.criteo.com *.advertising.com *.yieldmo.com *.sharethrough.com *.addthis.com *.taboola.com *.360yield.com *.smartadserver.com *.aralego.com *.rubiconproject.com *.bidswitch.net *.liadm.com *.demdex.net *.agkn.com *.aralego.net *.krxd.net *.bluekai.com *.turn.com *.amgdgt.com *.ytimg.com *.inksoft.com ct.pinterest.com *.attn.tv *.simpli.fi *.pubmatic.com *.adnxs.com *.casalemedia.com *.3lift.com *.socdm.com *.dable.io *.adingo.jp *.rlcdn.com *.mediavine.com *.smaato.net *.formstack.com *.stickyadstv.com *.amazonaws.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.affirm.com *.affirm.ca https://*.helloextend.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://cdn.polyfill.io https://browser.sentry-cdn.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ twitter.com platform.twitter.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.trustpilot.com *.shopperapproved.com *.google.com *.googleapis.com *.gstatic.com *.cloudfront.net *.doubleclick.net *.bing.com *.criteo.net *.attn.tv *.olark.com *.opmnstr.com *.attentivemobile.com *.formstack.com *.omappapi.com *.criteo.com *.inksoft.com s.pinimg.com *.hotjar.com *.klaviyo.com *.dwin1.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com https://static.klaviyo.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.bootstrapcdn.com *.googleapis.com *.cloudfront.net *.olark.com *.formstack.com *.klaviyo.com *.omappapi.com *.cloudflare.com *.gstatic.com *.shopperapproved.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.olark.com *.attentivemobile.com *.cloudfront.net 'self' 'unsafe-inline'; manifest-src *.cloudfront.net 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.affirm.com *.affirm.ca https://*.helloextend.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.ingest.sentry.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.hotjar.io *.hotjar.com https://vc.hotjar.io/ https://measurement-api.criteo.com/ https://metrics.hotjar.io/ *.klaviyo.com *.rollbar.com *.cloudfront.net *.olark.com *.omappapi.com *.attentivemobile.com *.doubleclick.net *.getsidecar.com ct.pinterest.com *.attn.tv *.googleapis.com *.google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.omappapi.com *.formstack.com *.hotjar.com *.1rx.io 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self'; script-src 'self' https://*.cloudflare.com https://*.googletagmanager.com https://*.hscollectedforms.net https://*.hsleadflows.net https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.intercom.io https://*.intercomcdn.com; style-src 'self'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; img-src 'self' data:; connect-src 'self' wss://*.intercom.io https://*.intercom.io; 1 object-src 'none';base-uri 'self';script-src 'nonce-R5wY9OSjyci6yJmyKILFMg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; font-src https: data:; img-src https: data: about: ; connect-src https: wss: 'self'; worker-src https: blob: 'self'; 1 object-src 'none';base-uri 'self';script-src 'nonce-HkHsWd4i41WIrm84WjyRig' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-wLeVpr11CUAEIK5RU1knCg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-Vr7c3sQBZpMpGSB-88STrw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-zP7LrHwEGN5JV9jRgqiDWg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src-elem 'self' https://maps.googleapis.com/maps/api/js https://www.googletagmanager.com https://vimeo.com https://player.vimeo.com https://f.vimeocdn.com https://www.youtube.com https://*.google-analytics.com https://assets.doetsreizen.nl 'nonce-i5reRARKUJiOKECafupyPQ=='; base-uri 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.doetsreizen.nl; default-src 'self' https://player.vimeo.com; form-action 'self'; script-src 'self' https://cms.doetsreizen.nl/ https://thumbnails.doetsreizen.nl https://www.google.com/maps/embed https://www.googletagmanager.com https://www.googleadservices.com https://*.hotjar.com https://*.google-analytics.com https://connect.facebook.net https://assets.doetsreizen.nl 'nonce-i5reRARKUJiOKECafupyPQ=='; font-src 'self' https://*.hotjar.com https://fonts.gstatic.com https://fonts.googleapis.com https://assets.doetsreizen.nl; manifest-src 'self'; connect-src 'self' https://sentry.io https://cms.doetsreizen.nl/ https://thumbnails.doetsreizen.nl https://*.hotjar.com:* wss://*.hotjar.com https://vc.hotjar.io:* https://*.google-analytics.com https://stats.g.doubleclick.net https://maps.googleapis.com https://www.facebook.com https://connect.facebook.net; img-src 'self' data: https://i.vimeocdn.com https://*.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.nl https://maps.gstatic.com https://maps.googleapis.com https://www.facebook.com https://thumbnails.doetsreizen.nl https://assets.doetsreizen.nl; frame-src 'self' https://player.vimeo.com https://*.hotjar.com https://www.facebook.com https://connect.facebook.net 1 font-src fonts.gstatic.com fonts.googleapis.com cdn.jsdelivr.net *.almapay.com localhost *.louispion.fr *.evermaps.io *.octipas.net https://cdnjs.cloudflare.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com localhost *.louispion.fr *.evermaps.io *.nosto.com *.nos.to *.octipas.net *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.doubleclick.net *.facebook.com *.criteo.com *.leadplace.fr *.pinterest.com *.vimeo.com localhost *.louispion.fr *.evermaps.io *.nosto.com *.nos.to *.octipas.net https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com *.cookielaw.org *.stickyadstv.com *.bing.com *.facebook.com *.teads.tv *.rubiconproject.com *.dmxleo.com *.liadm.com *.outbrain.com *.taboola.com *.smartadserver.com *.3lift.com *.360yield.com *.pubmatic.com *.casalemedia.com *.media.net *.adform.net *.omnitagjs.com *.sharethrough.com *.ivitrack.com *.mediavine.com *.smaato.net *.doubleclick.net *.yahoo.com *.emxdgt.com *.tremorhub.com *.adnxs.com *.analytics.yahoo.com *.bidswitch.net *.criteo.com *.thebrighttag.com *.krxd.net *.yieldmo.com id5-sync.com *.yieldlab.net *.pinterest.com localhost *.louispion.fr *.evermaps.io *.nosto.com *.nos.to *.octipas.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.google.fr https://api.mapbox.com *.tile.openstreetmap.org https://maps.googleapis.com https://maps.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io cdn.jsdelivr.net maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.google.com *.gstatic.comm *.googleapis.com *.newrelic.com *.nr-data.net *.googletagmanager.com *.cookielaw.org *.early-birds.fr *.msecnd.net *.onetrust.com *.beeroot.io *.bing.com *.facebook.net *.facebook.com advgame.fr *.cloudfront.net *.teads.tv *.doubleclick.net *.clarity.ms *.criteo.net *.criteo.com *.adnxs.com *.leadplace.fr *.pinimg.com *.h1d3n0tsoo-staging-easiwebforms.net *.easiconnect.io *.adleadevent.com localhost *.louispion.fr *.evermaps.io *.nosto.com *.nos.to *.octipas.net https://cdnjs.cloudflare.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.jsdelivr.net fonts.googleapis.com *.googletagmanager.com localhost *.louispion.fr *.evermaps.io *.nosto.com *.nos.to *.octipas.net https://fonts.googleapis.com https://cdnjs.cloudflare.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src localhost *.louispion.fr *.evermaps.io 'self' 'unsafe-inline'; media-src *.adobe.com localhost *.louispion.fr *.evermaps.io *.youtube-nocookie.com *.octipas.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.getalma.eu *.google.com *.gstatic.comm *.googleapis.com *.nr-data.net *.cookielaw.org *.onetrust.com *.clarity.ms *.advalo.com *.teads.tv *.beeroot.io *.bing.com *.pinterest.com *.googlesyndication.com *.adleadevent.com *.abstractapi.com *.data.gouv.fr localhost *.louispion.fr *.evermaps.io *.nosto.com *.nos.to *.octipas.net http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://nominatim.openstreetmap.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline'; child-src localhost *.louispion.fr *.evermaps.io assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-xage_ghYx_wJa9l3WU0xlA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-KbwoyODTIvykLFcHkTVpNA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.gstatic.com *.fontawesome.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com 'self' data: *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google.com *.google.com.ua *.google.co.uk *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: *.directmacro.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google.com *.google.com.ua *.google.co.uk *.gstatic.com *.doubleclick.net 'self' data: *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com maps.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google.com *.google.com.ua *.google.co.uk *.gstatic.com *.googletagmanager.com *.doubleclick.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline cdn.dnky.co webchat.dotdigital.com *.googleapis.com *.googletagmanager.com *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google-analytics.com *.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-BulPoR_h_mT2XLjaAAWyAA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.cloudflare.com *.bootstrapcdn.com fonts.gstatic.com 'unsafe-inline' data: *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com dhv2ziothpgrr.cloudfront.net www.wwhardware.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com www.wwhardware.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com www.wwhardware.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com platform.twitter.com *.hotjar.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * checkout.sezzle.com sandbox.checkout.sezzle.com checkout.eu.sezzle.com sandbox.checkout.eu.sezzle.com tracking.sezzle.com tracking.eu.sezzle.com *.yotpo.com www.wwhardware.com; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.cloudflare.com *.bing.com *.zonos.com *.marchex.io *.google.com *.pinterest.com *.adroll.com ads.yahoo.com *.facebook.com *.bidswitch.net *.adnxs.com *.rlcdn.com *.openx.net *.company-target.com *.instinctiveads.com *.dca0.com *.cloudfront.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com media.sezzle.com *.yotpo.com dhv2ziothpgrr.cloudfront.net www.wwhardware.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com pinterest.com www.pinterest.com s.pinimg.com *.cloudflare.com *.twitter.com *.fontawesome.com *.marchex.io *.hotjar.com *.bing.com *.googletagmanager.com *.pinterest.com http://chimpstatic.com *.facebook.net *.zonos.com *.adroll.com *.dca0.com *.attn.tv https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com checkout-sdk.sezzle.com sandbox.checkout-sdk.sezzle.com checkout-sdk.eu.sezzle.com sandbox.checkout-sdk.eu.sezzle.com widget.sezzle.com widget.eu.sezzle.com widget.sezzle.in *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net www.wwhardware.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com fonts.googleapis.com https://static.klaviyo.com unsafe-inline assets.braintreegateway.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net www.wwhardware.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com www.wwhardware.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.io *.algolianet.com *.insights.algolia.io www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.cloudflare.com *.hotjar.com *.zonos.com *.google-analytics.com *.doubleclick.net *.adroll.com *.dca0.com *.attentivemobile.com *.attn.tv https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com www.wwhardware.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.wwhardware.com http: https: blob: 'self' 'unsafe-inline'; default-src www.wwhardware.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://woodworkers.test/; report-to report-endpoint; 1 object-src 'none'; script-src 'self' https://api.mapbox.com https://cdn.jsdelivr.net https://cdn.visionme.de https://cdnjs.cloudflare.com https://js.hs-scripts.com https://maps.googleapis.com https://unpkg.com https://www.google.com js-eu1.hs-scripts.com localhost:35729 unpkg.com; script-src-attr 'self'; style-src 'self' https://api.mapbox.com https://cdn.jsdelivr.net https://cdn.visionme.de https://cdnjs.cloudflare.com https://unpkg.com unpkg.com 'unsafe-inline'; style-src-attr 'self'; frame-ancestors 'self' 1 font-src *.finance-calculator.co.uk *.klarnacdn.net 'unsafe-inline' data: *.magentocommerce.com *.googleapis.com *.gstatic.com *.cloudfront.net *.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com *.fontawesome.com *.paypal.com *.feefo.com *.postcodeanywhere.co.uk *.magentosite.cloud https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.instagram.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.finance-calculator.co.uk *.deko.finance *.dekopay.com *.dekopay.org *.klarnacdn.net *.magentocommerce.com youtube.com www.youtube.com *.hotjar.com https://www.google.com www.facebook.com *.trustpilot.com *.paypal.com *.feefo.com *.postcodeanywhere.co.uk *.magentosite.cloud x.klarnacdn.net *.doubleclick.net https://plumrocket.com webservices.securetrading.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.cdninstagram.com *.trackedlink.net *.finance-calculator.co.uk *.dekopay.com 'self' data: *.klarnacdn.net *.klarnaevt.com *.magentocommerce.com *.cloudfront.net https://*.gstatic.com www.google.com www.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com www.linkedin.com linkedin.com www.googletagmanager.com googletagmanager.com gallery.mailchimp.com *.trustedshops.com www.facebook.com *.zopim.com cdn.jsdelivr.net *.paypal.com *.feefo.com *.postcodeanywhere.co.uk *.magentosite.cloud x.klarnacdn.net https://*.google.com https://*.googleapis.com https://*.googleusercontent.com https://www.magezon.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.instagram.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.finance-calculator.co.uk *.dekopay.com *.klarnacdn.net *.klarnaservices.com *.magentocommerce.com *.cloudfront.net google.com maps.googleapis.com www.google.com *.increasingly.co *.increasingly.com gstatic.com www.gstatic.com *.googleapis.com api.comapi.com snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com connect.facebook.net www.feedbackcompany.com *.trustpilot.com *.newrelic.com *.nr-data.net cdn.jsdelivr.net www.googleoptimize.com www.clarity.ms *.paypal.com js.klarna.com *.eu-library.klarnaservices.com/lib.js *.feefo.com *.postcodeanywhere.co.uk *.magentosite.cloud *.mouseflow.com *.webgains.io *.google.com/ https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com player.vimeo.com *.youtube.com https://apis.google.com webservices.securetrading.net songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarnacdn.net *.googleapis.com *.magentocommerce.com *.cloudfront.net *.bootstrapcdn.com *.fontawesome.com *.mailchimp.com *.finance-calculator.co.uk *.trustpilot.com cdn.jsdelivr.net *.paypal.com *.feefo.com *.postcodeanywhere.co.uk *.magentosite.cloud https://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com *.zopim.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.finance-calculator.co.uk *.dekopay.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com *.cloudfront.net *.magentocommerce.com commerce.adobedc.net api.comapi.com www.google-analytics.com *.googleapis.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com www.feedbackcompany.com *.zendesk.com *.eu-library.klarnaservices.com/lib.js *.nr-data.net www.clarity.ms *.paypal.com *.feefo.com *.postcodeanywhere.co.uk *.magentosite.cloud x.klarnacdn.net api.addressy.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com o402164.ingest.sentry.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: dc.services.visualstudio.com *.b2clogin.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 img-src https://higherlogicdownload.s3.amazonaws.com/ASCACONNECT/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/ASCACONNECT/ https://img.youtube.com/vi/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/ASCACONNECT/ https://d132x6oi8ychic.cloudfront.net 'self' https://*.googleapis.com https://www.googletagmanager.com https://maps.gstatic.com data: https://info.ascassociation.org https://www.google-analytics.com https://*.feathr.co https://*.adsrvr.org https://ascamedia.blob.core.windows.net https://d.adroll.com https://x.bidswitch.net https://dsum-sec.casalemedia.com https://idsync.rlcdn.com https://pixel.rubiconproject.com https://www.facebook.com https://sync.outbrain.com https://image2.pubmatic.com https://*.openx.net https://*.pubmatic.com https://*.taboola.com https://eb2.3lift.com https://ups.analytics.yahoo.com https://ib.adnxs.com https://ds.reson8.com https://tags.bluekai.com https://idsync.reson8.com; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ fonts.googleapis.com https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/ASCACONNECT/ https://higherlogicdownload.s3.amazonaws.com/ASCACONNECT/ https://higherlogiclongterm.s3.amazonaws.com/ASCACONNECT/ 'self' https://cdn.datatables.net https://maxcdn.bootstrapcdn.com https://s3.amazonaws.com https://ascamedia.blob.core.windows.net https://cdn.jsdelivr.net; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ higherlogiccloudfront.s3.amazonaws.com fonts.googleapis.com https://higherlogicdownload.s3.amazonaws.com/ASCACONNECT/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/ASCACONNECT/ 'self' https://higherlogiclongterm.s3.amazonaws.com/ASCACONNECT/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; media-src https://higherlogiclongterm.s3.amazonaws.com/ASCACONNECT/ https://higherlogicdownload.s3.amazonaws.com/ASCACONNECT/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/ASCACONNECT/ https://higherlogicstream.s3.amazonaws.com/ASCACONNECT/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/ASCACONNECT/ https://higherlogicdownload.s3.amazonaws.com/ASCACONNECT/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d132x6oi8ychic.cloudfront.net cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/ASCACONNECT/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d3uf7shreuzboy.cloudfront.net/ 'self' https://*.googleapis.com https://www.googletagmanager.com; script-src-elem https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d3uf7shreuzboy.cloudfront.net/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://higherlogicdownload.s3.amazonaws.com https://s3.amazonaws.com https://ascassociation.actonservice.com https://cdn.datatables.net https://ascamedia.blob.core.windows.net https://cdn.jsdelivr.net https://www.google-analytics.com https://cdnjs.cloudflare.com https://*.hotjar.com https://maps.googleapis.com https://*.feathr.co https://servedbyadbutler.com https://www.buzzsprout.com https://s.adr https://*.addevent.com https://*.cloudfront.net https://*.adroll.com https://*.facebook.net https://addevent.com; worker-src 'self'; frame-src https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/ https://10837527.fls.doubleclick.net https://servedbyadbutler.com; default-src 'self'; base-uri 'self'; connect-src 'self' hl-managedservices.informz.net https://*.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://ascamapapi.azurewebsites.net https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.feathr.co https://*.doubleclick.net https://*.google.com https://d.adroll.com https://ascamapapinet6.azurewebsites.net; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 1 object-src 'none';base-uri 'self';script-src 'nonce-_qyJr0-dL6V4mAWPTeIfWg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-0VFz3tbTMfHqq9sa7REsBA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-IJJn5EY9oEd3yPHZwoVz2Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-jeFSqcb4QiWZudp6AW3giQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src fonts.googleapis.com fonts.gstatic.com *.googleapis.com *.gstatic.com data: 'self' data: *.doubleclick.net *.facebook.com maxcdn.bootstrapcdn.com *.fontawesome.com tbs.tradedoubler.com wickey.nl *.hotjar.com d3dc1lgancj6l0.cloudfront.net userlike-cdn-umm.b-cdn.net www.paypalobjects.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com wickey.us16.list-manage.com *.wickey.us16.list-manage.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.google.com *.doubleclick.net *.facebook.com js.mollie.com *.trustpilot.com tbs.tradedoubler.com forms.office.com ct.pinterest.com *.hotjar.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net www.youtube.com *.mollie.com www.paypalobjects.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io camo.githubusercontent.com https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com https://www.mollie.com *.pixriot.com *.storeimaging.com *.ads.linkedin.com *.google-analytics.com *.squarelovin.com *.bing.com bing.com squarelovin.com *.trustedshops.com *.mollie.com *.pinterest.com *.consentmanager.net wickey.de wickey.nl tw.wickey.nl www.google.nl tw.wickey.de tw.wickey.at tw.wickey.ch tw.wickey.lu tw.wickey.fr tw.wickey.co.uk tw.wickey.ie tw.wickey.be tw.wickey.it tw.wickey.es tw.wickey.pt tw.wickey.dk tw.wickey.pl tw.wickey.cz tw.wickey.hu tw.wickey.sk tw.wickey.ro tw.wickey.hr tw.wickey.se tw.wickey.no tw.wickey.fi tw.wickey.bg www.google.fr www.google.de *.hotjar.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com d3upe020n1uosc.cloudfront.net www.userlike.com userlike-store-media-files.s3.amazonaws.com www.google.at www.google.ch www.google.lu www.google.co.uk www.google.ie www.google.be www.google.it www.google.es www.google.pt www.google.dk www.google.pl www.google.cz www.google.hu www.google.sk www.google.ro www.google.hr www.google.se www.google.no www.google.fi www.google.bg ik.imagekit.io cst-tag-monitor-2nd-gen-6k3dd6vtka-ew.a.run.app dashboard.edesk.com static.sooqr.com onlinedialogue.s3.eu-west-1.amazonaws.com t.squeezely.tech wickey.ams3.digitaloceanspaces.com wickey-test.ams3.digitaloceanspaces.com d2rfa446ja7yzb.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com js.mollie.com widgets.trustedshops.com js-agent.newrelic.com bat.bing.com *.googleadservices.com connect.facebook.net bam.nr-data.net squarelovin.com c.delivery.consentmanager.net cdn.consentmanager.net s.pinimg.com analytics.tiktok.com www.googleoptimize.com snap.licdn.com hst.tradedoubler.com swrap.tradedoubler.com static.cloudflareinsights.com tracking.s24.com tw.wickey.nl tw.wickey.de tw.wickey.at tw.wickey.ch tw.wickey.lu tw.wickey.fr tw.wickey.co.uk tw.wickey.ie tw.wickey.be tw.wickey.it tw.wickey.es tw.wickey.pt tw.wickey.dk tw.wickey.pl tw.wickey.cz tw.wickey.hu tw.wickey.sk tw.wickey.ro tw.wickey.hr tw.wickey.se tw.wickey.no tw.wickey.fi tw.wickey.bg delivery.consentmanager.net cdn.stape.io *.hotjar.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com api.userlike.com d3dc1lgancj6l0.cloudfront.net ajax.cloudflare.com d5yoctgpv4cpx.cloudfront.net userlike-cdn-umm.b-cdn.net onlinedialogue.s3.eu-west-1.amazonaws.com widgets.xsellco.com static.sooqr.com dynamic.sooqr.com *.neoday.com js.neoday.com cdn.ablyft.com squeezely.tech analytics.optimalpeople.fr connect.getflowbox.com ct.pinterest.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com maxcdn.bootstrapcdn.com *.fontawesome.com squarelovin.com *.hotjar.com tagmanager.google.com widgets.xsellco.com static.sooqr.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com d3dc1lgancj6l0.cloudfront.net userlike-store-media-files.s3.amazonaws.com www.userlike.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.pixriot.com *.storeimaging.com ct.pinterest.com *.wickey.de stats.g.doubleclick.net analytics.tiktok.com bam.nr-data.net bat.bing.com www.google.com googleads.g.doubleclick.net region1.analytics.google.com region1.google-analytics.com tw.wickey.nl www.google.nl tw.wickey.de tw.wickey.at tw.wickey.ch tw.wickey.lu tw.wickey.fr tw.wickey.co.uk tw.wickey.ie tw.wickey.be tw.wickey.it tw.wickey.es tw.wickey.pt tw.wickey.dk tw.wickey.pl tw.wickey.cz tw.wickey.hu tw.wickey.sk tw.wickey.ro tw.wickey.hr tw.wickey.se tw.wickey.no tw.wickey.fi tw.wickey.bg www.google.fr www.google.de *.hotjar.com *.hotjar.io wss://*.hotjar.com www.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com api.userlike.com wss://umd.userlike.com umd.userlike.com d3upe020n1uosc.cloudfront.net d3dc1lgancj6l0.cloudfront.net www.google.at www.google.ch www.google.lu www.google.co.uk www.google.ie www.google.be www.google.it www.google.es www.google.pt www.google.dk www.google.pl www.google.cz www.google.hu www.google.sk www.google.ro www.google.hr www.google.se www.google.no www.google.fi www.google.bg rkkck31tec.execute-api.eu-central-1.amazonaws.com widgets.xsellco.com firehose.eu-central-1.amazonaws.com cognito-identity.eu-central-1.amazonaws.com gateway.wickey.neo.day log.ablyft.com analytics.pangle-ads.com analytics.optimalpeople.fr trustbadge.api.etrusted.com gateway.getflowbox.com a.getflowbox.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://wickey.de/; report-to report-endpoint; 1 object-src 'none';base-uri 'self';script-src 'nonce-nTsgvBnVK5Dh6QJXdRFBcQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 img-src https://higherlogicdownload.s3.amazonaws.com/NASBO/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NASBO/ https://img.youtube.com/vi/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/NASBO/ https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ fonts.googleapis.com https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NASBO/ https://higherlogicdownload.s3.amazonaws.com/NASBO/ https://higherlogiclongterm.s3.amazonaws.com/NASBO/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ higherlogiccloudfront.s3.amazonaws.com fonts.googleapis.com https://higherlogicdownload.s3.amazonaws.com/NASBO/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NASBO/ 'self' https://higherlogiclongterm.s3.amazonaws.com/NASBO/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; media-src https://higherlogiclongterm.s3.amazonaws.com/NASBO/ https://higherlogicdownload.s3.amazonaws.com/NASBO/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NASBO/ https://higherlogicstream.s3.amazonaws.com/NASBO/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/NASBO/ https://higherlogicdownload.s3.amazonaws.com/NASBO/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d132x6oi8ychic.cloudfront.net cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NASBO/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; script-src-elem https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d3uf7shreuzboy.cloudfront.net/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; worker-src 'self'; frame-src https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; default-src 'self'; base-uri 'self'; connect-src 'self' hl-managedservices.informz.net; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 1 object-src 'none';base-uri 'self';script-src 'nonce-23Gq8cSk380EmMdhTjXgLQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-7dUmKqDClW1dQJIVuHCGoA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-FB_QGINTaLsRGu3adeo0cg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-ezuT5aTPYb2-AGOeJQDpfA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-oN9OXwzscwknFqMGalSeTg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-HnLfIfnGmsjD9hpXOMwnOQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.gstatic.com data: https://fonts.gstatic.com maxcdn.bootstrapcdn.com fonts.gstatic.com *.haustierkost.de *.fontawesome.com https://cdnjs.cloudflare.com 'self' data: wp.haustierkost.de data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.cardinalcommerce.com *.paypal.com wp.haustierkost.de 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com wp.haustierkost.de 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: platform.twitter.com *.doubleclick.net *.trustpilot.com *.haustierkost.de *.consentmanager.net *.klarna.com *.weltpixel.com www.xtento.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com wp.haustierkost.de 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com validate.fishpig.co.uk *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.google.com pinterest.com assets.pinterest.com syndication.twitter.com *.ausgezeichnet.org *.bing.com *.google.de *.googletagmanager.com *.haustierkost.de *.consentmanager.net www.xtento.com cdn.xtento.com *.facebook.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: wp.haustierkost.de data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.plugins.emarsys.net *.scarabresearch.com twitter.com platform.twitter.com siegel.ausgezeichnet.org *.bing.com *.cloudflareinsights.com *.cloudflare.com *.doubleclick.net *.smartlook.com *.trustpilot.com *.haustierkost.de *.consentmanager.net www.xtento.com cdn.xtento.com *.googletagmanager.com *.facebook.net *.avada.io https://cdnjs.cloudflare.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.google.com *.gstatic.com wp.haustierkost.de 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com unsafe-inline *.googleapis.com *.gstatic.com wp.haustierkost.de 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.haustierkost.de wp.haustierkost.de 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.scarabresearch.com *.eservice.emarsys.net *.bing.com *.doubleclick.net *.facebook.com *.smartlook.com *.smartlook.cloud *.haustierkost.de *.consentmanager.net *.google.com *.google-analytics.com https://get.geojs.io *.avada.io www.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com t.elasticsuite.io wp.haustierkost.de 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com wp.haustierkost.de http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com wp.haustierkost.de 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://haustierkost.report-uri.com/r/d/csp/enforce; report-to report-endpoint; 1 object-src 'none';base-uri 'self';script-src 'nonce-jOAwYCGsj336rI5V4pELWA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.googleapis.com *.gstatic.com analytics.google.com *.bing.com consent.cookiebot.com consentcdn.cookiebot.com *.doubleclick.net ekr.zdassets.com *.facebook.com *.facebook.net *.feefo.com *.google.com region1.analytics.google.com fonts.gstatic.com fonts.googleapis.com *.newrelic.com *.nr-data.net *.pcapredict.com *.pinimg.com *.pinterest.com *.postcodeanywhere.co.uk *.salesfire.co.uk browser-update.org *.browser-update.org *.smartmetrics.co.uk stats.g.doubleclick.net tritonshowerscx.zendesk.com *.trustpilot.com www.clarity.ms *.youtube.com *.zdassets.com ekr.zendesk.com *.zopim.com widget-mediator.zopim.com *.tritonshowers.co.uk *.adobedtm.com *.aptrinsic.com *.demdex.net porjs.com wss://*.zopim.com *.niceincontact.com *.stripe.com *.sagepay.com *.klarnacdn.net 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com analytics.google.com *.bing.com consent.cookiebot.com consentcdn.cookiebot.com *.doubleclick.net ekr.zdassets.com *.facebook.com *.facebook.net *.feefo.com *.google.com region1.analytics.google.com fonts.gstatic.com fonts.googleapis.com *.gstatic.com *.newrelic.com *.nr-data.net *.pcapredict.com *.pinimg.com *.pinterest.com *.postcodeanywhere.co.uk *.salesfire.co.uk browser-update.org *.browser-update.org *.smartmetrics.co.uk stats.g.doubleclick.net tritonshowerscx.zendesk.com *.trustpilot.com www.clarity.ms *.youtube.com *.zdassets.com ekr.zendesk.com *.zopim.com widget-mediator.zopim.com *.tritonshowers.co.uk *.adobedtm.com *.aptrinsic.com *.demdex.net porjs.com wss://*.zopim.com *.stripe.com *.sagepay.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com analytics.google.com *.bing.com consent.cookiebot.com consentcdn.cookiebot.com *.doubleclick.net ekr.zdassets.com *.facebook.com *.facebook.net *.feefo.com *.google.com region1.analytics.google.com fonts.gstatic.com fonts.googleapis.com *.gstatic.com *.newrelic.com *.nr-data.net *.pcapredict.com *.pinimg.com *.pinterest.com *.postcodeanywhere.co.uk *.salesfire.co.uk browser-update.org *.browser-update.org *.smartmetrics.co.uk stats.g.doubleclick.net tritonshowerscx.zendesk.com *.trustpilot.com www.clarity.ms *.youtube.com *.zdassets.com ekr.zendesk.com *.zopim.com widget-mediator.zopim.com *.tritonshowers.co.uk *.adobedtm.com *.aptrinsic.com *.demdex.net porjs.com wss://*.zopim.com 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com analytics.google.com *.bing.com consent.cookiebot.com consentcdn.cookiebot.com *.doubleclick.net ekr.zdassets.com *.facebook.com *.facebook.net *.feefo.com *.google.com/ region1.analytics.google.com fonts.gstatic.com fonts.googleapis.com *.gstatic.com *.newrelic.com *.nr-data.net *.pcapredict.com *.pinimg.com *.pinterest.com *.postcodeanywhere.co.uk *.salesfire.co.uk browser-update.org *.browser-update.org *.smartmetrics.co.uk stats.g.doubleclick.net tritonshowerscx.zendesk.com *.trustpilot.com www.clarity.ms *.zdassets.com ekr.zendesk.com *.zopim.com widget-mediator.zopim.com *.tritonshowers.co.uk *.adobedtm.com *.aptrinsic.com *.demdex.net porjs.com wss://*.zopim.com *.stripe.com *.sagepay.com *.klarna.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com https://www.magezon.com www.google.co.in *.bing.com consent.cookiebot.com consentcdn.cookiebot.com *.doubleclick.net ekr.zdassets.com *.facebook.com *.facebook.net *.feefo.com *.google.com *.google.co.uk region1.analytics.google.com fonts.gstatic.com fonts.googleapis.com *.newrelic.com *.nr-data.net *.pcapredict.com *.pinimg.com *.pinterest.com *.postcodeanywhere.co.uk *.salesfire.co.uk browser-update.org *.browser-update.org *.smartmetrics.co.uk stats.g.doubleclick.net tritonshowerscx.zendesk.com *.trustpilot.com www.clarity.ms *.zdassets.com ekr.zendesk.com *.zopim.com widget-mediator.zopim.com *.tritonshowers.co.uk *.adobedtm.com *.aptrinsic.com *.demdex.net porjs.com wss://*.zopim.com *.pixriot.com *.storeimaging.com *.stripe.com ebizmarts-website.s3.amazonaws.com *.paypal.com *.sagepay.com *.klarna.com *.klarnaevt.com *.klarnacdn.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.hsforms.net *.hsforms.com 'self' data: *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com *.gstatic.com www.apptrian.com pinterest.com www.pinterest.com s.pinimg.com s7.addthis.com *.hotjar.com *.bing.com consent.cookiebot.com consentcdn.cookiebot.com *.doubleclick.net ekr.zdassets.com *.facebook.com *.facebook.net *.feefo.com *.google.com region1.analytics.google.com fonts.gstatic.com fonts.googleapis.com *.pcapredict.com *.pinimg.com *.pinterest.com *.postcodeanywhere.co.uk *.salesfire.co.uk browser-update.org *.browser-update.org *.smartmetrics.co.uk stats.g.doubleclick.net tritonshowerscx.zendesk.com *.trustpilot.com www.clarity.ms *.zdassets.com ekr.zendesk.com *.zopim.com widget-mediator.zopim.com *.tritonshowers.co.uk *.adobedtm.com *.aptrinsic.com *.demdex.net wss://*.zopim.com *.niceincontact.com *.stripe.com *.sagepay.com widget.freshworks.com m2epro.freshdesk.com *.klarna.com *.klarnacdn.net *.klarnaservices.com player.vimeo.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com analytics.google.com *.bing.com consent.cookiebot.com consentcdn.cookiebot.com *.doubleclick.net ekr.zdassets.com *.facebook.com *.facebook.net *.feefo.com *.google.com region1.analytics.google.com fonts.gstatic.com *.gstatic.com *.newrelic.com *.nr-data.net *.pcapredict.com *.pinimg.com *.pinterest.com *.postcodeanywhere.co.uk *.salesfire.co.uk browser-update.org *.browser-update.org *.smartmetrics.co.uk stats.g.doubleclick.net tritonshowerscx.zendesk.com *.trustpilot.com www.clarity.ms *.youtube.com *.zdassets.com ekr.zendesk.com *.zopim.com widget-mediator.zopim.com *.tritonshowers.co.uk *.adobedtm.com *.aptrinsic.com *.demdex.net porjs.com wss://*.zopim.com *.niceincontact.com *.stripe.com *.sagepay.com widget.freshworks.com m2epro.freshdesk.com *.klarnacdn.net unsafe-inline assets.braintreegateway.com *.googleapis.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com static.zdassets.com analytics.google.com *.bing.com consent.cookiebot.com consentcdn.cookiebot.com *.doubleclick.net ekr.zdassets.com *.facebook.com *.facebook.net *.feefo.com *.google.com region1.analytics.google.com fonts.gstatic.com fonts.googleapis.com *.gstatic.com *.newrelic.com *.nr-data.net *.pcapredict.com *.pinimg.com *.pinterest.com *.postcodeanywhere.co.uk *.salesfire.co.uk browser-update.org *.browser-update.org *.smartmetrics.co.uk stats.g.doubleclick.net tritonshowerscx.zendesk.com *.trustpilot.com www.clarity.ms *.youtube.com *.zdassets.com ekr.zendesk.com *.zopim.com widget-mediator.zopim.com *.tritonshowers.co.uk *.adobedtm.com *.aptrinsic.com *.demdex.net porjs.com wss://*.zopim.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.googleapis.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com ekr.zdassets.com/ wss://*.zopim.com *.bing.com consent.cookiebot.com consentcdn.cookiebot.com *.doubleclick.net ekr.zdassets.com *.facebook.com *.facebook.net *.feefo.com *.google.com region1.analytics.google.com fonts.gstatic.com fonts.googleapis.com *.gstatic.com *.pcapredict.com *.pinimg.com *.pinterest.com *.postcodeanywhere.co.uk *.salesfire.co.uk browser-update.org *.browser-update.org *.smartmetrics.co.uk stats.g.doubleclick.net tritonshowerscx.zendesk.com *.trustpilot.com www.clarity.ms *.youtube.com *.zdassets.com ekr.zendesk.com *.zopim.com widget-mediator.zopim.com *.tritonshowers.co.uk *.adobedtm.com *.aptrinsic.com *.demdex.net porjs.com *.niceincontact.com *.pixriot.com *.storeimaging.com *.stripe.com *.paypal.com *.sagepay.com widget.freshworks.com m2epro.freshdesk.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src analytics.google.com *.bing.com consent.cookiebot.com consentcdn.cookiebot.com *.doubleclick.net ekr.zdassets.com *.facebook.com *.facebook.net *.feefo.com *.google.com *.google.co.uk region1.analytics.google.com fonts.gstatic.com fonts.googleapis.com *.gstatic.com *.newrelic.com *.nr-data.net *.pcapredict.com *.pinimg.com *.pinterest.com *.postcodeanywhere.co.uk *.salesfire.co.uk browser-update.org *.browser-update.org *.smartmetrics.co.uk stats.g.doubleclick.net tritonshowerscx.zendesk.com *.trustpilot.com www.clarity.ms *.youtube.com *.zdassets.com ekr.zendesk.com *.zopim.com widget-mediator.zopim.com *.tritonshowers.co.uk *.adobedtm.com *.aptrinsic.com *.demdex.net porjs.com wss://*.zopim.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-yVcqP4-ScS1C_R-37Qm6dA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-aoEGAGSOeOGc7hd1Tfj2cA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-F805ouomBoVpUcSyFLjfLg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce--q4EwA9Y6UyMuvrXfQDBfQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-B9t1Tzxw_GShAsIEThdl7g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-OnSW8kT0GfKAisRjTLGc_Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src data: 'unsafe-inline' 'unsafe-eval' https:; base-uri https:; form-action https:; frame-ancestors https:; report-uri https://torontopubliclibrary.report-uri.com/r/d/csp/reportOnly; 1 object-src 'none';base-uri 'self';script-src 'nonce-MHZz2zLZoYC-w572jp1SXQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-FDQc0kwk3olnGriPYlTeOw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-vjlxrlehTLvrMvoU1IECKA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-TqYUZzRQD5ZLaZooYxN5Og' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-po4W1PYYLAqtQ8TPKE1Rcg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-Hvrirh6e-k-E6D-ojVTL-w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-xpgNYgtMmdV63HZJ8XiyVw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-mxUsrpaMVhXrwApo5tQLKw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-4NJWhVxjp8Gsfy7AJnOfoQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-0Ap1_xhGB1n6BDRKNui05A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-gCeIgeZaiA4PS6RjnUQuwQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-wbTiliB_B_p6VCyXyCv5IA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: bam.callincloud.com:3000 *.facebook.net cdnjs.cloudflare.com ka-f.fontawesome.com analytics.google.com *.onetrust.com *.facebook.com bam-bo-api-prd.bam.co.th *.doubleclick.net www.googletagmanager.com service-api.refinn.com www.google.co.th *.gstatic.com tracking.connect-x.tech *.googleadservices.com adservice.google.com *.googleapis.com bam-els-sync-api-prd.bam.co.th bam-bo-fs-prd.bam.co.th tr.line.me d.line-scdn.net www.youtube.com www.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 font-src *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com https://static.addtoany.com/ js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.buckaroo.nl https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.addtoany.com/ https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com https://stats.addtoany.com/menu https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' *.summitholdings.com blob: cdnjs.cloudflare.com d3e54v103j8qbb.cloudfront.net maps.googleapis.com player.vimeo.com vod-progressive.akamaized.net web-sandbox.pypestream.com web.pypestream.com www.google-analytics.com; script-src 'self' *.summitholdings.com d3e54v103j8qbb.cloudfront.net maps.googleapis.com unpkg.com web-sandbox.pypestream.com web.pypestream.com www.google-analytics.com; script-src-elem 'self' ajax.googleapis.com d213nytzlt2v5a.cloudfront.net d3e54v103j8qbb.cloudfront.net maps.googleapis.com ssl.google-analytics.com unpkg.com web-sandbox.pypestream.com web.pypestream.com www.google-analytics.com; style-src data: 'unsafe-inline' translate.googleapis.com unpkg.com fonts.googleapis.com; style-src-elem 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com unpkg.com; img-src 'self' data: *.summitholdings.com fonts.gstatic.com maps.google.com maps.googleapis.com maps.gstatic.com ssl.google-analytics.com translate.google.com www.facebook.com www.google-analytics.com www.gstatic.com c0.froala.com; font-src 'self' data: fonts.gstatic.com assets.quadpay.com d3s8xk3etjyeyz.cloudfront.net; connect-src 'self' app.launchdarkly.com events.launchdarkly.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com web.pypestream.com www.google-analytics.com; media-src data: player.vimeo.com; object-src player.vimeo.com; frame-src 'self' blob: d31b6i309j1ui2.cloudfront.net d3s8xk3etjyeyz.cloudfront.net web-sandbox.pypestream.com web.pypestream.com player.vimeo.com; frame-ancestors 'self'; form-action 'self' webto.salesforce.com www.velocitypayment.com; report-uri https://summitlakeland.report-uri.com/r/t/csp/reportOnly 1 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/youtube-marketing/artists_youtube 1 font-src *.klevu.com *.ksearchnet.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com data: *.klarnacdn.net *.photoslurp.com *.klaviyo.com *.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.adyen.com *.google.com *.facebook.com *.pinterest.com *.doubleclick.net *.googlesyndication.com *.klarnaservices.com *.cookiebot.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://www.magezon.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.google.com *.google.lv *.google.com.eg *.googletagmanager.com *.bing.com *.facebook.com *.pinterest.com *.clarity.ms *.linkedin.com *.doubleclick.net *.photoslurp.com *.googlesyndication.com formfacade.com *.sciconsports.com *.cookiebot.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com *.googleapis.com *.google.com *.gstatic.com *.google.lv *.fittingbox.com *.klarnaservices.com *.licdn.com *.googletagmanager.com *.googlesyndication.com *.photoslurp.com *.hotjar.com *.bing.com *.facebook.net *.clarity.ms *.googleadservices.com formfacade.com *.klarna.com *.cookiebot.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com *.klarnacdn.net *.photoslurp.com formfacade.com *.klaviyo.com *.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com *.paypal.com *.pinterest.com *.googleapis.com *.clarity.ms *.google-analytics.com *.photoslurp.com *.google.com *.doubleclick.net *.klarnaservices.com *.googlesyndication.com formfacade.com *.firebaseio.com *.sciconsports.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com *.linkedin.com *.klarna.com *.klarnaevt.com *.cookiebot.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 base-uri 'self'; object-src 'none'; frame-ancestors 'self' https://tdameritrade.com https://*.tdameritrade.com https://*.ameritrade.com https://*.tdainstitutional.com https://*.amtd.com https://amtd.com https://*.tradewise.com https://tdaconferences.com https://*.tdameritradeconferences.com https://*.exploringyourindependence.com https://*.thinkorswim.com https://*.tdameritradenetwork.com https://tdameritradenetwork.com https://*.eliteadvisorsummit.com https://*.essentialoptionstrategies.com; default-src 'self' https://tdameritrade.com https://*.tdameritrade.com https://*.ameritrade.com https://*.tdainstitutional.com https://*.amtd.com https://amtd.com https://*.tradewise.com https://tdaconferences.com https://*.tdameritradeconferences.com https://*.exploringyourindependence.com https://*.thinkorswim.com https://*.tdameritradenetwork.com https://tdameritradenetwork.com https://*.eliteadvisorsummit.com https://*.essentialoptionstrategies.com https://*.tiqcdn.com https://*.tdameritrade.wallst.com https://*.bing.com https://*.googletagmanager.com https://*.facebook.net https://*.inq.com https://*.wsod.com https://*.ads-twitter.com https://*.adsrvr.com https://*.everestjs.net https://*.rcrsv.io https://*.quantserve.com https://*.appdynamics.com https://*.googleadservices.com https://*.quantcount.com https://*.adsrvr.org https://*.doubleclick.net https://*.wsod.com https://*.betrad.com https://trkn.us https://*.associatesys.local https://*.omtrdc.net https://*.demdex.net https://*.iteclientsys.local https://*.googleapis.com https://*.gstatic.com https://everesttech.net; script-src 'self' https://tdameritrade.com https://*.tdameritrade.com https://*.ameritrade.com https://*.tdainstitutional.com https://*.amtd.com https://amtd.com https://*.tradewise.com https://tdaconferences.com https://*.tdameritradeconferences.com https://*.exploringyourindependence.com https://*.thinkorswim.com https://*.tdameritradenetwork.com https://tdameritradenetwork.com https://*.eliteadvisorsummit.com https://*.essentialoptionstrategies.com https://*.tiqcdn.com https://*.tdameritrade.wallst.com https://*.bing.com https://*.googletagmanager.com https://*.facebook.net https://*.inq.com https://*.wsod.com https://*.ads-twitter.com https://*.adsrvr.com https://*.everestjs.net https://*.rcrsv.io https://*.quantserve.com https://*.appdynamics.com https://*.googleadservices.com https://*.quantcount.com https://*.adsrvr.org https://*.g.doubleclick.net https://*.wsod.com https://*.googleapis.com https://nebula-cdn.kampyle.com https://c.evidon.com/geo/country.js https://tags.tiqcdn.com/utag/tdameritrade/veoone/qa/utag.sync.js https://nebula-cdn.kampyle.com/wu/620223/onsite/embed.js 'unsafe-eval' 'unsafe-inline'; connect-src 'self' https://*.iteclientsys.local https://dpm.demdex.net; img-src 'self' 'unsafe-inline' https://udc-neb.kampyle.com https://*.everesttech.net https://analytics.twitter.com https://match.adsrvr.org https://pixel.advertising.com https://ps.eyeota.net https://cms.analytics.yahoo.com https://fei.pro-market.net https://ads.scorecardresearch.com https://ag.innovid.com https://dptr.areyouahuman.com https://pxl.jivox.com https://mid.rkdms.com https://dpm.demdex.net; style-src 'self' 'unsafe-inline' https://tdameritrade.com https://*.tdameritrade.com https://*.ameritrade.com https://*.tdainstitutional.com https://*.amtd.com https://amtd.com https://*.tradewise.com https://tdaconferences.com https://*.tdameritradeconferences.com https://*.exploringyourindependence.com https://*.thinkorswim.com https://*.tdameritradenetwork.com https://tdameritradenetwork.com https://*.eliteadvisorsummit.com https://*.essentialoptionstrategies.com https://*.googleapis.com https://*.rcrsv.io ; font-src 'self' https://*.tdainstitutional.com https://dpm.demdex.net; report-uri /csp-report/report 1 object-src 'none';base-uri 'self';script-src 'nonce-D5L9JZUoWARWY4bN9tGnUw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'none'; style-src 'self'; img-src 'self'; connect-src 'self'; font-src 'self'; media-src 'self'; report-uri 'self'; child-src 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; frame-src 'self'; worker-src 'self'; manifest-src 'self'; base-uri 'self' 1 object-src 'none';base-uri 'self';script-src 'nonce--gSOmJ4qRS-r5deRcTSOFg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.doubleclick.net *.omtrdc.net www.googletagmanager.com *.facebook.com camstreamer.com *.everesttech.net analytics.google.com use.typekit.net cdn.cookielaw.org www.inntopia.travel www.youtube.com v2.mtnfeed.com api.mapbox.com rum.browser-intake-us3-datadoghq.com *.demdex.net assets.adobedtm.com bat.bing.com www.datadoghq-browser-agent.com apolloprogram.io p.typekit.net cams.mtnfeed.com *.facebook.net www.google.com edge.adobedc.net mtnpowder.com 655264f0813f72000819adf1--heuristic-pare-aa03ec.netlify.app *.vimeo.com vimeo.com 65f36ba4407d71000885ad04--heuristic-pare-aa03ec.netlify.app *.onetrust.com media.mammothresorts.com adservice.google.com 65b80e0ba474e800088c0c12--heuristic-pare-aa03ec.netlify.app cookies.alterramtnco.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 frame-ancestors 'none';img-src 'self' data: https://ads-za.privatelabel.co.za https://www.google-analytics.com https://fonts.gstatic.com https://translate.google.com https://www.googletagmanager.com https://logs-01.loggly.com https://ads.privatelabel.co.za https://region1.google-analytics.com https://hm.baidu.com https://www.gstatic.com https://syndication.twitter.com https://pos.baidu.com https://www.miningmx.com https://cloud.tagdiv.com https://www.google.co.za https://www.google.ca https://www.google.co.uk https://www.google.com.sa https://www.google.co.zm https://www.google.pl https://www.google.com.ng https://www.google.com.na https://www.google.co.bw https://www.google.co.zw https://www.google.com.gh https://www.google.com.au https://www.google.com.ph https://www.google.de https://www.google.com.sl https://www.google.com.pk https://www.google.com.sg https://www.google.cd https://www.google.it https://www.google.bj https://www.google.co.id https://www.google.co.jp https://www.google.co.ls https://www.google.fr https://www.google.co.tz https://www.google.ch https://www.google.com.my https://www.google.com.pg https://www.google.nl https://www.google.co.in https://www.google.com.br https://www.google.rs https://www.google.ml https://www.google.pt https://www.google.ru https://www.google.com.hk https://www.google.kz https://stats.g.doubleclick.net https://analytics.google.com https://www.google.mw https://www.google.com.ec https://www.google.be https://www.google.com.mx https://www.google.at https://www.google.co.ug https://www.google.co.nz https://www.google.com.pa https://www.google.fi https://www.google.se https://www.google.es https://region1.analytics.google.com https://www.google.com.et https://www.google.cz https://www.google.ad https://www.google.com.pe https://www.google.ci https://www.google.ie https://www.google.co.cr https://www.google.com.tw https://www.google.mu https://www.google.co.ke https://www.google.com.cy https://www.google.ae https://translate.googleapis.com https://www.google.ro https://www.google.gr https://www.google.com.do https://www.google.co.mz https://www.google.co.th https://www.google.cg https://www.google.com.tr https://www.google.je https://www.google.is https://www.google.lu https://www.google.com.eg https://www.google.gm https://www.google.mg https://www.google.iq https://www.google.bf https://www.google.co.kr https://www.google.co.uz https://www.google.co.ao https://www.google.com.bz https://www.google.com.pr https://www.google.bg https://www.google.com.bd https://uploads-ssl.webflow.com https://www.google.com.kh https://www.google.gg https://www.google.co.ma https://www.google.co.il https://www.google.dk https://www.google.mn https://mc.yandex.ru https://www.google.com.vn https://www.google.cl https://www.google.no https://www.google.com.ar https://www.google.com.co https://www.google.ne https://www.google.lk https://www.google.sr https://www.google.lt https://favicon.yandex.net https://www.google.cf https://www.google.tn https://www.google.hr https://www.google.tg https://www.google.cv https://www.google.rw https://www.google.hu https://www.google.ee https://www.google.sc https://www.google.com.lb https://www.google.cm https://www.google.im https://www.google.sn https://www.google.lv https://www.google.sk https://www.google.tt https://www.google.com.qa https://www.google.bi https://cdn.honey.io https://www.google.dz https://www.google.ga https://www.google.com.ua https://www.google.com.kw https://www.google.com.jm https://www.google.si https://www.google.com.om https://www.google.mk https://www.google.li https://www.google.com.mt https://www.google.az https://www.metalsdaily.com https://www.google.com.fj https://yastatic.net https://www.google.al https://www.google.com.cu https://www.google.bs https://www.google.mv https://www.google.gy https://www.google.co.ve https://www.google.com.uy blob: https://www.google.com.gi https://log-papago.naver.com https://www.google.com.gt https://www.google.com.py https://www.google.me https://www.google.ba https://www.google.com.tj https://www.google.by https://www.google.com.af https://www.google.la https://www.collinsdictionary.com file https://yoa.st https://www.reuters.com https://www.google.com.ly https://secure.gravatar.com https://ts.w.org https://s.w.org https://ps.w.org ; default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ads.privatelabel.co.za https://gc.kis.v2.scr.kaspersky-labs.com https://ff.kis.v2.scr.kaspersky-labs.com https://connect.facebook.net https://platform.twitter.com https://www.google.com https://gc.kes.v2.scr.kaspersky-labs.com https://me.kis.v2.scr.kaspersky-labs.com https://www.gstatic.com https://js.createsend1.com https://ajax.googleapis.com https://select.blacklinetosplit.com https://ads-za.privatelabel.co.za https://translate.google.com https://ipinfo.io https://mstat.acestream.net https://bs.serving-sys.com https://cdncache-a.akamaihd.net https://pstatic.davebestdeals.com https://fevoki.wejekihota.com https://translate.googleapis.com https://translate-pa.googleapis.com https://trend.stablelightway.com https://c.chuyueshop.com https://maps.googleapis.com https://got.statisticplatform.com https://ds.serving-sys.com https://me.kes.v2.scr.kaspersky-labs.com https://www.pagespeed-mod.com https://west.statisticsplatform.com https://ssl.google-analytics.com https://www.miningmx.com https://west.statisticplatform.com data: https://ucads-cdn.ucweb.com https://conoret.com https://mainf.global-cache.online http://ads-za.privatelabel.co.za https://ff.kes.v2.scr.kaspersky-labs.com 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://ads-za.privatelabel.co.za https://www.googletagmanager.com https://www.google-analytics.com https://ads.privatelabel.co.za https://gc.kis.v2.scr.kaspersky-labs.com https://js.createsend1.com https://ff.kis.v2.scr.kaspersky-labs.com https://connect.facebook.net https://platform.twitter.com https://www.google.com https://gc.kes.v2.scr.kaspersky-labs.com https://me.kis.v2.scr.kaspersky-labs.com https://www.gstatic.com https://ajax.googleapis.com https://select.blacklinetosplit.com https://translate.google.com https://mstat.acestream.net https://bs.serving-sys.com https://fevoki.wejekihota.com https://trend.stablelightway.com https://translate.googleapis.com https://translate-pa.googleapis.com https://c.chuyueshop.com https://maps.googleapis.com https://got.statisticplatform.com https://ds.serving-sys.com https://me.kes.v2.scr.kaspersky-labs.com https://www.pagespeed-mod.com https://west.statisticsplatform.com https://ssl.google-analytics.com https://www.miningmx.com https://west.statisticplatform.com data: https://ucads-cdn.ucweb.com https://conoret.com https://mainf.global-cache.online http://ads-za.privatelabel.co.za https://ff.kes.v2.scr.kaspersky-labs.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://adblockers.opera-mini.net https://gc.kis.v2.scr.kaspersky-labs.com https://www.gstatic.com https://me.kis.v2.scr.kaspersky-labs.com https://cdn-images.mailchimp.com http://fonts.googleapis.com https://p.typekit.net https://ff.kis.v2.scr.kaspersky-labs.com https://pwm-image.trendmicro.com http://[2605:340:cdb1:120:19a1:1bf3:1400:314e] https://cdn.honey.io https://www.opoint.no https://www.miningmx.com blob: ; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://adblockers.opera-mini.net https://gc.kis.v2.scr.kaspersky-labs.com https://www.gstatic.com https://me.kis.v2.scr.kaspersky-labs.com https://cdn-images.mailchimp.com https://p.typekit.net https://ff.kis.v2.scr.kaspersky-labs.com https://pwm-image.trendmicro.com https://cdn.honey.io https://www.opoint.no https://www.miningmx.com blob: ; font-src 'self' https://fonts.gstatic.com http://fonts.gstatic.com https://at.alicdn.com https://cdn.scite.ai moz-extension http://themes.googleusercontent.com https://www.miningmx.com https://github.com ms-browser-extension https://shopping.qantas.com https://use.typekit.net https://cdn.megabonus.com chrome-extension://082D9B0B-65FF-408D-9461-4C1C437153AC/fonts/Inter-Variable.ttf chrome-extension://082D9B0B-65FF-408D-9461-4C1C437153AC/fonts/SFProText-Variable.otf chrome-extension://082D9B0B-65FF-408D-9461-4C1C437153AC/fonts/Recoleta-Variable.otf data:; frame-src 'self' https://miningmx.com https://web.facebook.com https://eu-chgva-oft-swg.global.trafigura.com https://gateway.zscloud.net https://e.issuu.com https://block.opendns.com https://prod.forms.workflow.ep.site.gs.com https://www.google.com https://m.facebook.com http://www.facebook.com.x.8915bcf10116604ac40a9e40d627e1d5bf41.d045227d.id.opendns.com https://www.facebook.com.x.fa4cabd803439041e8087ef049b64033daf8.9270fc42.id.opendns.com https://www.facebook.com.x.a27404e608c6b040ed0aa9f0bba013de4d34.9270fc5a.id.opendns.com https://gateway.zscalertwo.net https://mozbar.moz.com https://platform.twitter.com https://tj.shshinfo.com https://eu-ukhay-dct-swg01.global.trafigura.com https://pwm-image.trendmicro.com https://wo.laiwoshop.com https://td.doubleclick.net https://authn.web.gs.com http://[fdbd:dc05:ff:ff:b5a5:4b25:2d13:da1c] https://10.160.32.1 https://blocked.syd-1.linewize.net https://gateway.zscalerthree.net https://www.facebook.com.x.f3ce18ae087170412f0aa7f0e71e414ec53e.43d7561c.id.opendns.com https://www.ciuvo.com https://cn-1998264249-7vnsr40038.ibosscloud.com ms-appx-web://microsoft.microsoftedge https://7rx80253.ibosscloud.com https://bpb.opendns.com http://prd-zs-static.nomura.com http://102.132.100.35 https://gateway.zscaler.net http://www.facebook.com.x.e439a8250127604185087690c0bf9f1dacbf.43d7561b.id.opendns.com http://10.8.14.170 https://auth.iws-hybrid.trendmicro.com http://www.facebook.com.x.34670ad20cc4004c5009774038ee31391d7f.d043d9ae.id.opendns.com http://www.facebook.com.x.4957f6870aae804f060a7a50399376b6cb02.d045227c.id.opendns.com https://vpn.mmc.co.za http://www.facebook.com.x.1e93b7e00d9a404506085060f2093538bb72.d043d9af.id.opendns.com https://zswpmanager.wip.mmc.com http://prod.forms.workflow.ep.site.gs.com https://safe.menlosecurity.com https://scsvpnf1.isn.instinet.com https://ckf02.nobl.k12.in.us https://blocked.goguardian.com blob:; connect-src 'self' https://www.google-analytics.com https://ads-za.privatelabel.co.za https://stats.g.doubleclick.net https://translate.googleapis.com https://region1.google-analytics.com https://createsend.com https://api.trongrid.io https://yoast.com https://gc.kes.v2.scr.kaspersky-labs.com wss://me.kis.v2.scr.kaspersky-labs.com https://searchaggr-dra.dt.dbankcloud.com https://metrics-dra.dt.dbankcloud.cn https://net.promsmotion.com wss://gc.kis.v2.scr.kaspersky-labs.com https://me.kis.v2.scr.kaspersky-labs.com https://gc.kis.v2.scr.kaspersky-labs.com wss://www.miningmx.com https://hm.baidu.com https://cdncache-a.akamaihd.net https://stickyid-a.akamaihd.net https://b.1p1eqpotato.com https://analytics.google.com https://www.google.co.za https://region1.analytics.google.com https://www.google.ga https://www.google.ca https://www.google.co.zw https://www.google.co.uk https://www.google.ie https://www.google.com.ng https://www.google.fr https://www.google.com.na https://www.google.co.ls https://www.google.nl https://www.google.pt https://www.google.sk https://www.google.co.zm https://www.google.com.pa https://www.google.com.ph https://www.google.com.au https://www.google.com.hk https://www.google.co.jp https://www.google.ro https://www.google.be https://www.google.is https://www.google.es https://www.google.co.tz https://www.google.co.bw https://www.google.com.co https://www.google.de https://www.google.co.ma https://www.google.co.in https://www.google.it https://www.google.co.id https://www.google.co.kr https://www.google.com.eg https://www.google.com.sg https://www.google.com.pk https://www.google.cz wss://ff.kis.v2.scr.kaspersky-labs.com https://www.google.ch https://www.google.com.my https://www.google.com.bh https://www.google.com.br https://www.google.co.nz https://www.google.co.mz https://www.google.ru https://www.google.com.tw https://www.google.co.ke https://www.google.co.ve https://www.google.com.mx https://www.google.com.pe https://www.google.mu https://www.google.com.ar https://www.google.com.et https://www.google.ae https://www.google.com.gh https://www.google.dk https://www.google.ci https://www.google.cl https://www.google.al https://www.google.gm https://www.google.hr https://www.google.cd https://www.google.mg https://www.google.iq https://www.google.gr https://nikkomsgchannel https://www.google.com.tr https://api.socialsolutionapp.com https://www.google.co.il https://www.google.pl https://www.google.com.do https://www.google.at https://www.google.lt https://www.google.no https://www.google.fi https://www.google.lu https://www.google.com.bd https://www.google.sn https://www.google.ml https://www.google.co.th https://www.google.gg https://www.google.com.jm https://www.google.com.kh https://www.google.com.sa https://www.google.bj https://www.google.com.mm https://www.google.bg https://www.google.ne https://www.google.com.pg https://www.google.by https://www.google.com.ly https://www.google.sr https://metrics-dre.dt.dbankcloud.cn https://www.google.com.sl https://www.google.tn https://www.google.rw https://www.google.se https://swr.xnftdata.com https://www.google.sc https://www.google.ee https://api.amcreativemedia.com https://www.google.co.ao https://www.google.mk https://www.google.com.vn https://www.google.com.cy https://www.google.si https://www.google.la https://me.kes.v2.scr.kaspersky-labs.com https://www.google.com.mt https://www.google.hu https://cr-input.mxpnl.net https://www.google.com.ag https://www.google.bf https://www.google.com.qa https://www.google.cm https://www.google.co.cr https://privatelabelwebsolutions.cmail20.com https://www.google.co.ug https://www.google.im https://www.google.kz https://www.google.mn https://www.google.cg https://www.google.com.kw https://www.google.lv https://www.google.lk https://api.ciuvo.com https://api.solarspireconsulting.com wss://tm.filter https://www.google.mw https://www.google.az https://www.google.com.fj https://www.google.com.om https://translate-pa.googleapis.com https://gjtrack.ucweb.com https://www.google.co.uz https://www.google.mv https://www.google.ad https://www.google.com.sv https://www.google.gy https://www.google.je https://www.google.tt https://www.google.com.ua https://www.google.rs https://api.solaranalyticscorp.com https://www.google.com.uy https://www.google.com.cu https://overbridgenet.com https://www.google.jo https://plugin.ucads.ucweb.com https://cs.hae123.cn https://cdnml.global-cache.online https://detector.scamsniffer.io https://www.google.me https://www.google.com.lb https://www.google.bs https://www.google.tg https://infragrid.v.network https://www.google.com.pr https://yandex.ru https://ff.kes.v2.scr.kaspersky-labs.com; media-src 'self' data: https://ssl.gstatic.com; worker-src 'self' blob:; report-uri https://www.miningmx.com/wp-json/rsssl/v1/csp?rsssl_apitoken=354439880; 1 object-src 'none';base-uri 'self';script-src 'nonce-CFRCcKSAz3TTzMadJyv_lw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' *.vivocha.com *.useinsider.com *.ispeech.org *.aladhan.com *.snapchat.com *.google.com *.doubleclick.net *.amazonaws.com;style-src 'self' 'unsafe-inline' *.readspeaker.com data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ispeech.org *.google.com *.googletagmanager.com *.googleapis.com *.google-analytics.com *.ads-twitter.com *.facebook.net *.useinsider.com *.vivocha.com *.gstatic.com *.cloudfront.net *.sc-static.net sc-static.net *.readspeaker.com *.tiktok.com;img-src 'self' *.nbk.com *.vivocha.com *.google.com *.twitter.com *.t.co t.co *.qualtrics.com *.doubleclick.net data:;connect-src 'self' *.googleapis.com *.google.com *.google-analytics.com;font-src 'self' *.amazonaws.com data:; 1 default-src 'none'; script-src 'unsafe-inline' 'nonce-018e800a-febe-7981-966f-645a11799cf9' 'self' https:; style-src 'unsafe-inline' 'self' https: ; img-src 'self' data: https:; media-src https: ; font-src 'self' https:; connect-src 'self' https:; manifest-src 'self'; frame-src https: 1 font-src *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.typekit.net fonts.gstatic.com use.typekit.net *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.demdex.net *.hubspot.com wave-utility-stage.azurewebsites.net/ wave-utility.azurewebsites.net/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.paypal.com *.typekit.net p.typekit.net validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com *.newrelic.com *.nr-data.net *.google.com *.linkedin.com *.salsify.com *.hubspot.com *.hsforms.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.commerce-payment-services.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net cdn.ampproject.org raw.githubusercontent.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.newrelic.com *.nr-data.net unpkg.com *.unpkg.com *.google.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.salsify.com *.hubspot.com *.hsforms.com *.hs-scripts.com *.hscollectedforms.net *.hs-analytics.net *.hs-banner.com *.hsadspixel.net *.hubspotfeedback.com *.licdn.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.newrelic.com *.nr-data.net *.google.com *.salsify.com *.hubspot.com *.hsforms.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com *.adobe.io performance.typekit.net *.sentry.io cdn.ampproject.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com *.newrelic.com *.nr-data.net unpkg.com *.unpkg.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.googleapis.com *.salsify.com *.linkedin.com *.hubspot.com *.hsforms.com *.hubapi.com *.hscollectedforms.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 script-src 'self' https://www.googletagmanager.com https://app.usercentrics.eu https://static.hotjar.com https://script.hotjar.com https://secure.enterprisingoperation-7.com 'nonce-T2H7oCWZsEB+cTXOD+ofpjn04FbJzGHwoqF2Ate6loM=' 1 font-src fonts.gstatic.com use.typekit.net *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com *.demdex.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.dotdigital-pages.com *.dotdigital.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co webchat.dotdigital.com *.doubleclick.net *.hotjar.com consentcdn.cookiebot.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de cdn.doofinder.com www.google.com www.google.es *.bing.com *.analytics.yahoo.com *.pinterest.com *.connectif.cloud *.yotpo.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net * www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com commerce.adobedtm.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.doofinder.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.doofinder.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.magento.com commerce.adobe.io www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io p13n.adobe.io p13n-mr.adobe.io * commerce.adobedtm.com commerce.adobedc.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.doofinder.com wss://*.doofinder.com webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'self' 1 frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' phoenixnext.com *.phoenixnext.com admin.phoenixnext.com cdn.jsdelivr.net maps.googleapis.com apis.google.com connect.facebook.net demo2.2c2p.com connect.nosto.com connect.facebook.net *.cloudmaestro.com phoenixnext-magento.devsite.cc www.googletagmanager.com *.hotjar.com static.ads-twitter.com survey.g.doubleclick.net cdn.indicative.com www.google-analytics.com *.line-scdn.net analytics.twitter.com www.google.com www.gstatic.com bam.nr-data.net js-agent.newrelic.com cookiecdn.com platform.twitter.com seals.clone-systems.com googleads.g.doubleclick.net analytics.tiktok.com amplify.outbrain.com wave.outbrain.com nosto.com iterable.com api.iterable.com static.line-scdn.net; report-uri /.webscale/csp-report 1 object-src 'none';base-uri 'self';script-src 'nonce-5OSWZ65LqvSeoYBTiAXpqw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src https://*.gstatic.com https://*.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com https://*.doubleclick.net https://*.google.com https://*.hotjar.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://*.doubleclick.net https://*.google.com https://*.google.co.uk https://*.cloudfront.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io jquery.sellxed.com https://*.pcapredict.com/js/sensor.js https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://*.hotjar.com https://*.doubleclick.net https://secure.leadforensics.com https://*.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://*.googleapis.com https://*.typekit.net unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io https://*.hotjar.com https://*.adobedc.net https://*.nr-data.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.gstatic.com data: fonts.googleapis.com fonts.gstatic.com *.bootstrapcdn.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.weltpixel.com *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.gstatic.com *.zdassets.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com s7.addthis.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.bootstrapcdn.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com unsafe-inline tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.zendesk.com *.zdassets.com *.signifyd.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com https://www.google-analytics.com *.yotpo.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.gstatic.com use.typekit.net yotpo.com 'self' data: 'unsafe-inline' data: *.magentocommerce.com *.googleapis.com *.gstatic.com *.cloudfront.net *.bootstrapcdn.com fonts.googleapis.com *.hotjar.com *.zopim.com *.fontawesome.com *.paypal.com *.feefo.com *.pcapredict.com *.postcodeanywhere.co.uk *.magentosite.cloud *.yotpo.com https://cdnjs.cloudflare.com maxcdn.bootstrapcdn.com connect.facebook.net *.amazonaws.com *.acsbapp.com *.typekit.net https://use.typekit.net/fpf5obn.css https://use.typekit.net use.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com https://infinity-public-js.500apps.com/widget.min.js *.500apps.com yotpo.com www.apptrian.com facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com 'self' data: 'unsafe-inline' data: *.authorize.net *.sandbox.paypal.com *.vimeo.com *.googletagmanager.com *.cardinalcommerce.com *.magentocommerce.com cdn.dnky.co www.youtube.com *.hotjar.com *.google.com/ www.facebook.com *.trustpilot.com *.paypal.com *.feefo.com *.pcapredict.com *.postcodeanywhere.co.uk *.magentosite.cloud yotpo.com *.dotdigital-pages.com *.dotdigital.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.yotpo.com swellrewards.com *.swellrewards.com connect.facebook.net *.doubleclick.net *.expertvoice.com *.acsbapp.com https://www.paypalobjects.com https://infinity-public-js.500apps.com/widget.min.js *.500apps.com nytrng.com www.apptrian.com facebook.com graph.facebook.com webchat.dotdigital.com webchat.staging.dotdigital.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net 'self' data: 'unsafe-inline' data: *.sandbox.paypal.com *.ytimg.com yotpo.com www.facebook.com *.ssl-images-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de store.paradoxlabs.com *.yotpo.com swellrewards.com *.swellrewards.com *.magentocommerce.com *.cloudfront.net *.gstatic.com www.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com www.linkedin.com linkedin.com googletagmanager.com gallery.mailchimp.com *.trustedshops.com *.zopim.com cdn.jsdelivr.net *.paypal.com *.feefo.com *.pcapredict.com *.postcodeanywhere.co.uk *.magentosite.cloud connect.facebook.net *.adnxs.com *.amplifi.io *.quantserve.com *.mediaiqdigital.com *.doubleclick.net *.hotjar.com *.acgbrands.com https://acgbrands.com *.acsbapp.com alb.reddit.com *.google.co.in i.liadm.com us-central1-addshoppers-data-production.cloudfunctions.net www.apptrian.com facebook.com graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://www.magezon.com maps.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com assets.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com 'self' data: 'unsafe-inline' data: *.authorize.net *.googleadservices.com *.paypalobjects.com *.braintreegateway.com *.sandbox.paypal.com *.ytimg.com *.google.com/ vimeo.com *.cardinalcommerce.com *.ccdc02.com *.magentocommerce.com *.cloudfront.net google.com www.google.com gstatic.com www.gstatic.com *.googletagmanager.com *.googleapis.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com connect.facebook.net www.feedbackcompany.com *.google-analytics.com *.trustpilot.com *.newrelic.com *.nr-data.net cdn.jsdelivr.net www.googleoptimize.com www.clarity.ms *.paypal.com *.feefo.com *.pcapredict.com *.postcodeanywhere.co.uk *.magentosite.cloud yotpo.com www.facebook.com *.trackedweb.net *.dotdigital-pages.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital.com https://storage.googleapis.com *.yotpo.com swellrewards.com *.swellrewards.com *.quantcount.com *.quantserve.com *.doubleclick.net *.experticity.com *.dwin1.com *.expertvoice.com *.acsbapp.com https://acsbapp.com/apps/app/dist/js/app.js https://acsbapp.com https://shop.pe https://shopper.shop.pe/input.js https://infinity-public-js.500apps.com/widget.min.js *.500apps.com *.redditstatic.com addshoppers.s3.amazonaws.com www.apptrian.com facebook.com graph.facebook.com *.ddlnk.net debug-tracking.dotdigital.internal webchat.dotdigital.com webchat.staging.dotdigital.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com s7.addthis.com maps.googleapis.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.magento-datasolutions.com *.magento-ds.com 'self' data: 'unsafe-inline' data: getfirebug.com *.googleapis.com *.magentocommerce.com *.cloudfront.net *.bootstrapcdn.com cdn.dnky.co *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net *.paypal.com *.feefo.com *.pcapredict.com *.postcodeanywhere.co.uk *.magentosite.cloud *.yotpo.com *.dotdigital.com swellrewards.com *.swellrewards.com connect.facebook.net https://cdnjs.cloudflare.com *.acsbapp.com *.typekit.net https://use.typekit.net/fpf5obn.css https://p.typekit.net yotpo.com webchat.dotdigital.com webchat.staging.dotdigital.com unsafe-inline assets.braintreegateway.com tagmanager.google.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io *.magento-datasolutions.com *.magento-ds.com *.sentry.io 'self' data: 'unsafe-inline' data: *.cloudfront.net *.magentocommerce.com api.comapi.com *.google-analytics.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com www.feedbackcompany.com *.cardinalcommerce.com *.zendesk.com *.nr-data.net www.clarity.ms *.paypal.com *.feefo.com *.pcapredict.com *.postcodeanywhere.co.uk *.magentosite.cloud yotpo.com connect.facebook.net www.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.dotdigital.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.yotpo.com swellrewards.com *.swellrewards.com *.braintreegateway.com *.braintree-api.com *.cloudflare.com *.googleapis.com *.experticity.com *.grin.co *.acsbapp.com https://infinity-public-js.500apps.com/widget.min.js *.500apps.com shopper.shop.pe app.shop.pe *.acgbrands.com nytrng.com ws2.hotjar.com shop.pe wss://*.hotjar.com www.apptrian.com facebook.com graph.facebook.com webchat.dotdigital.com webchat.staging.dotdigital.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.google.com google.com ekr.zdassets.com/ https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-yJ0CErgfBKQMph_O_7UOGA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src 'nonce-AdvWHDEj6q6fkgWFZWpEDA' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1 default-src 'self' *.aiglife.co.uk ; frame-ancestors 'self' *.aiglife.co.uk ; base-uri 'self' *.aiglife.co.uk ; style-src 'self' *.aiglife.co.uk https://fonts.googleapis.com 'unsafe-inline' ; script-src 'self' *.aiglife.co.uk https://www.google-analytics.com https://www.googletagmanager.com https://extend.vimeocdn.com http://assets.adobedtm.com https://lptag.liveperson.net https://assets.adobedtm.com https://accdn.lpsnmedia.net https://lpcdn.lpsnmedia.net https://lo.v.liveperson.net 'unsafe-eval' https://az416426.vo.msecnd.net https://cdn.cookielaw.org https://*.onetrust.com connect.facebook.net 'nonce-5XDcw+Wl4SMirCty+zFJfjhYCkWAGE6qUHkfTOLRf7c='; script-src-elem 'self' *.aiglife.co.uk http://bat.bing.com https://www.google-analytics.com https://www.googletagmanager.com https://extend.vimeocdn.com http://assets.adobedtm.com https://lptag.liveperson.net https://assets.adobedtm.com https://accdn.lpsnmedia.net https://lpcdn.lpsnmedia.net https://lo.v.liveperson.net 'unsafe-eval' https://az416426.vo.msecnd.net https://cdn.cookielaw.org https://*.onetrust.com connect.facebook.net 'unsafe-inline'; script-src-attr 'self' *.aiglife.co.uk 'unsafe-inline'; font-src 'self' *.aiglife.co.uk data: ; img-src * 'self' *.aiglife.co.uk https://td.doubleclick.net/ https://www.google.com https://www.google.co.uk http://metrics.churchill.com http://cm.everesttech.net https://cm.everesttech.net https://dpm.demdex.net http://metrics.directline.com https://www.googletagmanager.com https://smetrics.directline.com https://smetrics.churchill.com https://www.google-analytics.com https://safgtechnologiesaiglifechurchilldev.112.2o7.net data: https:; media-src 'self' *.aiglife.co.uk; frame-src 'self' *.aiglife.co.uk https://td.doubleclick.net/ https://lpcdn.lpsnmedia.net https://3535199.fls.doubleclick.net http://fast.directlinegroup.demdex.net https://3535200.fls.doubleclick.net https://directlinegroup.demdex.net https://player.vimeo.com https://lo.idp.liveperson.net; connect-src 'self' *.aiglife.co.uk https://www.google-analytics.com https://stats.g.doubleclick.net http://dpm.demdex.net http://metrics.churchill.com http://metrics.directline.com https://dc.services.visualstudio.com https://smetrics.churchill.com https://smetrics.directline.com https://safgtechnologiesaiglifeukdev.112.2o7.net https://cdn.cookielaw.org https://*.onetrust.com data: https:; 1 font-src fonts.gstatic.com use.typekit.net *.fontawesome.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.sharethis.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net *.sharethis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' data: *.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com beacon-qa.magento-datasolutions.com beacon-stage.magento-ds.com beacon.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.sharethis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google.com *.gstatic.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.sharethis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.fontawesome.com *.googleapis.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net p13n-mr.adobe.io vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobedc.net *.demdex.net *.adobe.io performance.typekit.net *.sentry.io *.sharethis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com t.elasticsuite.io *.google-analytics.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 worker-src * blob:; font-src *.gstatic.com *.fontawesome.com *.zdassets.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.hcaptcha.com hcaptcha.com cdn.jsdelivr.net *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.gstatic.com *.usercentrics.eu *.fontawesome.com connect.facebook.net *.paypalobjects.com *.paypal.com *.googletagmanager.com *.trustpilot.com *.cookiebot.com *.doubleclick.net *.criteo.com *.criteo.net *.stripe.com *.zendesk.com *.zdassets.com *.googleapis.com *.atlantic.fr *.azurewebsites.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io groupe-mb.scene7.com *.cloudflare.com *.gstatic.com *.google.com *.google.co.in www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.connect.facebook.net *.doubleclick.net *.youtube.com *.google.fr *.criteo.com *.trustpilot.com * *.stripe.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.hcaptcha.com hcaptcha.com maps.googleapis.com cdn.jsdelivr.net *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.gstatic.com *.usercentrics.eu *.fontawesome.com connect.facebook.net *.paypalobjects.com *.paypal.com *.googletagmanager.com *.youtube.com *.trustpilot.com *.cookiebot.com *.doubleclick.net *.criteo.com *.criteo.net *.stripe.com *.licdn.com *.bing.com *.zendesk.com *.zdassets.com *.clarity.ms *.sparkow.net t4.my-probance.one *.contentsquare.net *.googleapis.com bam.nr-data.net bam.eu01.nr-data.net *.newrelic.com *.octipas-emerch.net assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.gstatic.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.hcaptcha.com hcaptcha.com cdn.jsdelivr.net *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.gstatic.com *.usercentrics.eu *.fontawesome.com connect.facebook.net *.paypalobjects.com *.paypal.com *.googletagmanager.com *.youtube.com *.trustpilot.com *.cookiebot.com *.doubleclick.net *.criteo.com *.criteo.net *.stripe.com *.clarity.ms *.scandit.com *.zendesk.com tereva.zendesk.com mabeo.zendesk.com tereva.zendesk.com/frontendevents mabeo.zendesk.com/frontendevents *.zdassets.com *.bing.com *.sparkow.net *.contentsquare.net bam.nr-data.net bam.eu01.nr-data.net *.googleapis.com *.octipas-emerch.net *.linkedin.com px.ads.linkedin.com/wa/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data: blob:; object-src 'none'; script-src 'self' https: 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; report-uri https://error-tracking.spenderservice.net/api/15/security/?sentry_key=0db3389048bb4735b406e7e1b5b9cb38 1 object-src 'none'; script-src 'nonce-nUl7RTQQOSNRtd0Bj2t6Iw==' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; base-uri 'none'; report-uri https://sentry.io/api/1258985/security/?sentry_key=1891ca9ff5bc416bbb0349a074c3b41f 1 default-src 'self' *.gstatic.com www.kartamultisport.pl; connect-src 'self' maps.googleapis.com use.fontawesome.com *.sentry.io *.google.com *.doubleclick.net *.google-analytics.com *.googleoptimize.com *.facebook.com *.salesmanago.pl sdk.privacy-center.org api.privacy-center.org vimeo.com www.kartamultisport.pl; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' 'unsafe-inline' data: *.google.com *.google.pl *.doubleclick.net *.facebook.com *.gstatic.com *.googleapis.com *.salesmanago.pl *.vimeocdn.com www.googletagmanager.com www.kartamultisport.pl https://www.kartamultisport.pl/imgproxy/; frame-src 'self' www.google.com player.vimeo.com login.emultisport.pl www.kartamultisport.pl; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com www.googletagmanager.com maps.googleapis.com www.googleoptimize.com player.vimeo.com open.spotify.com use.fontawesome.com sdk.privacy-center.org api.privacy-center.org vimeo.com *.salesmanago.pl *.sentry.io *.google-analytics.com *.doubleclick.net *.facebook.net *.hotjar.com *.licdn.com www.kartamultisport.pl facebook.com analytics.google.com; font-src 'self' *.gstatic.com data: 1 font-src *.klevu.com *.ksearchnet.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com magento-cloudflare.jetrails.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * landofcoder.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ytimg.com *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.klevu.com *.ksearchnet.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com landofcoder.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.klevu.com *.ksearchnet.com *.fontawesome.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com landofcoder.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com maxcdn.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com *.cloudflare.com *.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com https://seo.mageplaza.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com connect.facebook.net graph.facebook.com business.facebook.com openstreetmap.org maps.googleapis.com maps.gstatic.com *.google.fr cdn.snapppt.com *.cdninstagram.com *.schott-store.com black.bird.eu *.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com connect.facebook.net graph.facebook.com business.facebook.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com snapppt.com cdn.snapppt.com api.snapppt.com *.googleapis.com *.actito.be *.tiktok.com *.adnxs.com *.cloudfront.net sc-static.net *.snapchat.com *.zebestof.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com maxcdn.bootstrapcdn.com fonts.googleapis.com *.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com www.facebook.com *.facebook.net *.google.com connect.facebook.net graph.facebook.com business.facebook.com *.g.doubleclick.net snapppt.com *.tiktok.com *.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com https://sw-assets.ekomiapps.de *.fontawesome.com fonts.gstatic.com https://geowidget.easypack24.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * sandbox.przelewy24.pl secure.przelewy24.pl 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ js.stripe.com *.google.com *.doubleclick.net *.facebook.com *.hotjar.com https://consent.cookiebot.com https://consentcdn.cookiebot.com wss://*.hotjar.com https://static.cloudflareinsights.com *.user.com https://media.user.com https://smart-widget-assets.ekomiapps.de https://sw-assets.ekomiapps.de https://bat.bing.com https://analytics.tiktok.com https://www.clarity.ms https://imgsct.cookiebot.com https://c.clarity.ms https://c.bing.com https://googleads.g.doubleclick.net https://x.clarity.ms *.clarity.ms c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://geowidget-app.inpost.pl/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com https://www.google.pl https://www.google-analytics.com wss://*.hotjar.com https://dafi.pl/media/ *.user.com https://media.user.com https://smart-widget-assets.ekomiapps.de https://ekomi-srr.s3.eu-central-1.amazonaws.com https://sw-assets.ekomiapps.de https://i.imgur.com https://bat.bing.com https://analytics.tiktok.com https://www.clarity.ms https://imgsct.cookiebot.com https://c.clarity.ms https://c.bing.com https://googleads.g.doubleclick.net https://x.clarity.ms *.clarity.ms public.montonio.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com static.przelewy24.pl www.gstatic.com gstatic.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.stripe.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com https://secure.przelewy24.pl *.googleadservices.com *.hotjar.com www.paypalobjects *.googleapis.com https://www.google.com https://www.google.pl *.user.com https://dafi.user.com https://media.user.com https://www.google-analytics.com https://static.cloudflareinsights.com wss://*.hotjar.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://smart-widget-assets.ekomiapps.de https://sw-assets.ekomiapps.de https://bat.bing.com https://analytics.tiktok.com https://www.clarity.ms https://imgsct.cookiebot.com https://c.clarity.ms https://c.bing.com https://googleads.g.doubleclick.net https://x.clarity.ms *.clarity.ms *.avada.io public.montonio.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com sandbox.przelewy24.pl secure.przelewy24.pl https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://secure.przelewy24.pl https://www.google-analytics.com wss://*.hotjar.com https://consent.cookiebot.com https://consentcdn.cookiebot.com *.user.com https://media.user.com https://smart-widget-assets.ekomiapps.de https://sw-assets.ekomiapps.de https://bat.bing.com https://analytics.tiktok.com https://www.clarity.ms https://imgsct.cookiebot.com https://c.clarity.ms https://c.bing.com https://googleads.g.doubleclick.net https://x.clarity.ms *.clarity.ms *.fontawesome.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com https://geowidget.easypack24.net https://geowidget.inpost.pl 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.hotjar.com https://dafi.user.com wss://dafi.user.com https://stats.g.doubleclick.net wss://*.hotjar.com https://pagead2.googlesyndication.com https://static.cloudflareinsights.com https://consent.cookiebot.com https://consentcdn.cookiebot.com *.user.com https://media.user.com https://smart-widget-assets.ekomiapps.de https://sw-assets.ekomiapps.de https://bat.bing.com https://analytics.tiktok.com https://www.clarity.ms https://imgsct.cookiebot.com https://c.clarity.ms https://c.bing.com https://googleads.g.doubleclick.net https://x.clarity.ms *.clarity.ms https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com *.easypack24.net *.inpost.pl *.openstreetmap.org t.elasticsuite.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://maps.googleapis.com https://*.pendo.io https://pendo-io-static.storage.googleapis.com https://stats.pusher.com https://cdn.datatables.net https://cdnjs.cloudflare.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://*.pendo.io https://pendo-static-5749076184662016.storage.googleapis.com https://pendo-io-static.storage.googleapis.com https://www.web.edrnet.com https://*.edrnet.com https://ws.edrnet.com https://www.google-analytics.com https://www.googletagmanager.com https://maps.googleapis.com https://www.datadoghq-browser-agent.com https://*.collateral360.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.datatables.net; img-src 'self' data: https://www.google-analytics.com https://www.google.com https://maps.gstatic.com https://*.googleapis.com https://www.googletagmanager.com https://*.collateral360.com https://*.pendo.io https://pendo-static-5749076184662016.storage.googleapis.com https://*.s3.amazonaws.com https://*.edrnet.com https://www.web.edrnet.com https://developers.google.com/maps/documentation/javascript/examples/markerclusterer/m1.png; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com https://*.collateral360.com; connect-src 'self' https://*.collateral360.com https://*.google-analytics.com https://analytics.google.com https://*.googleapis.com https://stats.g.doubleclick.net wss://ws-us2.pusher.com https://sockjs-us2.pusher.com https://data.pendo.io https://maps.googleapis.com https://*.browser-intake-datadoghq.com; worker-src blob:; frame-src 'self'; form-action 'self'; manifest-src 'self'; report-to default 1 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com maxcdn.bootstrapcdn.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com https://www.google.com *.doubleclick.net *.facebook.com https://plumrocket.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://www.gstatic.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com downloads.mailchimp.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-st46ibXldLxbQoT0Rl6l-Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.typekit.net *.gstatic.com *.gorgias.chat *.fontawesome.com *.klevu.com *.ksearchnet.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com https://seo.mageplaza.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.typekit.net services.postcodeanywhere.co.uk *.aerin.com www.aerin.com foursixty.com scontent.cdninstagram.com bam.nr-data.net google.co.in www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.typekit.net *.newrelic.com *.nr-data.net secure-a.vimeocdn.com *.paypal.com foursixty.com *.aftership.com *.pcapredict.com services.postcodeanywhere.co.uk *.gorgias.chat polyfill.io *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com songbirdstag.cardinalcommerce.com *.klevu.com *.ksearchnet.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.typekit.net foursixty.com services.postcodeanywhere.co.uk *.googleapis.com *.gorgias.chat *.fontawesome.com *.klevu.com *.ksearchnet.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.nr-data.net *.braintree-api.com *.paypal.com *.signifyd.com foursixty.com *.aftership.com services.postcodeanywhere.co.uk metrics.foursixty.com *.gorgias.chat stats.g.doubleclick.net *.amplitude.com thm.visa.com *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.gorgias.chat 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-OfgvtXwDmxFeN-xmf4kQzQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self' 1 object-src 'none';base-uri 'self';script-src 'nonce-4pgR34vg_8Ha6ZrtiwMr6Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-HhIBpEYutyx_TPmfcjMXfQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src fonts.gstatic.com use.typekit.net *.klarnacdn.net *.klevu.com *.ksearchnet.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.klarna.com *.klarnaevt.com *.klarnacdn.net *.klevu.com *.ksearchnet.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com cdn.cookielaw.org data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com commerce.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarna.com *.klarnacdn.net *.klarnaservices.com js.klevu.com *.ksearchnet.com s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com cdn.cookielaw.org 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarnacdn.net *.klevu.com *.ksearchnet.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com commerce.adobedtm.com commerce.adobedc.net *.snplow.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com *.klevu.com *.ksearchnet.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com cdn.cookielaw.org *.onetrust.io *.onetrust.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-WN-NYHtqRrjVrz5oNTaLlA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.fontawesome.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.monetico-services.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.monetico-services.com https://www.googletagmanager.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.iadvize.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: *.cookielaw.org/ *.matomo.cloud/ *.wonderpush.com/ *.criteo.com/ *.bing.com/ *.hotjar.com/ *.affilae.com/ *.facebook.net/ *.facebook.com/ *.clarity.ms/ *.google.fr/ *.google.com/ *.doubleclick.net/ *.bidswitch.net/ *.adnxs.com/ *.media.net/ *.rubiconproject.com/ *.smartadserver.com/ *.taboola.com/ *.teads.tv/ *.3lift.com/ *.yahoo.net/ *.adform.net/ *.omnitagjs.com/ *.casalemedia.com/ https://id5-sync.com/ *.360yield.com/ *.ivitrack.com/ *.mediavine.com/ *.postrelease.com/ *.outbrain.com/ *.pubmatic.com/ *.sharethrough.com/ *.tremorhub.com/ *.yieldlab.net/ *.yieldmo.com/ *.emxdgt.com/ *.krxd.net/ *.googlesyndication.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.iadvize.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com *.gstatic.com *.cookielaw.org/ payment.preprod.direct.worldline-solutions.com *.matomo.cloud/ *.wonderpush.com/ *.criteo.com/ *.bing.com/ *.hotjar.com/ *.affilae.com/ *.facebook.net/ *.facebook.com/ *.clarity.ms/ *.google.fr/ *.google.com/ *.doubleclick.net/ *.bidswitch.net/ *.adnxs.com/ *.media.net/ *.rubiconproject.com/ *.smartadserver.com/ *.taboola.com/ *.teads.tv/ *.3lift.com/ *.yahoo.net/ *.adform.net/ *.omnitagjs.com/ *.casalemedia.com/ https://id5-sync.com/ *.360yield.com/ *.ivitrack.com/ *.mediavine.com/ *.postrelease.com/ *.outbrain.com/ *.pubmatic.com/ *.sharethrough.com/ *.tremorhub.com/ *.yieldlab.net/ *.yieldmo.com/ *.emxdgt.com/ *.krxd.net/ *.googlesyndication.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.monetico-services.com *.iadvize.com/ t.elasticsuite.io http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.cookielaw.org/ *.onetrust.com/ payment.preprod.direct.worldline-solutions.com *.matomo.cloud/ *.wonderpush.com/ *.criteo.com/ *.bing.com/ *.hotjar.com/ *.affilae.com/ *.facebook.net/ *.facebook.com/ *.clarity.ms/ *.google.fr/ *.google.com/ *.doubleclick.net/ *.bidswitch.net/ *.adnxs.com/ *.media.net/ *.rubiconproject.com/ *.smartadserver.com/ *.taboola.com/ *.teads.tv/ *.3lift.com/ *.yahoo.net/ *.adform.net/ *.omnitagjs.com/ *.casalemedia.com/ https://id5-sync.com/ *.360yield.com/ *.ivitrack.com/ *.mediavine.com/ *.postrelease.com/ *.outbrain.com/ *.pubmatic.com/ *.sharethrough.com/ *.tremorhub.com/ *.yieldlab.net/ *.yieldmo.com/ *.emxdgt.com/ *.krxd.net/ *.googlesyndication.com/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-9j7MGX_lCg43Lp7yLfm7fw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-pAhipC-uGxHx0Fgtd29qNw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-Yz1Lk5xZrJPyBGOuis7shw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-83Qz0H4p3yVCFcWHx0oQIA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com *.bolt.com www.googletagmanager.com *.veritas.at *.consentmanager.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com https://www.magezon.com https://*.consentmanager.net data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://*.consentmanager.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.bolt.com https://identity.veritas.at/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.googleapis.com *.gstatic.com data: *.klarnacdn.net *.fontawesome.com https://fonts.gstatic.com fonts.gstatic.com staticw2.yotpo.com use.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com www.youtube.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com p.yotpo.com staticw2.yotpo.com vimeo.com *.yotpo.com swellrewards.com *.swellrewards.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com *.klarna.com *.klarnacdn.net *.klarnaservices.com *.googletagmanager.com *.facebook.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com staticw2.yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net https://chimpstatic.com https://static.zdassets.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com downloads.mailchimp.com *.klarnacdn.net *.fontawesome.com unsafe-inline assets.braintreegateway.com https://fonts.googleapis.com staticw2.yotpo.com *.yotpo.com swellrewards.com *.swellrewards.com maxcdn.bootstrapcdn.com *.googleapis.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com *.google-analytics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com staticw2.yotpo.com o2.mouseflow.com *.yotpo.com swellrewards.com *.swellrewards.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src staticw2.yotpo.com vimeo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-OBHLg1R2SGF-1_fJfFagdQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-YBUxaxwSBKE1yiVtkU1ciA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.fontawesome.com maxcdn.bootstrapcdn.com www.merlinarchery.co.uk data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.sagepay.com www.merlinarchery.co.uk 'self' 'unsafe-inline'; frame-ancestors www.merlinarchery.co.uk 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.sagepay.com www.merlinarchery.co.uk 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com validate.fishpig.co.uk flagpedia.net www.merlinarchery.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com maps.googleapis.com *.sagepay.com www.merlinarchery.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline *.fontawesome.com maxcdn.bootstrapcdn.com www.merlinarchery.co.uk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.merlinarchery.co.uk 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.sagepay.com www.gstatic.com www.merlinarchery.co.uk 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.merlinarchery.co.uk http: https: blob: 'self' 'unsafe-inline'; default-src www.merlinarchery.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.epson.com.my tags.tiqcdn.com urldefense.com event-tracking-services.global.commerce-connector.com *.facebook.com *.crazyegg.com pro.epson.asia www.google.com.bn *.linkedin.com www.google.com.ph www.google.com.sg pd.epson.com.my *.gstatic.com *.doubleclick.net *.licdn.com cdnjs.cloudflare.com www.google.com www.youtube.com api.commerce-connector.com *.goepson.com adservice.google.com img.youtube.com *.bazaarvoice.com www.google-analytics.com google.com *.facebook.net fi-v2.global.commerce-connector.com fast.fonts.net *.googleadservices.com analytics.google.com code.jquery.com www.googletagmanager.com www.google.com.my fi-v2-configs.global.commerce-connector.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 font-src humanheartnature.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://www.facebook.com/ https://connect.facebook.net/ *.cardinalcommerce.com *.paypal.com humanheartnature.com 'self' 'unsafe-inline'; frame-ancestors humanheartnature.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://secure.trust-provider.com/ https://googleads.g.doubleclick.net/ https://www.google.com.ph/ https://td.doubleclick.net/ https://www.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com humanheartnature.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com validate.fishpig.co.uk https://www.google.com/ https://www.google.com.ph/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com humanheartnature.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.googletagmanager.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com humanheartnature.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline humanheartnature.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com humanheartnature.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://stats.g.doubleclick.net/ https://analytics.google.com/ http://www.google-analytics.com https://google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com humanheartnature.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com humanheartnature.com http: https: blob: 'self' 'unsafe-inline'; default-src humanheartnature.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-GfuuVSo6KzeJTY37BJDK5w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-uSLiFdu53yYb4mGQtvCxrQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-Rg1TI_bvSv7a23CQZHWzzQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.aig.com *.gstatic.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 object-src 'none';base-uri 'self';script-src 'nonce-gldpybPuvLM8n6edH3hU2Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src https://stackpath.bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com https://www.google.com https://*.doubleclick.net https://assets.braintreegateway.com https://*.kaptcha.com https://vars.hotjar.com https://c.paypal.com https://c.sandbox.paypal.com https://home-c56.nice-incontact.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.twitter.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://stats.g.doubleclick.net https://www.google.com https://s3.amazonaws.com https://*.ezprints.com https://*.targetphoto.com https://*.michaelsphotogifts.com https://*.ezpstore.com https://maps.gstatic.com https://bat.bing.com https://maps.googleapis.com/ https://*.stats.paypal.com https://cdn.klarna.com https://c.paypal.com https://c.sandbox.paypal.com https://*.clarity.ms www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://bat.bing.com https://ajax.cloudflare.com https://www.googleadservices.com https://*.hotjar.com https://*.paypal.com https://*.braintreegateway.com/ https://*.clarity.ms https://home-c56.nice-incontact.com https://*.ezpstore.com https://*.ezprints.com https://*.targetphoto.com https://*.michaelsphotogifts.com https://cdn.jsdelivr.net https://googleads.g.doubleclick.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com tagmanager.google.com unpkg.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com https://stackpath.bootstrapcdn.com https://fonts.googleapis.com https://cdn.jsdelivr.net unsafe-inline assets.braintreegateway.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.google-analytics.com https://*.googlesyndication.com https://*.sandbox.braintree-api.com https://*.braintree-api.com https://client-analytics.braintreegateway.com https://stats.g.doubleclick.net/ https://*.hotjar.com wss://*.hotjar.com https://www.paypal.com https://maps.googleapis.com https://*.clarity.ms https://*.ezpstore.com https://*.ezprints.com https://*.targetphoto.com https://*.michaelsphotogifts.com https://google.com https://*.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cloudflare.com *.twitter.com *.twimg.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-Jfcyih4L1Cr-M8rPNSaPTg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-vT3DF4nuJAtdZyPJ710KVQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.fontawesome.com http://maxcdn.bootstrapcdn.com/font-awesome/ https://widgets.trustedshops.com/ https://fonts.gstatic.com maxcdn.bootstrapcdn.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://www.facebook.com/ https://apay-us.amazon.com/ https://payments.amazon.de/ *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://www.facebook.com/ https://bid.g.doubleclick.net/ https://www.jsctool.com/ https://www.pinterest.com/ https://www.pinterest.de/ https://apay-us.amazon.com/ https://ct.pinterest.com/ *.addthis.com *.facebook.com *.twitter.com secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com https://widgets.trustedshops.com/ https://www.facebook.com/ https://connect.facebook.net/ https://www.google.com/pagead/ https://www.google.de/pagead/ https://www.google.com/ads/ https://www.google.de/ads/ https://googleads.g.doubleclick.net/ https://stats.g.doubleclick.net/ https://www.gstatic.com/ https://ssl.gstatic.com/ https://www.google-analytics.com/ https://www.google.com/ https://bat.bing.com/ https://ct.pinterest.com/ http://tr.outbrain.com/ https://images-na.ssl-images-amazon.com/ https://m.media-amazon.com/ *.addthisedge.com *.twitter.com cdn.pay1.de x.klarnacdn.net *.cloudfront.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://connect.facebook.net https://www.googletagmanager.com/ https://tagmanager.google.com/ http://widgets.trustedshops.com/ https://googleads.g.doubleclick.net/ https://www.google-analytics.com/ https://ssl.google-analytics.com/ https://www.google.com/ https://www.googleadservices.com/ https://bat.bing.com/ https://secure.pay1.de/ https://d.ratepay.com/ http://d.ratepay.com/ https://s.pinimg.com/ https://amplify.outbrain.com/ http://tr.outbrain.com/ https://wave.outbrain.com/ *.addthis.com *.moatads.com *.addthisedge.com *.facebook.net *.twitter.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com http://maxcdn.bootstrapcdn.com/font-awesome/ https://tagmanager.google.com/ https://fonts.googleapis.com/ maxcdn.bootstrapcdn.com d.ratepay.com d.payla.io dr.payla.io unsafe-inline assets.braintreegateway.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://www.google-analytics.com/ https://region1.analytics.google.com/ https://stats.g.doubleclick.net/ *.trustedshops.com http://d.ratepay.com/ https://ct.pinterest.com/ http://tr.outbrain.com/ https://analytics.fischer-wolle.de/ payments.amazon.de d.ratepay.com jsctool.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://shop.fischerwolle-de.gfe20.de/report-csp; report-to report-endpoint; 1 object-src 'none';base-uri 'self';script-src 'nonce-ndXBMHLUub0JSkKXZ150EQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.hsforms.net https://code.jquery.com https://www.gstatic.com https://seal.digicert.com https://s.ytimg.com https://www.youtube.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://ajax.aspnetcdn.com https://apis.google.com https://www.dropbox.com https://seal.verisign.com https://seal.websecurity.norton.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://stackpath.bootstrapcdn.com; img-src data: *; font-src data: 'self' https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://stackpath.bootstrapcdn.com; connect-src 'self' https://forms.hsforms.com https://js.hsforms.net https://www.googleapis.com https://maps.googleapis.com; media-src *; object-src 'self' https://www.youtube.com; worker-src 'none'; child-src 'self'; frame-src *; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://www.empforce.com/UserControl/ValidateForm.ashx 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: formvalidation.io *.gstatic.com *.googleapis.com www.pensionissste.gob.mx www.google-analytics.com maxcdn.bootstrapcdn.com www.gob.mx framework-gb.cdn.gob.mx cdnjs.cloudflare.com www.googletagmanager.com code.jquery.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 object-src 'none';base-uri 'self';script-src 'nonce-j6BcpiX6CF2kXMePf2R2-w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.googleapis.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://seo.mageplaza.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cdninstagram.com *.fbcdn.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com *.gstatic.com *.google.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com https://www.google-analytics.com *.instagram.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'none'; connect-src 'self' *.yimg.com https://www.google-analytics.com *.yahoo.com *.doubleclick.net; font-src 'self' *.bootstrapcdn.com; frame-src 'self' *.soundcloud.com *.twitter.com; img-src 'self' data: *.yimg.com https://www.google-analytics.com *.yahoo.com https://www.google.com/ads/ga-audiences *.pendo.io *.twitter.com *.twimg.com; script-src 'self' 'nonce-w8QMwxZPQDzq8C9UXYibVg==' *.yimg.com https://www.google-analytics.com https://ssl.google-analytics.com *.github.com/flurrydev/ *.pendo.io *.twitter.com *.twimg.com; style-src 'self' 'unsafe-inline' *.yimg.com *.twitter.com *.twimg.com https://github.githubassets.com/assets/ *.bootstrapcdn.com; report-uri /csp-report 1 font-src fonts.gstatic.com *.googleapis.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com/ https://www.youtube.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.googleapis.com *.gstatic.com https://a.klaviyo.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com *.googleapis.com *.gstatic.com https://static.klaviyo.com https://fast.a.klaviyo.com s7.addthis.com *.avada.io *.google.com/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.trustpilot.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com cdn.ampproject.org *.googleapis.com https://static.klaviyo.com https://fast.a.klaviyo.com ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-Q6t6g01JMWYa7jEAoioUQg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-UVhfqql1TiiAvtJIml2TFg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.fontawesome.com *.gstatic.com 'self' data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com player.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com www.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.weltpixel.com hcaptcha.com *.hcaptcha.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.xtento.com cdn.xtento.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://img.youtube.com 'self' data: *.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.adyen.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ s7.addthis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.xtento.com cdn.xtento.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ hcaptcha.com *.hcaptcha.com *.google.com *.gstatic.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://static.klaviyo.com *.fontawesome.com *.googleapis.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com t.elasticsuite.io ekr.zdassets.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google-analytics.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src maxcdn.bootstrapcdn.com data: https://*.cloudflare.com *.typekit.net *.googleapis.com https://*.authorize.net https://*.cardinalcommerce.com https://*.trustedshops.com https://*.tawk.to https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://embed.productlead.me https://*.stage.xpertbeauty.bg https://xpertbeauty.local https://*.xpertbeauty.ro 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net https://www.facebook.com/ https://ct.pinterest.com/ https://*.stage.xpertbeauty.bg https://xpertbeauty.local https://*.xpertbeauty.ro 'self' 'unsafe-inline'; frame-ancestors data: 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net js.stripe.com www.google.com https://www.youtube.com https://www.google.com https://www.google.ro https://www.google.bg https://www.facebook.com/ https://*.cardinalcommerce.com https://*.authorize.net https://*.paypal.com https://*.sandbox.paypal.com https://*.hotjar.com https://*.pinterest.com https://*.googlesyndication.com https://googleads.g.doubleclick.net https://*.stage.xpertbeauty.bg https://xpertbeauty.local https://*.xpertbeauty.ro https://*.tawk.to https://s7.addthis.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com *.vimeocdn.com s.ytimg.com www.apptrian.com www.facebook.com ct.pinterest.com data: https://*.cloudflare.com https://cdn.klarna.com https://www.magecomp.com https://*.paypal.com www.paypalobjects.com https://*.sandbox.paypal.com https://*.g.doubleclick.net https://*.vimeocdn.com https://s.ytimg.com https://*.usercentrics.eu https://*.magentocommerce.com https://www.google.ro https://www.google.com https://*.tawk.to https://cdn.jsdelivr.net https://*.cdninstagram.com https://*.xx.fbcdn.net www.instagram.com https://instagram.fcnd1-1.fna.fbcdn.net http://seal.alphassl.com/ https://secure.trust-provider.com https://ssl.comodo.com https://feedback.trusted.ro https://*.stage.xpertbeauty.bg https://xpertbeauty.local https://*.xpertbeauty.ro https://ct.pinterest.com maps.gstatic.com maps.google.com https://*.themarketer.com *.xpertbeauty.ro *.xpertbeauty.bg *.xpertbeauty.hu *.xpertbeauty.com *.datareshape.net flagpedia.net cdn1.themarketer.com 'self' 'unsafe-inline'; script-src https://*.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net s.ytimg.com video.google.com https://*.vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com js.stripe.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com www.facebook.com connect.facebook.net graph.facebook.com www.pinterest.com s.pinimg.com https://*.cloudflare.com https://*.google.com *.gstatic.com https://www.googletagmanager.com https://*.googlesyndication.com maps.googleapis.com https://*.trustedshops.com https://*.usercentrics.eu https://*.cardinalcommerce.com https://*.googleadservices.com https://googleadservices.com https://*.authorize.net https://*.paypalobjects.com https://*.ytimg.com *.braintreegateway.com *.signifyd.com https://connect.facebook.net https://embed.productlead.me https://chimpstatic.com https://*.tawk.to https://*.hotjar.com https://*.getsitecontrol.com https://*.g.doubleclick.net https://js-agent.newrelic.com/ https://bam.eu01.nr-data.net/ http://seal.alphassl.com/ https://secure.trust-provider.com https://cdn.jsdelivr.net https://s.pinimg.com https://*.pinterest.com https://*.paypal.com https://*.sandbox.paypal.com https://*.stage.xpertbeauty.bg https://xpertbeauty.local https://*.xpertbeauty.ro https://*.themarketer.com https://*.tiktok.com *.xpertbeauty.ro *.xpertbeauty.bg *.xpertbeauty.hu *.xpertbeauty.com *.datareshape.net *.avada.io cdn1.themarketer.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com maxcdn.bootstrapcdn.com https://*.cloudflare.com https://*.trustedshops.com https://*.usercentrics.eu https://maxcdn.bootstrapcdn.com https://embed.productlead.me https://*.tawk.to https://cdn.jsdelivr.net https://*.googleapis.com https://*.stage.xpertbeauty.bg https://xpertbeauty.local https://*.xpertbeauty.ro https://static.xpertbeauty.ro https://*.themarketer.com *.xpertbeauty.ro *.xpertbeauty.bg *.xpertbeauty.hu *.xpertbeauty.com *.datareshape.net *.gstatic.com cdn1.themarketer.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com www.facebook.com ct.pinterest.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com connect.facebook.net graph.facebook.com ct.pinterest.com https://*.cloudflare.com https://*.paypal.com https://*.cardinalcommerce.com www.facebook.com www.google-analytics.com https://*.tawk.to wss://*.tawk.to https://*.productlead.me wss://*.productlead.me www.instagram.com https://instagram.fcnd1-1.fna.fbcdn.net https://stats.g.doubleclick.net https://bam.eu01.nr-data.net https://*.stage.xpertbeauty.bg https://xpertbeauty.local https://*.xpertbeauty.ro https://ct.pinterest.com https://s7.addthis.com https://api-public.addthis.com https://in.hotjar.com https://vc.hotjar.io maps.googleapis.com https://*.themarketer.com https://*.tiktok.com *.xpertbeauty.ro *.xpertbeauty.bg *.xpertbeauty.hu *.xpertbeauty.com *.datareshape.net www.gstatic.com cdn1.themarketer.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://*.xpertbeauty.ro/; report-to report-endpoint; 1 child-src blob: data: https:; connect-src https: wss:; default-src blob: data: https: 'report-sample' 'unsafe-eval' 'unsafe-inline'; font-src data: https:; form-action https:; frame-src data: https:; img-src blob: data: https:; media-src blob: data: https:; object-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; script-src-elem https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-abBZc_KG8_7JweabR8eDGg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-eval'; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: http://www.groupe.schmidt https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://axeptio.imgix.net https://*.axept.io https://*.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.axept.io https://*.googletagmanager.com https://*.googleapis.com https://cdnjs.cloudflare.com blob: *.google.com https://*.gstatic.com; font-src 'self' 'unsafe-eval' data: https://fonts.gstatic.com; connect-src 'self' https://*.axept.io https://*.axeptio.eu https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.googleapis.com *.google.com https://*.gstatic.com data: blob:; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://cdnjs.cloudflare.com; frame-src 'self' *.google.com data: https://*.youtube.com https://*.youtube-nocookie.com; 1 font-src https://fonts.gstatic.com *.fontawesome.com www.stokeseeds.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.payfabric.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.stokeseeds.com 'self' 'unsafe-inline'; frame-ancestors www.stokeseeds.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://www.googletagmanager.com/ *.payfabric.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.stokeseeds.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://www.google.ca http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.payfabric.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.stokeseeds.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.payfabric.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.stokeseeds.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com *.fontawesome.com unsafe-inline assets.braintreegateway.com www.stokeseeds.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ www.stokeseeds.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://analytics.google.com https://www.googleadservices.com https://www.google.ca http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io *.payfabric.com *.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com www.stokeseeds.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.stokeseeds.com http: https: blob: 'self' 'unsafe-inline'; default-src www.stokeseeds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' blob:; connect-src 'self' https://*.medshr.net https://*.adroll.com https://ajax.googleapis.com https://translate.googleapis.com https://*.google-analytics.com https://stats.g.doubleclick.net https://pagead2.googlesyndication.com https://adservice.google.com https://accounts.google.com https://api.branch.io https://api2.branch.io https://www.facebook.com https://*.hubapi.com https://*.hscollectedforms.net https://cdn.linkedin.oribi.io https://*.ads.linkedin.com https://edge.fullstory.com https://rs.fullstory.com; font-src 'self' https://*.medshr.net data:; form-action 'self' https://*.medshr.net https://*.stripe.com https://*.doctorevidence.com https://*.facebook.com https://*.linkedin.com; frame-ancestors 'self' https://*.medshr.net; frame-src 'self' https://*.medshr.net https://www.youtube.com https://player.vimeo.com https://www.google.com https://accounts.google.com https://td.doubleclick.net https://*.facebook.com https://*.linkedin.com https://*.adroll.com; img-src 'self' https://*.medshr.net https://storage.googleapis.com https://*.facebook.com https://*.linkedin.com https://*.google.com https://*.hubspot.com https://*.adroll.com https://snap.licdn.com https://d.adroll.mgr.consensu.org http://d.adroll.mgr.consensu.org d.adroll.mgr.consensu.org https://p.adsymptotic.com http://p.adsymptotic.com p.adsymptotic.com https://px.ads.linkedin.com http://px.ads.linkedin.com px.ads.linkedin.com https://px4.ads.linkedin.com http://px4.ads.linkedin.com px4.ads.linkedin.com https://idsync.rlcdn.com http://idsync.rlcdn.com idsync.rlcdn.com https://ib.adnxs.com http://ib.adnxs.com ib.adnxs.com https://rs.fullstory.com data: https:; media-src 'self' https://*.medshr.net https://storage.googleapis.com blob:; object-src 'none'; script-src 'self' https://*.medshr.net https://bnc.lt https://app.link https://cdn.branch.io https://connect.facebook.net http://connect.facebook.net connect.facebook.net https://vjs.zencdn.net https://appleid.cdn-apple.com https://www.google-analytics.com https://ssl.google-analytics.com https://translate.google.com https://translate.googleapis.com https://translate-pa.googleapis.com https://ajax.googleapis.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://apis.google.com https://accounts.google.com https://*.googleadservices.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://*.hs-scripts.com https://*.hsadspixel.net https://*.hs-analytics.net https://*.hscollectedforms.net https://*.hs-banner.com https://snap.licdn.com https://d.adroll.mgr.consensu.org http://d.adroll.mgr.consensu.org d.adroll.mgr.consensu.org https://p.adsymptotic.com http://p.adsymptotic.com p.adsymptotic.com https://px.ads.linkedin.com http://px.ads.linkedin.com px.ads.linkedin.com https://px4.ads.linkedin.com http://px4.ads.linkedin.com px4.ads.linkedin.com https://idsync.rlcdn.com http://idsync.rlcdn.com idsync.rlcdn.com https://ib.adnxs.com http://ib.adnxs.com ib.adnxs.com https://edge.fullstory.com https://rs.fullstory.com https://*.adroll.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.medshr.net https://accounts.google.com https://www.google.com https://translate.googleapis.com https://ajax.googleapis.com 'unsafe-inline'; report-uri https://o174700.ingest.sentry.io/api/1256840/security/?sentry_key=183e5fbac8544561974652d80882f7b6 1 frame-ancestors 'self'; report-uri https://www.nestlecomvoce.com.br/report-uri/reportOnly 1 object-src 'none';base-uri 'self';script-src 'nonce-ECEL2Jz6GN9Q6O15Q1zAkQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.klevu.com *.ksearchnet.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.trustpilot.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.trustpilot.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com unsafe-inline assets.braintreegateway.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self'; img-src 'self' data: *; media-src * blob:; script-src 'self' https://k-business.com https://www.k-business.com https://*.usercentrics.eu https://service-proxy-logger-wfcmkywozq-ey.a.run.app *.googletagmanager.com *.google-analytics.com data: *.googleadservices.com snap.licdn.com cdn.linkedin.oribi.io www.youtube.com *.leadinfo.net *.leadinfo.com vimeo.com 'unsafe-inline' 'unsafe-eval' googleads.g.doubleclick.net connect.facebook.net 'report-sample'; connect-src 'self' https://*.usercentrics.eu https://service-proxy-logger-wfcmkywozq-ey.a.run.app *.googletagmanager.com *.google-analytics.com *.googleadservices.com snap.licdn.com cdn.linkedin.oribi.io noembed.com *.leadinfo.net *.leadinfo.com vimeo.com; frame-src 'self' https: https:; style-src 'self' 'unsafe-inline' hello.myfonts.net; font-src 'self'; manifest-src 'self' 1 default-src 'self' https://themes.googleusercontent.com/ https://data.rivm.nl/ https://apps.geodan.nl https://acc.apps.geodan.nl https://geodata.rivm.nl https://acceptatie.geodata.rivm.nl https://platform.twitter.com/ https://syndication.twitter.com/; script-src 'self' 'unsafe-inline' https://statistiek.rijksoverheid.nl https://data.rivm.nl/ http://platform.twitter.com/ https://cdn.syndication.twimg.com/; object-src https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/; style-src 'self' 'unsafe-inline' https://data.rivm.nl/ https://platform.twitter.com/ https://ton.twimg.com/; img-src 'self' https://rivm.nl/ https://*.rivm.nl/ https://data.rivm.nl https://statistiek.rijksoverheid.nl/ https://syndication.twitter.com/ https://pbs.twimg.com/ https://ton.twimg.com/ https://abs.twimg.com/ https://platform.twitter.com/ http://abs.twimg.com/; frame-src https://data.rivm.nl/ *.woondossier.nl; frame-ancestors 'self' www.atlasleefomgeving.nl *.gezondeleefomgeving.nl *.woondossier.nl roosendaal.incijfers.nl *.nhnieuws.nl schievenkeizer.nl schievenkeizer.stijlgenoten.nl; child-src https://*.nhnieuws.nl https://*.rivm.nl https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://data.rivm.nl/ ; font-src 'self' https://rivm.nl/ https://*.rivm.nl/ https://themes.googleusercontent.com/ https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ data: ; connect-src 'self' https://mebi.rivm.nl/* https://statistiek.rijksoverheid.nl/ https://statistiek.rijksoverheid.nl/* https://cstm.rivm.nl/ https://cstm.rivm.nl/* https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://acc-api.rivm.nl https://api.rivm.nl/ https://api.pdok.nl/*; report-uri /report-csp-violation 1 default-src 'self'; img-src 'self' data: http: https: *.gravatar.com; script-src 'self' https://statistics.region-stuttgart.de/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self' https://statistics.region-stuttgart.de/; frame-src 'self' https://www.youtube-nocookie.com/; report-uri https://csp-log.d-mind.de/report.php; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com www.recaptcha.net code.highcharts.com www.youtube.com js.hubspot.com www.dropbox.com widget.altrulabs.com www.google.com maps.googleapis.com wt-assets.hubteam.com cdn2.hubspot.net www.redditstatic.com cdn.veritonic.com gosniply.com d.impactradius-event.com test.test.com js.hubspot.com analytics.tiktok.com 'strict-dynamic' 'nonce-DTco7Rw72tPxDiNSJTl78g=='; report-uri https://send.hsbrowserreports.com/csp/report; 1 object-src bdl-india.in https://cbpssubscriber.mygov.in; img-src bdl-india.in https://www.google-analytics.com/ https://cbpssubscriber.mygov.in; media-src bdl-india.in https://cbpssubscriber.mygov.in; frame-src *.tradingview.com *.google.com bdl-india.in; frame-ancestors *.gstatic.com fonts.googleapis.com bdl-india.in; font-src bdl-india.in *.gstatic.com fonts.googleapis.com https://cbpssubscriber.mygov.in; report-uri /report-csp-violation 1 font-src *.cloudflare.com 'self' data: *.gstatic.com *.typekit.net *.bootstrapcdn.com *.googleapis.com *.amazonaws.com *.klarnacdn.net *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.hotjar.com app.smartsheet.com www.googletagmanager.com www.google.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' blob: data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://images.unsplash.com *.cloudflare.com *.google-analytics.com *.feefo.com *.sagepay.co.uk ebizmarts-website.s3.amazonaws.com www.google.co.uk www.google.com cdn.klarna.com www.electricradiatorsdirect.co.uk *.ads.linkedin.com *.linkedin.com *.bing.com www.facebook.com www.google.gg www.google.ca www.google.es *.klarna.com *.klarnaevt.com *.klarnacdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.cloudflare.com *.google-analytics.com *.fontawesome.com *.chimpstatic.com chimpstatic.com *.googletagmanager.com *.gstatic.com *.google.com *.hotjar.com *.bing.com snap.licdn.com secure.vane3alga.com api.feefo.com register.feefo.com *.klarna.com *.klarnaservices.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com maps.googleapis.com cdn.ampproject.org www.gstatic.com *.analytics.google.com *.cloudflareinsights.com *.klaviyo.com *.doubleclick.net *.facebook.net *.crazyegg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.googleapis.com *.typekit.net *.bootstrapcdn.com *.fontawesome.com *.klarnacdn.net unsafe-inline *.gstatic.com www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.ideal-postcodes.co.uk *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.doubleclick.net stats.g.doubleclick.net *.google-analytics.com *.hotjar.io *.bing.com www.facebook.com bat.bing.com api.feefo.com register.feefo.com collect.feefo.com *.klarnaevt.com *.klarnaservices.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com t.elasticsuite.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net cdn.ampproject.org *.klaviyo.com *.google.com *.google.co.uk *.linkedin.com *.crazyegg.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://ignition.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1 font-src *.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.affirm.com *.affirm.ca www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.criteo.com *.facebook.net *.rlets.com https://www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.trustpilot.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.affirm.com *.affirm.ca d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.adroll.com *.googletagmanager.com *.clarity.ms *.bing.com *rdcdn.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.affirm.com *.affirm.ca www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.adroll.net *.azureedge.net *.bing.com *.clarity.ms *.criteo.com *.facebook.net *.googleoptimize.com *.invoca.net *.invocacdn.com *.klaviyo.com *.nr-data.net *.rlets.com *.simpli.fi *.ywxi.net *.newrelic.com *.clickcease.com *.cloudflareinsights.com https://www.google.com https://www.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.trustpilot.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com unsafe-inline assets.braintreegateway.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.affirm.com *.affirm.ca *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.amazonaws.com *.clarity.ms *.klaviyo.com *.nr-data.net *.velaro.com *.doubleclick.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://maps.googleapis.com https://*.pendo.io https://pendo-io-static.storage.googleapis.com https://stats.pusher.com https://cdn.datatables.net https://cdnjs.cloudflare.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://pendo-static-5749076184662016.storage.googleapis.com https://pendo-io-static.storage.googleapis.com https://static.parcelplatform.com https://stats.pusher.com https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com https://*.pendo.io https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.datatables.net; img-src 'self' data: https://www.google-analytics.com https://www.google.com https://maps.googleapis.com https://maps.gstatic.com https://*.collateral360.com https://*.pendo.io https://*.s3.amazonaws.com https://www.googletagmanager.com https://static.parcelplatform.com https://*.storage.googleapis.com; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com; connect-src 'self' https://*.google-analytics.com https://analytics.google.com https://maps.googleapis.com https://stats.g.doubleclick.net https://data.pendo.io https://sockjs-us2.pusher.com wss://ws-us2.pusher.com; frame-src 'self'; form-action 'self'; report-to default 1 script-src 'report-sample' 'strict-dynamic' 'self' 'unsafe-eval' 'nonce-nYOt0CbkCmKtGPTpdo19DAjBOthAh+QF0kt/OamGHrg=' https://consent.cookiebot.com https://consent.cookiebot.com/uc.js https://consentcdn.cookiebot.com/consentconfig/6fa13bb1-e8ba-40b0-af4e-254d9f369605/state.js https://www.youtube.com https://consentcdn.cookiebot.com/consentconfig/99acbe5d-d66a-45d0-80ca-556dbd42b977/state.js https://consentcdn.cookiebot.com/consentconfig/2f67df6e-8e96-4445-969f-6fa4bec02c91/state.js https://embed.typeform.com/next/embed.js https://js.monitor.azure.com/scripts/b/ai.2.min.js https://payments.worldpay.com/resources/hpp/integrations/embedded/js/hpp-embedded-integration-library.js https://static.srcspot.com/libs/casey.js https://www.clarity.ms https://wchat.eu.freshchat.com https://wchat.eu.freshchat.com/js/widget.js https://www.googletagmanager.com/gtm.js https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://ssl.google-analytics.com https://www.youtube.com/s/player/42a553e1/www-widgetapi.vflset/www-widgetapi.js;style-src 'report-sample' 'self' 'unsafe-inline' https://embed.typeform.com https://fonts.googleapis.com https://wchat.eu.freshchat.com https://www.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://www.gstatic.com https://consent.cookiebot.com;object-src 'none';base-uri 'self';connect-src 'self' https://*.clarity.ms/collect https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat https://assetscdn-wchat.eu.freshchat.com https://analytics.google.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://dc.services.visualstudio.com https://fundsmith.cloudflareaccess.com https://region1.analytics.google.com https://region1.google-analytics.com https://translate.googleapis.com https://vimeo.com https://webservices.data-8.co.uk https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com;font-src 'self' data: https://cdnjs.cloudflare.com https://fonts.gstatic.com;frame-src 'self' https://*.eu.webpush.freshchat.com https://consentcdn.cookiebot.com https://form.typeform.com https://payments.worldpay.com https://player.vimeo.com https://w.soundcloud.com https://wchat.eu.freshchat.com https://www.googletagmanager.com https://www.youtube.com https://www2.fundsmith.co.uk;img-src 'self' blob: data: https://*.clarity.ms https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat https://fonts.gstatic.com https://i.vimeocdn.com https://i.ytimg.com https://i3.ytimg.com https://img.youtube.com https://imgsct.cookiebot.com https://region1.google-analytics.com https://tracker.live.rns-distribution.com https://translate.google.com https://www.fundsmith.co.uk https://*.google-analytics.com https://*.googletagmanager.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.sharesmagazine.co.uk;manifest-src 'self'; media-src 'self'; worker-src 'self'; report-uri https://6419b5ac622ceaeaddd4131c.endpoint.csper.io?v=6; 1 upgrade-insecure-requests; default-src 'none'; object-src 'self'; media-src 'self'; connect-src 'self'; frame-ancestors 'none'; frame-src https://www.youtube.com; img-src 'self' data: https://www.google-analytics.com https://maps.gstatic.com https://csi.gstatic.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; script-src 'self' 'nonce-ba6d06625d1b73c3adf73726899e80991a7efc7d' 'sha256-NeueIEO8rwnaeJW0jYHRwrarPP+KzGzhk6xBJ06ntlw=' https://www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://maps.googleapis.com; 1 default-src 'self' statistiek.rijksoverheid.nl; script-src 'sha256-kAj0E4/G2JPs8Mjj0MqcO7tHFZOJmTUjKaBLz5FIcog=' 'self' statistiek.rijksoverheid.nl 'report-sample' 'sha256-AJSFTfEFXIO1Wi4AjG7vT7VnAz5A/u7Rz1uNdPXDPhU=' 'sha256-IbtDa5/kbW2Hbn7qGi1538ERW/JuXrjCjK6zuL7QDfE='; object-src 'none'; style-src 'sha256-d+d7Cti3VU0dwJ1fNknUjJrjfKCBKmv7IB8pWVKOtVA=' 'sha256-HS0dLXtouzt27WjhcNn1jnLChsFC64NjrBHNAceQoNM=' 'sha256-p3iFO5bVyUOAUUESOH4bv8z4dxbPZZXWh/MQHoshxww=' 'sha256-2haq8oHxQM6XYJ1EnNAO37NNVFrJGhmY1jn8sa3S0AU=' 'sha256-1VTAHS0X+0lgrfu7iW/2ikIZ/VIANi00phY6Pqavxdg=' 'sha256-WWn0l9kVjXaC+CGcbxP6Zyac31v1Cjkx2VMnFR3uVng=' 'self' 'sha256-5uIP+HBVRu0WW8ep6d6+YVfhgkl0AcIabZrBS5JJAzs=' 'sha256-7xqMqDOfWqvgvujBp1NXgw9yq9uWja1UZbZbBoSphjU=' 'sha256-3juv2Ft1FaY3xWYNGXExi9oTqA3RQ4gtgCqyf3mxGhU=' 'sha256-aqNNdDLnnrDOnTNdkJpYlAxKVJtLt9CtFLklmInuUAE=' 'sha256-p6HyQ9qqQIVvilUDUG0LZmJsmqaueCFxNRdnqp+CQu0='; img-src statistiek.rijksoverheid.nl *.rovid.nl 'self' data: www.logius.nl/* logius.nl/* ; media-src 'self' rovid.nl *.rovid.nl; frame-src 'self' ; font-src 'self'; report-uri https://sentry.dtnr.nl/api/41/security/?sentry_key=be7725c4e69245aa867cc45751194094&sentry_environment=production 1 object-src 'none';base-uri 'self';script-src 'nonce-5mpKvcw4XBkz2aodhpUKQw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src 'strict-dynamic' 'nonce-fK2d3zRvtbqeKS6evc6lEw=='; 1 script-src 'strict-dynamic' 'nonce-g8P4uPaFyRMTeu88f2gYKw=='; 1 font-src *.fontawesome.com *.relaxdays.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.facebook.com ct.pinterest.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * cdn.consentmanager.net www.google.com tpc.googlesyndication.com www.youtube.com youtube.com www.facebook.com ct.pinterest.com www.pinterest.com www.pinterest.de *.sibforms.com sibautomation.com www.paypalobjects.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com cdn.consentmanager.net *.delivery.consentmanager.net delivery.consentmanager.net www.it-recht-kanzlei.de *.relaxdays.com i.pinimg.com log.pinterest.com www.pinterest.com ct.pinterest.com *.g.doubleclick.net *.googleadservices.com www.google.com www.google.de www.google.at www.google.es www.google.it www.google.nl www.google.pl www.google.fr www.google.dk www.google.se www.google.co.uk www.google.be www.google.bg www.google.cz www.google.ee www.google.gr www.google.hu www.google.lv www.google.lt www.google.lu www.google.pt www.google.ro www.google.si www.google.sk www.google.ie www.google.hr www.google.fi www.google.com.mt www.google.com.cy www.google-analytics.com www.googletagmanager.com *.gstatic.com *.googleusercontent.com www.facebook.com connect.facebook.com *.cloudfront.net *.bing.com analytics.tiktok.com alb.reddit.com www.datenschutz.net *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://*.billie.io/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com cdn.consentmanager.net *.delivery.consentmanager.net delivery.consentmanager.net *.relaxdays.com assets.pinterest.com widgets.pinterest.com ct.pinterest.com s.pinimg.com www.googletagmanager.com tagmanager.google.com www.google.com www.googleadservices.com www.google-analytics.com www.gstatic.com www.google.de www.google.at www.google.es www.google.it www.google.nl www.google.pl www.google.fr www.google.dk www.google.se www.google.co.uk www.google.be www.google.bg www.google.cz www.google.ee www.google.gr www.google.hu www.google.lv www.google.lt www.google.lu www.google.pt www.google.ro www.google.si www.google.sk www.google.ie www.google.hr www.google.fi connect.facebook.net googleads.g.doubleclick.net tpc.googlesyndication.com bat.bing.com analytics.tiktok.com sibautomation.com *.sendinblue.com www.redditstatic.com *.hotjar.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://*.billie.io/ *.fontawesome.com unsafe-inline assets.braintreegateway.com *.relaxdays.com tagmanager.google.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src *.relaxdays.com 'self' 'unsafe-inline'; media-src *.relaxdays.com 'self' 'unsafe-inline'; manifest-src *.relaxdays.com 'self' 'unsafe-inline'; connect-src www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://*.billie.io/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com blob: delivery.consentmanager.net *.relaxdays.com www.google-analytics.com www.googletagmanager.com *.g.doubleclick.net www.google.de www.google.at www.google.es www.google.it www.google.nl www.google.pl www.google.fr www.google.dk www.google.se www.google.co.uk www.google.be www.google.bg www.google.cz www.google.ee www.google.gr www.google.hu www.google.lv www.google.lt www.google.lu www.google.pt www.google.ro www.google.si www.google.sk www.google.ie www.google.hr www.google.fi www.facebook.com log.pinterest.com ct.pinterest.com bat.bing.com analytics.tiktok.com *.sendinblue.com in-automate.brevo.com *.hotjar.com *.hotjar.io analytics.pangle-ads.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://relaxdays.com/_csp_report_; report-to report-endpoint; 1 object-src 'none';base-uri 'self';script-src 'nonce-YnjIAHxt7L_7AQtistSAAw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.opayo.eu.elavon.com *.fontawesome.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.opayo.eu.elavon.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.opayo.eu.elavon.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://cdn.clerk.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.paypal.com *.opayo.eu.elavon.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://api.clerk.io https://cdn.clerk.io chimpstatic.com downloads.mailchimp.com *.list-manage.com *.opayo.eu.elavon.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googletagmanager.com tagmanager.google.com https://cookie-cdn.cookiepro.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://api.clerk.io https://cdn.clerk.io downloads.mailchimp.com *.opayo.eu.elavon.com https://static.klaviyo.com *.fontawesome.com unsafe-inline assets.braintreegateway.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com *.opayo.eu.elavon.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none'; script-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com maps.googleapis.com; script-src-attr 'self'; style-src 'self' https://cdn.jsdelivr.net https://unpkg.com; style-src-attr 'self'; frame-ancestors 'self' 1 frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=connect-dot-com-public-ui/static-1.1548/html/index.html&cfRay=86b46db31abdcf51-SJC 1 font-src *.gstatic.com data: *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.carnegiefabrics.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com www.xtento.com *.twitter.com fast.wistia.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.googleapis.com www.xtento.com cdn.xtento.com *.pinterest.com *.cloudflare.com *.klarna.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://redchamps.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.xtento.com cdn.xtento.com fast.wistia.net static.userback.io *.carnegiefabrics.com *.cloudflare.com cookie-cdn.cookiepro.com *.twitter.com *.crazyegg.com *.pardot.com *.pinterest.com *.google-analytics.com *.google.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com js-agent.newrelic.com bam.nr-data.net assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static.userback.io *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.userback.io *.stackpathdns.com cookie-cdn.cookiepro.com *.crazyegg.com stats.g.doubleclick.net geolocation.onetrust.com *.google-analytics.com *.cloudflare.com *.twitter.com *.paypal.com bam.nr-data.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.carnegiefabrics.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-b9fn1g010Eqt-DydHlSAaw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.googleapis.com *.gstatic.com data: https://fonts.gstatic.com *.fontawesome.com www.dahlias.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.dahlias.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com www.dahlias.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com https://www.youtube.com https://www.google.com/maps/embed *.weltpixel.com www.dahlias.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://stats.g.doubleclick.net https://tracking.qa.paypal.com validate.fishpig.co.uk store.paradoxlabs.com www.dahlias.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.googleapis.com *.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://js.authorize.net https://includes.ccdc02.com https://jstest.authorize.net https://www.googletagmanager.com *.avada.io *.authorize.net tagmanager.google.com www.dahlias.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline fonts.googleapis.com https://fonts.googleapis.com *.fontawesome.com tagmanager.google.com www.dahlias.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.dahlias.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://api2.authorize.net https://jstest.authorize.net https://apitest.authorize.net https://www.paypal.com https://stats.g.doubleclick.net https://get.geojs.io *.avada.io *.authorize.net https://www.google-analytics.com www.dahlias.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.dahlias.com http: https: blob: 'self' 'unsafe-inline'; default-src www.dahlias.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://bytesco.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1 object-src 'none';base-uri 'self';script-src 'nonce-Zlbqhpca2_WH4Te58VlpTw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src https://client.crisp.chat *.fontawesome.com *.cloudflare.com fonts.gstatic.com/ maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com p.monetico-services.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com *.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://image.crisp.chat https://images.unsplash.com *.jardindupicvert.com *.promessedefleurs.com https://redchamps.com *.openstreetmap.fr *.openstreetmap.org unpkg.com *.google.com *.google.fr *.google.ie data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.google.com https://client.crisp.chat *.avada.io https://cdnjs.cloudflare.com https://unpkg.com/pwacompat *.google.fr *.google.ie *.googletagmanager.com *.googleadservices.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://client.crisp.chat *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unpkg.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com https://client.crisp.chat wss://client.relay.crisp.chat https://plugins.crisp.chat *.jardindupicvert.com *.promessedefleurs.com https://get.geojs.io *.avada.io *.openstreetmap.org *.arcgis.com *.google-analytics.com *.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src https://maxcdn.bootstrapcdn.com https://use.typekit.net *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com https://www.youtube.com https://player.vimeo.com https://vars.hotjar.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com webservices.securetrading.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://ebizmarts-website.s3.amazonaws.com www.opayo.co.uk www.sagepay.co.uk www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ widget.freshworks.com m2epro.freshdesk.com https://devdocs.magento.com https://magento.com https://static.hotjar.com https://script.hotjar.com https://www.googletagmanager.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com webservices.securetrading.net songbirdstag.cardinalcommerce.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com widget.freshworks.com m2epro.freshdesk.com https://maxcdn.bootstrapcdn.com https://use.typekit.net https://p.typekit.net *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com widget.freshworks.com m2epro.freshdesk.com https://devdocs.magento.com https://www.google-analytics.com https://stats.g.doubleclick.net https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com o402164.ingest.sentry.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-ePD5zsBnREYkHPKWAitY8w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self'; script-src 'self' https://yastatic.net https://yandex.ru https://*.yastatic.net https://*.yandex.ru https://*.tawk.to https://*.google.com https://*.googletagmanager.com https://*.top100.ru https://*.rambler.ru https://*.gstatic.com https://*.google-analytics.com 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; connect-src 'self' https://yandex.ru https://google.com https://*.yandex.ru wss://*.tawk.to https://*.tawk.to https://*.rambler.ru https://*.google-analytics.com https://*.doubleclick.net https://*.dadata.ru; img-src https: data:; font-src https: data:; frame-src 'self' https://*.yandex.ru https://yandex.ru/ https://*.youtube.com https://*.google.com https://cdek-online.ru https://pecom.ru https://*.dellin.ru; script-src-elem 'self' https://*.maps.yandex.net https://*.jsdelivr.net https://yastatic.net https://yandex.ru https://*.yandex.ru https://*.top100.ru https://*.tawk.to https://*.google.com https://*.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.yastatic.net 'unsafe-inline'; report-uri /csp/report.php 1 object-src 'none';base-uri 'self';script-src 'nonce-48SglMDBoc1arTf_4Ll6lg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-3a974ec5390943f2ac0c280e6ef5e182' https://myaccesshealth.net 'self';img-src https://* 'self' blob: data:;style-src https://myaccesshealth.net 'self' 'unsafe-inline';form-action 'self';media-src https://* 'self'; 1 object-src 'none';base-uri 'self';script-src 'nonce-2Cki8UMAR0mYYyALJA-nSA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-IgKfHUsfyIwWT1eIG2CCiQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.fiskejournalen.com *.cloudfront.net https://fonts.gstatic.com *.klarna.com *.klarnacdn.net *.pji.nu *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.klarna.com https://local.fiskejournalen.com https://test-butik.fiskejournalen.se *.cloudfront.net https://butik.fiskejournalen.se https://butik1.fiskejournalen.se https://checkoutapi.svea.com https://www.facebook.com https://www.google.com *.googlesyndication.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.klarna.com *.klarnaevt.com *.klarnacdn.net https://local.fiskejournalen.com *.cloudfront.net *.fiskejournalen.se *.bing.com https://fonts.gstatic.com https://stats.g.doubleclick.net https://www.facebook.com *.google.com *.google.co.in https://apis.google.com *.clarity.ms *.doubleclick.net https://www.googletagmanager.com *.googlesyndication.com *.dialogtrail.com *.amazonaws.com *.cookiepro.com *.streamify.io https://meetanshi.com/media/logo.png 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.klarna.com *.klarnaservices.com *.fiskejournalen.com *.cloudfront.net https://bat.bing.com *.google.com *.google.co.in *.gstatic.com https://checkout.sveapayment.eu https://track.adtraction.com https://static.zdassets.com/ https://apis.google.com https://www.googletagmanager.com https://connect.facebook.net https://www.googleapis.com https://chimpstatic.com https://checkoutapi.svea.com *.clarity.ms https://www.google.se securepubads.g.doubleclick.net https://www.gstatic.com *.googlesyndication.com *.googletagservices.com *.tiktok.com https://dialogtrail-prod.s3-eu-west-1.amazonaws.com *.dialogtrail.com *.cookiepro.com *.googleoptimize.com *.pji.nu *.streamify.io *.holid.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://local.fiskejournalen.com *.cloudfront.net https://fonts.gstatic.com https://fonts.googleapis.com *.klarna.com *.klarnacdn.net *.pji.nu *.streamify.io *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src https://local.fiskejournalen.com https://test.fiskejournalen.se *.cloudfront.net 'self' 'unsafe-inline'; media-src *.adobe.com https://local.fiskejournalen.com *.cloudfront.net https://butik.fiskejournalen.se https://butik1.fiskejournalen.se https://static.zdassets.com *.klarna.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.klarnaevt.com https://local.fiskejournalen.com *.cloudfront.net *.klarna.com *.klarnaservices.com *.clarity.ms https://ekr.zdassets.com https://www.facebook.com https://www.google.com https://stats.g.doubleclick.net https://www.google-analytics.com https://fiskejournalen.zendesk.com https://widget-mediator.zopim.com wss://widget-mediator.zopim.com *.doubleclick.net *.googlesyndication.com *.gstatic.com *.tiktok.com *.dialogtrail.com wss://widget.dialogtrail.com *.cookiepro.com *.onetrust.com *.streamify.io *.jsdelivr.net wss://wss.streamify.io/ t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googlesyndication.com *.cloudfront.net *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://geolocation.onetrust.com https://cdn.livechatinc.com https://api.livechatinc.com https://www.googletagmanager.com https://www.google-analytics.com https://siteimproveanalytics.com https://scripts.demandbase.com https://edge.fullstory.com https://rs.fullstory.com https://js.adsrvr.org https://www.googleadservices.com https://googleads.g.doubleclick.net https://js-agent.newrelic.com https://bam.nr-data.net https://s.go-mpulse.net cdn.jsdelivr.net cdnjs.cloudflare.com; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' https://cdn.cookielaw.org https://geolocation.onetrust.com https://cdn.livechatinc.com https://api.livechatinc.com https://www.googletagmanager.com https://www.google-analytics.com https://siteimproveanalytics.com https://scripts.demandbase.com https://edge.fullstory.com https://rs.fullstory.com https://js.adsrvr.org https://www.googleadservices.com https://googleads.g.doubleclick.net https://s.go-mpulse.net cdn.jsdelivr.net cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri https://www.hitmanpro.com/en-us/report-uri/reportOnly 1 font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com *.criteo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.bing.com *.mobilitysmart.co.uk *.googletagmanager.com cdn-images.mailchimp.com pillowexpert.matomo.cloud *.google.co.uk * *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.attn.tv events.attentivemobile.com *.avada.io *.gstatic.com *.bing.com *.cloudflare.com *.twitter.com *.fontawesome.com cdn.mobilitysmart.co.uk pillowexpert.matomo.cloud *.criteo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.bootstrapcdn.com *.mobilitysmart.co.uk *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.attn.tv events.attentivemobile.com https://get.geojs.io *.avada.io *.cloudflare.com *.googleadservices.com *.google.co.uk *.doubleclick.net region1.analytics.google.com maxcdn.bootstrapcdn.com *.criteo.com *.bing.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://abi.mobilitysmart.co.uk/cspreport.php; report-to report-endpoint; 1 object-src 'none';base-uri 'self';script-src 'nonce-B7Cp9Cm_niTRQjFjnxShYw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-naChMBMoAocqth2qWScYTw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src fonts.gstatic.com use.typekit.net *.typekit.net *.iwdagency.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.braintreegateway.com *.paypal.com *.weltpixel.com www.xtento.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://plumrocket.com *.wesupply.xyz https://wesupplylabs.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net validator.swagger.io *.ftcdn.net *.behance.net maps.googleapis.com https://a.klaviyo.com www.xtento.com cdn.xtento.com *.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com assets.adobedtm.com commerce.adobe.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net *.magento-ds.com https://static.klaviyo.com https://fast.a.klaviyo.com www.xtento.com cdn.xtento.com https://www.googletagmanager.com tagmanager.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.iwdagency.com tagmanager.google.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net *.paypal.com qa-api.magedevteam.com https://static.klaviyo.com https://fast.a.klaviyo.com https://www.google-analytics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-bU2FWYchzVzQvFbbbtyI3g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-4Etap7RUWM5Tyc4Jm3ALpw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'none' ; manifest-src 'self' ; object-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.cookielaw.org e.eltonjohnaidsfoundation.org connect.facebook.net bat.bing.com www.youtube.com www.clarity.ms www.googletagmanager.com ajax.googleapis.com www.google-analytics.com *.dotdigital-pages.com tgbwidget.com js.dev.shift4.com www.dafdirect.org giveamply.com; style-src 'self' 'unsafe-inline' use.typekit.net p.typekit.net www.dafdirect.org; img-src 'self' data: cdn.cookielaw.org bat.bing.com www.google.com www.facebook.com www.google.co.tz www.google-analytics.com *.cdninstagram.com i.ytimg.com www.dafdirect.org www.googletagmanager.com *.clarity.ms www.google.co.za www.google.co.uk www.google.ca www.google.co.sa www.google.com.pk *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat ; font-src 'self' data: use.typekit.net ; connect-src 'self' data: *.onetrust.com cdn.cookielaw.org *.analytics.google.com *.clarity.ms *.google-analytics.com stats.g.doubleclick.net bat.bing.com analytics.google.com www.google.co.uk www.google.ca www.google.co.sa www.google.com.pk api-js.mixpanel.com www.facebook.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat ; media-src 'self' ; form-action 'self' www.facebook.com; frame-src 'self' e.eltonjohnaidsfoundation.org facebook.com www.youtube.com tgbwidget.com www.giveamply.com r1.dotdigital-pages.com www.youtube-nocookie.com; worker-src 'self' blob: ; report-to csp-endpoint 1 object-src 'none';base-uri 'self';script-src 'nonce-UR_n3yIVxSQpXnaeePQrlg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.zopim.com fonts.gstatic.com maxcdn.bootstrapcdn.com *.typekit.net js.klevu.com *.klarnacdn.net babipur.co.uk www.babipur.co.uk cdn.babipur.co.uk static.babipur.co.uk p7014794.vo.llnwd.net *.klevu.com *.ksearchnet.com data: data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.facebook.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.instagram.com www.google.com js.stripe.com *.doubleclick.net www.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com tst.kaptcha.com www.paypalobjects.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.cdninstagram.com 'self' data: www.google.co.uk *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com www.apptrian.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.google.com *.googleapis.com *.ggpht *.zopim.com https://v2assets.zopim.io https://static.zdassets.com www.sagepay.co.uk js.klevu.com site-assets.afterpay.com babipur.co.uk www.babipur.co.uk cdn.babipur.co.uk static.babipur.co.uk p7014794.vo.llnwd.net c.bing.com c.clarity.ms https://static.afterpay.com https://site-assets.afterpay.com/ validate.fishpig.co.uk *.klevu.com *.ksearchnet.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.instagram.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.stripe.com www.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com www.apptrian.com www.facebook.com connect.facebook.net graph.facebook.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com cdn.jsdelivr.net unpkg.com cdnjs.cloudflare.com *.zopim.com *.zdassets.com chimpstatic.com widget.trustpilot.com www.googletagmanager.com fonts.googleapis.com www.gstatic.com googleads.g.doubleclick.net maps.googleapis.com js.klevu.com *.klarnaservices.com *.clarity.ms *.newrelic.com *.nr-data.net babipur.co.uk www.babipur.co.uk cdn.babipur.co.uk static.babipur.co.uk p7014794.vo.llnwd.net https://browser.sentry-cdn.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com https://cdn.polyfill.io *.klevu.com *.ksearchnet.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com unsafe-inline fonts.googleapis.com maxcdn.bootstrapcdn.com *.typekit.net js.klevu.com *.klarnacdn.net babipur.co.uk www.babipur.co.uk cdn.babipur.co.uk static.babipur.co.uk p7014794.vo.llnwd.net static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com cdn.dnky.co webchat.dotdigital.com *.klevu.com *.ksearchnet.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com www.apptrian.com www.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.analytics.google.com *.facebook.com *.facebook.net www.google.co.uk www.apptrian.com connect.facebook.net graph.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com www.google.com www.googleadservices.com adservice.google.com *.google-analytics.com https://static.zdassets.com https://ekr.zdassets.com wss://*.zopim.com stats.g.doubleclick.net www.facebook.com *.klarnaservices.com *.sandbox.braintree-api.com *.clarity.ms *.newrelic.com *.nr-data.net *.ingest.sentry.io static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://*.ingest.sentry.io *.klevu.com *.ksearchnet.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src data: 'self' *.scality.com *.googleapis.com *.iubenda.com *.driftt.com *.googletagmanager.com *.licdn.com *.ads-twitter.com *.googleadservices.com *.google-analytics.com *.vimeo.com *.youtube.com *.facebook.net *.gstatic.com *.gravatar.com *.quora.com *.linkedin.com t.co *.twitter.com *.doubleclick.net *.google.com *.facebook.com *.linkedin.oribi.io 'sha256-S7YcB3YmyKIVSg36R+w7Tn+geIrh6AZFxpbmcKroGDg=' 'sha256-PcEZPcbpk5mW56Xu2LAHaoSbPvDjoWuEZFbBN14jxAc=' 'sha256-J3JwNDWlKTS/Oy0f91bqYzZXiNMJlQQ5lrG6D3li5AY=' 'sha256-wLdadQMuH1E8hsu2OILvVT8ua7uGd2doxK03P3/xGmA=' 'sha256-0VdufFu1s2zASIiyIPtnIWUHNhWyQjt2tRB0M01hZVU=' 'sha256-JXg14GX05InKvZots0/+mgHp5AdvjRCVDxvrgJoUSec=' 'sha256-VeWPTk9vbGfyr3pGfaAHXJ181TJCYPFvk4VP8yhTTUg=' 'sha256-0m31iOuh52QAavL07whpkl2F7EN8HXrMF/8y/dqS0vQ=' 'sha256-3Sxhuo5rUG35cp0lTVwSs8D53pm7fl26X35YwV1yn4k=' 'sha256-6U3HrORjchd++Tqis20/ph3MJVBsytcnIv6lVhAXYfU=' 'sha256-+fIejob1CS8FmACwUzNUlOcP4I08rPQcejJdqvYxY4c=' 'sha256-M3ibkOW2cxnSYYYws/gp/FZxT/57+O/av1moiAz6mQU=' 'sha256-2GhdhRdlYt6tOuAlvuvvdsQU+wrqsV0NqxrtCfJi2UE=' 'sha256-+aLPRy1XVSz3J4TB/q2GPhf14Z2bpiro19WK4oQJeKg=' 'sha256-pQnXMrCP6DP1ncPxrqVm6QIaZQaodvng1CHDoscicHM=' 'sha256-eCoyNhxRspOx4ECyGM0zql1JwuKcJn2WjYDn/rpwxIA=' 'sha256-NSAGkEgov3hrhcphYW4HEy+cJl5oN3/tgJw2RswlBPI=' 'sha256-thUPuyPBgftfzqrK9zROljkiP6ooABkfSZJ0pGxbKAY=' 'sha256-UR162uPYP1x+6dMjIP+TbfwXSZJgXGXXsxk3q0k9clY=' 'sha256-ZdToKcRSOkOVxoHbKvUQonI5B0I2CtOTT43NetlPUGI=' 'sha256-VqrnF4B4J9Y4bPMr7eFvVwQZZUT48w5WJm29LDfS7Dk=' 'sha256-kUqNmX3dAd7bOUSjjI1bJsNeBvJJSoO2FS1cQjpx0RM=' 'sha256-JUE0pc2n0qShUiiq4ulRENWsptInXFLjSpt7nEelSKA=' 'sha256-+17AcPK/e5AtiK52Z2vnx3uG3BMzyzRr4Qv5UQsEbDU=' 'sha256-gdCeG+kazELZgGBydDcwj/I9WSVcnuulGRLBKEbrCbE=' 'sha256-IKyiNFFuXgqmDjK/Unu35jh1lB99VN2VnDvdhCaDhWE=' 'sha256-RwQfjtzf3Ih0DjLHZUbaYagYot31lS72DDhWhYmMuL0=' 'sha256-KEMQgsmBZVONo9OBVidkBwbGh4v3OOXJyAoFF18XbCY=' 'sha256-0EZqoz+oBhx7gF4nvY2bSqoGyy4zLjNF+SDQXGp/ZrY=' 'sha256-tPvh7doUi0lDKt5OkvO6j+s8dK6600doKgDV2IJ36yk=' 'sha256-KX9Zx/fXXCaJAzFXDTFW4ENmeP8Jq2LxQrobOOpgfuk=' 'sha256-pqAEMQsYFpdtHRzLzUMWT2SnyQzprSXXr41BB7+lCCI=' 'sha256-MLdVrjdZHgEp8CGCjYxtlCWCUg6jXwLy05kD/z9fIwY=' 'sha256-tibLUQIAG1knTc3WnRWghMjMtuOXrcIOXTr+edU3iQY=' 'sha256-n5YXRz7/dqOa/Z37gA5/FEIkuqjzxZgJL93Zjfp837k=' 'sha256-Q79vKoiPq4dadtPwJP5UZmwV/mKyRrBwguHaZFqgKSw=' 'sha256-e2KHzxrHN7Jy45N99R3cYfdBIjwjCO7k3t5wZMlgd3k=' 'sha256-QZDyxPJfmjTLv9uS+RolNZVw13PvfP+XySTiJK2Hd1k=' 'sha256-r7KyHynNXX/FtjqOoC7OlklgO55joq+lWSfFCDReHuc=' 'sha256-O44lw/3Yla0V4BTnJF7iSvPMz1uzpwiL/HZOkLwE3Gw=' 'sha256-8//zSBdstORCAlBMo1/Cig3gKc7QlPCh9QfWbRu0OjU=' 'sha256-EwX6gzn3K/AeBvzO5uSU+LH3xuXvwiUguSK5J/jTMxg=' 'sha256-anQSeQoEnQnBulZOQkDOFf+e6xBIGmqh7M8YFT992co=' 'sha256-FiXrNyBvQSECgXpNHPIUt/8VzFRXqKiJpL80Dii0+PE=' 'sha256-2IwPEMjJnsBeA41htP8iL8dfL3a8+NVVDrwS18/ZowA=' 'sha256-aOggrqKZ9AZdAuZq31nYbjzM+50q6I+8ZxS2a52KYnY=' 'sha256-3yUOeBSNLmVLhzy2cTlZmdtRJQXWLxSA/E51SOwjSTI=' 'sha256-zv+TlpbzRb3Mm2i/fg38u37hwyICCDAXKdInm5tUZdE=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-7+RUsEnrg3YXE5XMVugbQn9leiM/TETGCsi60nZliGc=' 'sha256-oZlf01l5AdP+mIMheGjoxTgv3GQW5Ku11J+uuuA1VFk=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-kdtIyak/d3OLQkJ/Refi3mhA0zyTNXnD/AF04Z/Sgig=' 'sha256-Rhg3S7wrfZRL4kPMCUfn+OAMuaFo9fLNxOpTHqgeXes=' 'sha256-4hbsAQxnipvl0oUUMnfZcJUGqp94jY9wPnzK9ZaegP8=' 'nonce-xyz123' 'sha256-sew3KwAFRzWIaGqE4C10PXrgRzJxUWookBCOBUj97bU=' 'sha256-6HEDi6GJaW/mlKuRC3TymdISjIBvkhwFx0Rt5LNlQyw=' 'sha256-Kjj/Tex7ueRnuRcn1JsMfxIjuqhUBxCeJsUKrjTibO0=' 'sha256-VXxek2LFMTbBVb+Ls08iTNUOeDK68BBUPaImx9rZnJY=' 'sha256-xyCqk4W4s5GMDEhPNFf0gOlJhi5oJz1dxiXWL+cO3Q4=' 'sha256-xyCqk4W4s5GMDEhPNFf0gOlJhi5oJz1dxiXWL+cO3Q4=' 'sha256-tWNTSBfhUX/Wbg48n9e794BNXT85bNKNcJw+c2HFGSM=' 'sha256-ut4e1ECCP1dXMQZH+jAZGmqAZFVkixfJlMzoaw/S3NQ=' 'sha256-sEQPLWreW1n3Ho8iPrlZL2SFfWhkAm7J41LJOF14Dq8=' 'sha256-m05CS2Z6VnNwZwwGWdDb5FjRykCe5MmsYyWdgLlHnK4=' 'sha256-tRLB+r1Nq6mUWmo/92S3NU8PuSJXY+Mj+XDi9rsLJi4=' 'sha256-24ZMYejT55x08h0seZwIQRZbYOGNg8xrWF12SooBneA=' 'sha256-AUVV1IGGp0mXp///jysrVeiRm/OhzupXuSQaLDlH54o=' 'sha256-5/nq0b2Krxp6A3IwhKuzxL/Ox5WYKFZd/eYRAPb5pJk=' 'sha256-sEQPLWreW1n3Ho8iPrlZL2SFfWhkAm7J41LJOF14Dq8=' 'sha256-2AIAcI7UH9jAH7ttbugLVt/w+Vjg4Rd+Ner6diekjMw=' 'sha256-TENBHYYb7z4gHGlsrrJcHxCh6evPlmHuDVfq+/llhag=' 'sha256-Uyam2daOqhX5aHFAU9O0GqBh01j5KKVa6lMhcCG2cxA=' 'sha256-RZuh6GlSBc8sVHOTLV1gJG4XyTZOvBd96Y6WMCSbEb8=' 'sha256-dWnqhgDHngfouJiYSI6KOX2u2WSgOVFrVCyQ9eQZrZ4=' 'sha256-mdQ9lWCRmmVVN867uLdZycpVpmc2y/u7HFHoWkHry5c=' 'sha256-2qtLvTsILqB5ruu5OTcT0erYo1CM4arx4Ms+NMRfSVo=' 'sha256-2tljRLkDPUbB6+9s+CRj3yaI2DkeQ6sLh4a535TP03M=' 'sha256-Uud6QBR3pyG4elp+6a25GhdUWzamIaPg/7kEX1nJdD4=' 'sha256-J48fieUc1gILr/kl45ayILKRISMXLjKs2IeskRq0xW4=' 'sha256-bgmFfv4ubmtPYF8pm1tM22f0K0enf4RZ/ErbBEUGV7I=' 'sha256-ctAkYNLFto3HXvJ4ST6H4AViU1adsJ7Dw+vkTsqu3c4=' 'sha256-ffQTZFwS2PLDM5khJjzdO2zC5qfSSDENXh8zkfttVro=' 'sha256-5CCsrnVHVt8lxhSHYu/xmUn3vH/1lBmu5KQxXemaGd0=' 'sha256-ryTlN144pQ2ggsAEe1nWUa+5jVaoPCUG3OJ2n+8d/9E=' 'sha256-5hFIvTIXZutqOJSvgF2Yv77sn5FYHYe5YfSGtSkLDL4=' 'sha256-Y2u6exBdsyFf+LFYV4q4sU5x+/YMTS3266ZsoSDKgnY=' 'sha256-xDbnxoin2Z6D83qQOQ1AsRKhuYpRWkoNXC3N6GevTw8=' 'sha256-8ISywp2eygEzrIYHy/8nIt0wvRtAE1Q8Wc4Wfi25jZA=' 'sha256-0EdKgb+0FBwFiTrrWH3iyc4WMTtfWLQxAQS2xjn7+Fc=' 'sha256-6s2PqI37j91L+08TXHRjCgWDXXup6kkbHMxO7c/zU9M=' 'sha256-dmcT1NqHe+C7ZubomRN86W0vZydU1wfCLwJuco1AQFE=' 'sha256-LDK4IDbsSoNpLWDDSRsgE6+wNN9DRwsFCsIqj9uLVo0=' 'sha256-0Yi7kRUMdrQx4EBKr1eJ94FiT0tajBF7w4p+p4qk/II=' 'sha256-LDK4IDbsSoNpLWDDSRsgE6+wNN9DRwsFCsIqj9uLVo0=' 'sha256-6jFprU2dZ2iovHnfcIFbd/JXht/pXa/wUYdy96Dc7I8=' 'sha256-uTGGlhIqb4uh/K39FAetN+VET6m9vVLzwphPivM/Dek=' 'sha256-uTGGlhIqb4uh/K39FAetN+VET6m9vVLzwphPivM/Dek=' 'sha256-LDK4IDbsSoNpLWDDSRsgE6+wNN9DRwsFCsIqj9uLVo0=' 'sha256-b70FazHzC4MkhJDzJFFYRGYvOcaGfV90vJmRAnRSq/k=' 'sha256-b70FazHzC4MkhJDzJFFYRGYvOcaGfV90vJmRAnRSq/k=' 'sha256-vD8nXs4MbtnYNbQoUgNeHZr+UiEdNpnXAB+Oy/iag1c=' 'sha256-MsOPo6tHG8zL+gswqgVz8U1v7C1jYsD55z6j07oZV2o=' 'sha256-tPbadijeJTDLgcqT5olBZ0adJEFG3EduhSW4/W1CWGQ=' 'sha256-MxcNZkUDYaw5X6fRdtPVYSphb3sr+1fU42Hr/UuIYSo=' 'sha256-pcOaZX6XrJPVpEuoepiFd9aQpNzaNrtLY8Gzq4/9XNY=' 'sha256-9pu/Sbu1DLddnETACRHQv0xjyHjsRNtfvMbFBH3iKLc=' 'sha256-9pu/Sbu1DLddnETACRHQv0xjyHjsRNtfvMbFBH3iKLc=' 'sha256-XeTS4fSvFlmS8NTm0hdUw6RsPEpSb+9j6D7yS03fWyY=' 'sha256-ktDhSNYfn064hgNhhnHhz/qEOuClhXGAEzZjWgFLIPE=' 'sha256-YOJtfjbRy8isCtqPG7386k/LoVdlPbyAfbb8/iwfaE0=' 'sha256-8riiyb2j1cQB8etJiOvAJ5QiZqFA0WA1Zdm3AScmY5c=' 'sha256-CiPKW6viwd1BhJys4a3U5kG0sFhvGa/oYEpEO6UIHnw=' 'sha256-2mL/XhW3jpMEddG2GPE+UxXSFzLxy+b3lQHoxNyPUXU=' 'sha256-Hb5mVaBGDzWSSyTs3zqPIADQiGNL25chOEpJ437JO0c=' 'sha256-eIpvDRdzmNFlJNyZhRuhhB0pyFiAwR2rIXYuqK5GNqk=' 'sha256-8riiyb2j1cQB8etJiOvAJ5QiZqFA0WA1Zdm3AScmY5c=' 'sha256-pMop3HAIcocQLlp+DSdxQvNZ8GwN29ZZLrBMyHhz+OE=' 'sha256-DSSLnbjJTKfoXNmBRyLQP7Sgn/M9WkNnj+0Cdl8aXYQ=' ; style-src 'self' *.iubenda.com *.googleapis.com *.scality.com 'unsafe-inline' ; 1 default-src 'self' *.vbw-bayern.de vbw-bayern.de; script-src 'self' 'unsafe-inline' https://*.etracker.com https://*.etracker.de https://*.vimeo.com https://api.signalize.com *.vbw-bayern.de vbw-bayern.de; style-src 'self' 'unsafe-inline' *.vbw-bayern.de vbw-bayern.de; img-src 'self' data: https://*.vimeo.com https://*.vimeocdn.com *.vbw-bayern.de vbw-bayern.de; frame-src 'self' https://*.vimeo.com *.vbw-bayern.de vbw-bayern.de; font-src 'self' data: *.vbw-bayern.de vbw-bayern.de; connect-src 'self' https://*.etracker.com https://*.etracker.de *.vbw-bayern.de vbw-bayern.de; form-action 'self' https://pdf.arbeitgeber.bayern *.vbw-bayern.de vbw-bayern.de; report-uri https://rest.baymevbm.de/apps/csp/report; report-to csp-endpoint 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com *.google-analytics.com www.2checkout.com connect.facebook.net www.google.com www.gstatic.com *.amazon-adsystem.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com; img-src 'self' data: librarika.com covers.librarika.com:8443 storage101.lon3.clouddrive.com *.ssl.cf3.rackcdn.com *.media-amazon.com *.ssl-images-amazon.com *.amazon-adsystem.com *.amazon.com *.gstatic.com *.google-analytics.com *.google.com; font-src 'self' data: fonts.gstatic.com; frame-src *.librarika.com www.2checkout.com *.facebook.com *.google.com *.amazon-adsystem.com *.youtube.com; connect-src 'self' www.google-analytics.com; object-src 'none'; report-uri https://5e5aa7c5f482dc373380fd2db250ce83.report-uri.com/r/d/csp/enforce 1 object-src 'none';base-uri 'self';script-src 'nonce-lsapNym_nYYYhB0NsNCkGw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: content.etilize.com cdn.jsdelivr.net live.icecat.biz www.fastbase.com js.testfreaks.com *.paypal.com www.compsource.com media.flixcar.com *.twitter.com sdk.beeketing.com ws.cs.1worldsync.com bat.bing.com *.clarity.ms syndi.webcollage.net medals.bizrate.com a.sellpoint.net content.syndigo.com api.videoly.co cc.cs.1worldsync.com cdn.cs.1worldsync.com secure.trust-guard.com maxcdn.bootstrapcdn.com www.google-analytics.com *.vimeo.com www.affirm.com *.googlesyndication.com calculator.affirm.com *.cloudfront.net prod.flixgvid.flix360.io *.doubleclick.net seal-cleveland.bbb.org *.windows.net reseller.spexaccess.net www.googletagmanager.com i.ytimg.com *.googleapis.com objects.icecat.biz *.tawk.to event.webcollage.net code.jquery.com www.google.com apis.google.com unpkg.com *.gstatic.com api-cf.affirm.com cdn1.affirm.com event.syndigo.cloud www.youtube.com *.facebook.net newassets.hcaptcha.com gapi.beeketing.com use.fontawesome.com polyfill.io dapi.videoly.co img.youtube.com media.flixfacts.com tracker.affirm.com scontent.webcollage.net js.hcaptcha.com images.icecat.biz accounts.google.com fastbase.com cdnjs.cloudflare.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.doubleclick.net secure.gravatar.com cdn.cookielaw.org events.tryamped.com ws.sharethis.com cdn.honey.io *.criteo.com p.typekit.net *.gstatic.com analytics.google.com use.typekit.net *.hotjar.com churc11180.pcapredict.com *.googleusercontent.com *.online-metrix.net cddt3p.digitaltargetonline.com *.bazaarvoice.com *.tiktok.com content.hotjar.io tags.w55c.net ib.adnxs.com aacdn.nagich.com www.toppik.com www.google.com services.postcodeanywhere.co.uk adservice.google.com bat.bing.com data.amped.io *.omtrdc.net get.exitintel.com *.facebook.com www.youtube.com *.pinterest.com client-analytics.braintreegateway.com imgs.signifyd.com t.mplxtms.com app.amped.io l.sharethis.com esp-m.aptrinsic.com *.onetrust.com amped-prod-uploadsc5d9e923-stnmnwldfzjn.s3.amazonaws.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 default-src https://www.google.com https://maps.google.com https://maps.googleapis.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.loterie.lu https://loterie.lu https://195.46.247.200 https://10.8.215.223 https://region1.analytics.google.com https://consent.cookiebot.com; font-src data: https://stats.g.doubleclick.net https://www.loterie.lu https://loterie.lu https://consent.cookiebot.com https://195.46.247.200 https://10.8.215.223 https://fonts.gstatic.com https://region1.analytics.google.com 'unsafe-inline' 'unsafe-eval'; script-src https://maps.google.com https://maps.googleapis.com https://www.google.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.googletagmanager.com https://www.loterie.lu https://loterie.lu https://consent.cookiebot.com https://195.46.247.200 https://10.8.215.223 https://region1.analytics.google.com 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' https://maps.google.com https://maps.googleapis.com http://fonts.googleapis.com https://stats.g.doubleclick.net https://www.loterie.lu https://loterie.lu https://consent.cookiebot.com https://195.46.247.200 https://region1.analytics.google.com https://10.8.215.223; object-src https://maps.google.com https://maps.googleapis.com https://stats.g.doubleclick.net https://www.loterie.lu https://loterie.lu https://consent.cookiebot.com https://195.46.247.200 https://region1.analytics.google.com https://10.8.215.223; img-src https://maps.googleapis.com https://www.google.com https://www.google.pl https://maps.gstatic.com https://stats.g.doubleclick.net https://www.loterie.lu https://loterie.lu https://consent.cookiebot.com https://195.46.247.200 https://10.8.215.223 https://region1.analytics.google.com https://www.google-analytics.com data:; frame-src https://www.saferpay.com https://maps.google.com https://maps.googleapis.com https://consent.cookiebot.com https://www.loterie.lu https://region1.analytics.google.com https://loterie.lu; upgrade-insecure-requests; 1 font-src https://use.fontawesome.com https://fonts.gstatic.com https://staticw2.yotpo.com use.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net yotpo.com p.yotpo.com loyalty.yotpo.com cdn-swell-assets.yotpo.com cdn-widget-assets.yotpo.com cdn-widgetsrepository.yotpo.com swellrewards.com cdn.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com https://www.googletagmanager.com/ https://www.youtube.com https://vars.hotjar.com yotpo.com p.yotpo.com loyalty.yotpo.com cdn-swell-assets.yotpo.com cdn-widget-assets.yotpo.com cdn-widgetsrepository.yotpo.com swellrewards.com cdn.swellrewards.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://bat.bing.com https://*.g.doubleclick.net https://www.google.com *.yotpo.com *.kaltura.com https://www.facebook.com store.paradoxlabs.com yotpo.com p.yotpo.com loyalty.yotpo.com cdn-swell-assets.yotpo.com cdn-widget-assets.yotpo.com cdn-widgetsrepository.yotpo.com swellrewards.com cdn.swellrewards.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://r2-t.trackedlink.net https://www.googletagmanager.com https://bat.bing.com https://static.trackedweb.net https://beacon-v2.helpscout.net https://connect.facebook.net https://www.google.com https://cdnapisec.kaltura.com https://www.gstatic.com https://staticw2.yotpo.com https://*.hotjar.com https://js-agent.newrelic.com https://bam.nr-data.net *.authorize.net yotpo.com p.yotpo.com loyalty.yotpo.com cdn-swell-assets.yotpo.com cdn-widget-assets.yotpo.com cdn-widgetsrepository.yotpo.com swellrewards.com cdn.swellrewards.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://cdnjs.cloudflare.com https://use.fontawesome.com https://fonts.googleapis.com https://staticw2.yotpo.com yotpo.com p.yotpo.com loyalty.yotpo.com cdn-swell-assets.yotpo.com cdn-widget-assets.yotpo.com cdn-widgetsrepository.yotpo.com swellrewards.com cdn.swellrewards.com fonts.googleapis.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://beacon-v2.helpscout.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://*.cloudfront.net https://r2.trackedweb.net *.yotpo.com https://*.hotjar.com https://www.google-analytics.com https://*.g.doubleclick.net *.authorize.net jstest.authorize.net yotpo.com p.yotpo.com loyalty.yotpo.com cdn-swell-assets.yotpo.com cdn-widget-assets.yotpo.com cdn-widgetsrepository.yotpo.com swellrewards.com cdn.swellrewards.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 frame-src *.youtube.com 1 default-src 'self'; connect-src 'self' ddaudio.com adservice.google.com listgrowth.ctctcdn.com pro.ip-api.com properties stats.g.doubleclick.net facebook.com www.google-analytics.com google-analytics.com maps.googleapis.com translate.googleapis.com google-analytics.com ad.doubleclick.net www.google.com analytics.google.com; font-src 'self' ddaudio.com use.typekit.net fonts.gstatic.com; frame-src 'self' ddaudio.com www.facebook.com www.google.com www.youtube.com www.googletagmanager.com td.doubleclick.net; img-src 'self' data: android-webview-video-poster ddaudio.com ddaudio.me www.facebook.com i.ytimg.com static.ctctcdn.com static.cloudflareinsights.com ad.doubleclick.net googleads.g.doubleclick.net www.google-analytics.com adservice.google.com maps.gstatic.com maps.googleapis.com translate.google.com www.googletagmanager.com www.gstatic.com www.google.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.com.ai www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.ms www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.vg www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat; media-src 'self' data: ddaudio.com www.youtube.com; script-src-elem 'self' ddaudio.com connect.facebook.net www.google-analytics.com www.googletagmanager.com www.googleadservices.com static.cloudflareinsights.com cdnjs.cloudflare.com googleads.g.doubleclick.net maps.googleapis.com static.cloudflareinsights.com static.ctctcdn.com www.google.com www.gstatic.com; script-src 'self' ddaudio.com connect.facebook.net static.cloudflareinsights.com www.google-analytics.com www.googletagmanager.com maps.googleapis.com cdnjs.cloudflare.com; style-src-elem 'self' 'unsafe-inline' ddaudio.com p.typekit.net static.ctctcdn.com use.typekit.net fonts.googleapis.com; style-src 'self' 'unsafe-inline' ddaudio.com googleads.g.doubleclick.net static.ctctcdn.com www.google.com www.gstatic.com maps.googleapis.com static.cloudflareinsights.com p.typekit.net use.typekit.net; object-src 'none'; report-uri https://ddaudio.report-uri.com/r/d/csp/wizard 1 script-src https: 'strict-dynamic' 'report-sample' 'nonce-TFlxZJOhRdV2MpJ1Qu5engmzPRH/5ney2QPkN9ZJgLY='; base-uri 'self';report-to csp-endpoint 1 font-src fonts.gstatic.com use.typekit.net images.latitudepayapps.com imageapi.magebinary.co.nz *.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.images.latitudepayapps.com *.imageapi.magebinary.co.nz *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net https://*.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk www.google.com *.braintreegateway.com *.google.com https://*.facebook.com *.doubleclick.net *.shophumm.com.au *.criteo.com *.hotjar.com *.adsrvr.org *.freshchat.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.xtento.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com https://img.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://static.afterpay.com https://site-assets.afterpay.com/ ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.klevu.com *.cloudflare.com https://cdn.klarna.com *.paypal.com *.afterpay.com *.cloudfront.net https://*.paypal.com *.nextopia.net https://*.zipmoney.com.au https://*.facebook.com *.data-dynamic.net images.latitudepayapps.com *.godfreys.com.au *.feefo.com *.google.com *.google.com.au *.googletagmanager.com.au *.googletagmanager.com *.gstatic.com *.googleapis.com *.bing.com *.criteo.com *.bluekai.com *.socdm.com *.krxd.net *.pubmatic.com *.outbrain.com *.mediavine.com *.aralego.com *.aralego.net *.smaato.net *.clmbtech.com *.yieldmo.com *.emxdgt.com *.doubleclick.net *.bidswitch.net *.adnxs.com *.media.net *.rubiconproject.com *.sharethrough.com *.smartadserver.com *.taboola.com *.teads.tv *.yahoo.com *.casalemedia.com *.dable.io *.adingo.jp *.stickyadstv.com *.rlcdn.com *.3lift.com *.360yield.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com *.facebook.com www.xtento.com cdn.xtento.com t.zip.co static.zipmoney.com.au data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com polyfill.io www.google.com/recaptcha/ www.gstatic.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com *.forter.com *.cloudfront.net *.openpay.com.au https://js-agent.newrelic.com https://oc-library.playground.klarnaservices.com/lib.js images.latitudepayapps.com *.bing.com *.criteo.com *.facebook.net *.mytopia.com.au *.google.com *.googleoptimize.com *.cfjump.com *.freshchat.com *.zip.co js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com unpkg.com www.xtento.com cdn.xtento.com static.zipmoney.com.au zip.co https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com downloads.mailchimp.com images.latitudepayapps.com/ imageapi.magebinary.co.nz/ https://js.klevu.com/klevu-css/* *.klevu.com *.cloudflare.com *.bootstrapcdn.com *.fontawesome.com *.googleapis.com *.ecomm-nav.com https://*.zipmoney.com.au *.nextopiasoftware.com https://*.facebook.com https://*.safelinks.protection.outlook.com/ *.zdassets.com *.barilliance.com *.barilliance.net *.newrelic.com *.nr-data.net data: https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://use.typekit.net https://p.typekit.net *.nextopia.net *.cloudfront.net *.freshchat.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.algolia.net *.algolia.io *.algolianet.com *.insights.algolia.io *.cloudfront.net *.forter.com *.zipmoney.com.au *.zip.co *.criteo.com *.googlesyndication.com *.facebook.com *.googleapis.com *.afterpay.com *.qrtags.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.images.latitudepayapps.com *.imageapi.magebinary.co.nz 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 script-src https: 'strict-dynamic' 'report-sample' 'nonce-7F2Uq1vk5KdTeJDTxaWsB+r/yvO3Z24++OMmL6Dk+AY='; base-uri 'self';report-to csp-endpoint 1 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.eands.com.au https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.eands.com.au 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com https://www.google.com *.doubleclick.net *.facebook.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.eands.com.au *.criteo.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.adyen.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com songbirdstag.cardinalcommerce.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.eands.com.au *.newrelic.com *.nr-data.net *.googleapis.com *.criteo.net *.criteo.com https://www.gstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com downloads.mailchimp.com *.eands.com.au *.typography.com unsafe-inline 'self' 'unsafe-inline'; object-src *.eands.com.au 'self' 'unsafe-inline'; media-src *.adobe.com *.eands.com.au 'self' 'unsafe-inline'; manifest-src *.eands.com.au 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com thm.visa.com *.eands.com.au *.nr-data.net *.newrelic.com *.googleapis.com https://ipinfo.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com t.elasticsuite.io 'self' 'unsafe-inline'; child-src *.eands.com.au assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.eands.com.au *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.gstatic.com use.typekit.net *.cloudflare.com *.twitter.com *.facebook.net *.gstatic.com *.typekit.net *.twimg.com *.hotjar.com *.trustedshops.com *.googleapis.com *.magentocommerce.com *.paypal.com *.cardinalcommerce.com *.authorize.net *.fontawesome.com *.trusturk.com *.jivosite.com *.dia.com.tr *.googletagmanager.com *.google-analytics.com *.gurgencler.test *.creativecdn.com https://creativecdn.com wss://chat-eu1-2.jivosite.com wss://vi-ya3.jivosite.com wss://vi-ya2.jivosite.com *.segmentify.com *.doubleclick.net *.mncdn.com *.speedsize.com *.useinsider.com *.licdn.com *.gurgencler.com *.linkedin.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.google.com *.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com https://www.googletagmanager.com/ *.twitter.com *.google.com *.gstatic.com *.hotjar.com *.google.com.tr *.veinteractive.com *.demdex.net *.solocpm.com *.facebook.com *.facebook.net *.addthis.com *.livechatinc.com *.yandex.ru *.adyen.com *.vimeo.com *.doubleclick.net *.bluekai.com *.useinsider.com *.trusturk.com *.jivosite.com *.dia.com.tr node-eu1-b-1.jivosite.com *.paypal.com *.googletagmanager.com *.google-analytics.com *.gurgencler.test *.creativecdn.com https://creativecdn.com wss://vi-ya3.jivosite.com wss://vi-ya2.jivosite.com wss://chat-eu1-2.jivosite.com *.segmentify.com *.mncdn.com *.speedsize.com *.licdn.com *.gurgencler.com *.linkedin.com *.googleapis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.swagger.io http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.paypalobjects.com *.hotjar.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.magentocommerce.com *.cardinalcommerce.com *.authorize.net *.omtrdc.net *.newrelic.com *.doubleclick.net *.google.com *.google.com.tr *.facebook.com *.facebook.net *.demdex.net *.everesttech.net *.googleapis.com *.gstatic.com *.adis.ws *.livechatinc.com *.yandex.ru *.adyen.com *.setrowid.com *.setrow.com *.instagram.com *.useinsider.com *.googletagmanager.com *.trusturk.com *.jivosite.com *.dia.com.tr *.gurgencler.test *.creativecdn.com https://creativecdn.com wss://chat-eu1-2.jivosite.com wss://vi-ya3.jivosite.com wss://vi-ya2.jivosite.com *.segmentify.com *.mncdn.com *.speedsize.com *.licdn.com *.gurgencler.com *.linkedin.com *.mobilexpress.com.tr www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net assets.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.magentocommerce.com *.paypal.com *.hotjar.com *.cardinalcommerce.com *.authorize.net *.omtrdc.net *.instana.io *.google.com *.google.com.tr *.googletagmanager.com *.veinteractive.com *.facebook.net *.supert.ag *.setrowid.com *.mainadv.com *.doubleclick.net *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.livechatinc.com *.yandex.ru *.adyen.com *.vimeo.com *.jsdelivr.net *.setrow.com *.instagram.com *.criteo.com *.criteo.net *.ciritizr.com *.bkrtx.com *.cloudfront.net *.useinsider.com *.critizr.com *.behance.net *.swagger.io *.trusturk.com *.gurgencler.test *.dia.com.tr *.jivosite.com *.creativecdn.com https://creativecdn.com wss://chat-eu1-2.jivosite.com wss://vi-ya3.jivosite.com wss://vi-ya2.jivosite.com *.segmentify.com *.mncdn.com *.speedsize.com *.licdn.com *.gurgencler.com *.linkedin.com *.mobilexpress.com.tr js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.facebook.net *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.magentocommerce.com *.fontawesome.com *.paypal.com *.paypalobjects.com *.hotjar.com *.cardinalcommerce.com *.authorize.net *.omtrdc.net *.newrelic.com *.setrowid.com *.setrow.com *.critizr.com *.useinsider.com *.adobedtm.com *.google-analytics.com *.googletagmanager.com *.swagger.io *.jivosite.com *.dia.com.tr *.trusturk.net *.gurgencler.test *.creativecdn.com https://creativecdn.com wss://chat-eu1-2.jivosite.com wss://vi-ya3.jivosite.com wss://vi-ya2.jivosite.com *.segmentify.com *.doubleclick.net *.mncdn.com *.speedsize.com *.licdn.com *.gurgencler.com *.linkedin.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.trusturk.com *.jivosite.com *.dia.com.tr node-eu1-b-1.jivosite.com *.paypal.com *.googletagmanager.com *.google-analytics.com *.gurgencler.test *.creativecdn.com https://creativecdn.com wss://chat-eu1-2.jivosite.com wss://vi-ya3.jivosite.com wss://vi-ya2.jivosite.com *.segmentify.com *.doubleclick.net *.mncdn.com *.speedsize.com *.useinsider.com *.licdn.com *.gurgencler.com *.linkedin.com *.googleapis.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net *.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net *.bolt.com qa-api.magedevteam.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.cloudflare.com *.google-analytics.com *.doubleclick.net *.twitter.com *.facebook.com *.facebook.net *.paypal.com *.paypalobjects.com *.hotjar.com *.hotjar.io *.twimg.com *.magentocommerce.com *.cardinalcommerce.com *.cardinalcommerce.net *.veinteractive.com *.demdex.net *.yandex.ru *.vimeo.com *.setrowid.com *.setrow.com *.useinsider.com *.adobedtm.com *.swagger.io *.trusturk.com *.jivosite.com *.dia.com.tr *.googletagmanager.com *.gurgencler.test *.creativecdn.com https://creativecdn.com wss://chat-eu1-2.jivosite.com wss://vi-ya3.jivosite.com wss://vi-ya2.jivosite.com *.segmentify.com *.mncdn.com *.speedsize.com *.licdn.com *.gurgencler.com *.linkedin.com *.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-1N5k6y2phYMpkZ-knCAWXA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.yotpo.com *.googleapis.com *.gstatic.com images.latitudepayapps.com imageapi.magebinary.co.nz *.fontawesome.com maxcdn.bootstrapcdn.com *.cdninstagram.com *.amazonaws.com *.data-dynamic.net *.blob.core.windows.net *.jameslane.com.au *.azurewebsites.net *.azureedge.net *.servicebus.windows.net *.zdassets.com *.typekit.net *.zopim.com *.facebook.com *.facebook.net *.google.com *.zipmoney.com.au *.paypalobjects.com widget-mediator.zopim.com *.hotjar.com *.srv.stackadapt.com *.latitudefinancial.com *.latitudepayapps.com *.lfscnp.com *.paypal.com *.zendesk.com *.tiktok.com cdnjs.cloudflare.com zip.co *.edge.zip.co *.afterpay.com *.google.com.ua *.cloudfront.net *.preezie.com *.pinterest.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.yotpo.com *.images.latitudepayapps.com *.imageapi.magebinary.co.nz *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * widget-mediator.zopim.com *.jameslane.com.au *.hotjar.com *.srv.stackadapt.com *.facebook.com facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk www.xtento.com *.yotpo.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://secure.tillpayments.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com widget-mediator.zopim.com *.jameslane.com.au *.hotjar.com *.srv.stackadapt.com *.zipmoney.com.au *.edge.zip.co *.afterpay.com *.google.com.ua *.cloudfront.net *.preezie.com *.pinterest.com *.facebook.com facebook.com *.paypalobjects.com paypalobjects.com *.kaptcha.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://static.afterpay.com https://site-assets.afterpay.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.xtento.com cdn.xtento.com *.yotpo.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com t.zip.co static.zipmoney.com.au *.cdninstagram.com *.amazonaws.com *.data-dynamic.net *.blob.core.windows.net *.jameslane.com.au *.googleapis.com *.gstatic.com *.azurewebsites.net *.azureedge.net *.servicebus.windows.net *.zdassets.com *.typekit.net *.zopim.com *.facebook.com *.facebook.net *.google.com *.zipmoney.com.au *.paypalobjects.com widget-mediator.zopim.com *.hotjar.com *.srv.stackadapt.com *.latitudefinancial.com *.latitudepayapps.com *.lfscnp.com *.zendesk.com *.tiktok.com cdnjs.cloudflare.com zip.co *.edge.zip.co *.afterpay.com *.google.com.ua *.cloudfront.net *.preezie.com *.pinterest.com *.rakuten.com *.linksynergy.com *.nxtck.com *.xg4ken.com *.leadsrx.com data: 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com https://api.addressfinder.io https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com polyfill.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.xtento.com cdn.xtento.com *.yotpo.com cdn.lr-ingest.io https://cdn.jsdelivr.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com s7.addthis.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://gateway.tillpayments.com https://test-gateway.tillpayments.com https://secure.tillpayments.com static.zipmoney.com.au zip.co js-agent.newrelic.com bam.nr-data.net trx-cdn.zip.co static.zip.co api.instagram.com googleads.g.doubleclick.net *.instagram.com *.barilliance.com *.barilliance.net *.googleapis.com *.azureedge.net *.servicebus.windows.net *.zdassets.com *.zopim.com *.facebook.net *.rakuten.com *.pinimg.com cdnapisec.kaltura.com widget-mediator.zopim.com *.jameslane.com.au *.hotjar.com *.srv.stackadapt.com *.latitudefinancial.com *.latitudepayapps.com *.lfscnp.com *.zendesk.com *.tiktok.com cdnjs.cloudflare.com *.linksynergy.com *.nxtck.com *.xg4ken.com *.leadsrx.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://api.addressfinder.io static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com https://static.klaviyo.com *.yotpo.com *.googleapis.com images.latitudepayapps.com/ imageapi.magebinary.co.nz/ *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.cdninstagram.com *.amazonaws.com *.data-dynamic.net *.blob.core.windows.net *.jameslane.com.au *.gstatic.com *.azurewebsites.net *.azureedge.net *.servicebus.windows.net *.zdassets.com *.typekit.net *.zopim.com *.facebook.com *.facebook.net *.google.com *.zipmoney.com.au *.paypalobjects.com widget-mediator.zopim.com *.hotjar.com *.srv.stackadapt.com static-tracking.klaviyo.com 'self' 'unsafe-inline'; object-src widget-mediator.zopim.com *.jameslane.com.au *.hotjar.com *.srv.stackadapt.com 'self' 'unsafe-inline'; media-src *.cdninstagram.com *.amazonaws.com *.data-dynamic.net *.blob.core.windows.net *.jameslane.com.au *.googleapis.com *.gstatic.com *.azurewebsites.net *.azureedge.net *.servicebus.windows.net *.zdassets.com *.typekit.net *.zopim.com *.facebook.com *.facebook.net *.google.com *.zipmoney.com.au *.paypalobjects.com widget-mediator.zopim.com *.hotjar.com *.srv.stackadapt.com 'self' 'unsafe-inline'; manifest-src widget-mediator.zopim.com *.jameslane.com.au *.hotjar.com *.srv.stackadapt.com 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://api.addressfinder.io static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.yotpo.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://gateway.tillpayments.com https://test-gateway.tillpayments.com wss://widget-mediator.zopim.com bam.nr-data.net trx.sandbox.zip.co api.instagram.com stats.g.doubleclick.net analytics.google.com *.instagram.com *.barilliance.com *.barilliance.net *.googleapis.com *.gstatic.com *.azurewebsites.net *.azureedge.net *.servicebus.windows.net *.zdassets.com *.zopim.com *.amplitude.com *.hotjar.io trx.zip.co widget-mediator.zopim.com *.jameslane.com.au *.hotjar.com *.srv.stackadapt.com *.latitudefinancial.com *.latitudepayapps.com *.lfscnp.com *.zendesk.com *.tiktok.com cdnjs.cloudflare.com zip.co *.zipmoney.com.au *.edge.zip.co *.afterpay.com *.google.com.ua *.cloudfront.net *.preezie.com *.pinterest.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com widget-mediator.zopim.com *.jameslane.com.au *.hotjar.com *.srv.stackadapt.com http: https: blob: 'self' 'unsafe-inline'; default-src *.images.latitudepayapps.com *.imageapi.magebinary.co.nz widget-mediator.zopim.com *.jameslane.com.au *.hotjar.com *.srv.stackadapt.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri widget-mediator.zopim.com *.jameslane.com.au *.hotjar.com *.srv.stackadapt.com 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.bazaarvoice.com azcd.joycemayne.com.au secure.checkout.visa.com media.flixcar.com joycemayne.resultspage.com api.zipmoney.com.au www.google.com static.zipmoney.com.au bam.nr-data.net *.omtrdc.net *.googlesyndication.com assets.resultspage.com www.google-analytics.com *.doubleclick.net assets.adobedtm.com *.facebook.com *.gstatic.com www2.joycemayne.com.au *.facebook.net rt.flix360.com *.freshchat.com edge.fullstory.com api.ipstack.com www.googletagmanager.com www.harveynorman.com.au rs.fullstory.com adservice.google.com *.imgix.net www.pages07.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 font-src fonts.googleapis.com fonts.gstatic.com *.cloudflare.com sdkm.gwbq.fr *.twitter.com *.gstatic.com *.typekit.net https://fonts.gstatic.com *.fontawesome.com *.bootstrapcdn.com media.lepetitsouk.fr static.lepetitsouk.fr d3gbdgnfs9ulge.cloudfront.net lepetitsouk.piwik.pro lepetitsouk.containers.piwik.pro 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.twitter.com media.lepetitsouk.fr static.lepetitsouk.fr d3gbdgnfs9ulge.cloudfront.net lepetitsouk.piwik.pro lepetitsouk.containers.piwik.pro *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.weltpixel.com *.adyen.com *.twitter.com *.google.com *.pinterest.com *.addthis.com media.lepetitsouk.fr static.lepetitsouk.fr d3gbdgnfs9ulge.cloudfront.net *.snapwidget.com static.addtoany.com gum.criteo.com lepetitsouk.piwik.pro lepetitsouk.containers.piwik.pro *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.openstreetmap.org maps.googleapis.com maps.gstatic.com *.adyen.com a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.cloudflare.com sdkm.gwbq.fr *.gstatic.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.paypal.com *.twitter.com *.google.com *.google.fr *.instagram.com *.facebook.com *.facebook.net media.lepetitsouk.fr static.lepetitsouk.fr d3gbdgnfs9ulge.cloudfront.net axeptio.imgix.net lepetitsouk.piwik.pro lepetitsouk.containers.piwik.pro * https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.adyen.com cdn.ampproject.org raw.githubusercontent.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.cloudflare.com sdkm.gwbq.fr *.twitter.com *.google-analytics.com *.googletagmanager.com *.google.com *.google.fr *.gstatic.com *.trustedshops.com *.fontawesome.com static.addtoany.com *.addthis.com s7.addthis.com m.addthis.com z.moatads.com *.addthisedge.com apis.google.com *.googleapis.com *.facebook.com *.facebook.net graph.instagram.com widgets.pinterest.com media.lepetitsouk.fr static.lepetitsouk.fr d3gbdgnfs9ulge.cloudfront.net *.axept.io lepetitsouk.piwik.pro lepetitsouk.containers.piwik.pro gum.criteo.com * *.moatads.com *.pinterest.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.cloudflare.com sdkm.gwbq.fr *.googleapis.com *.twitter.com *.gstatic.com *.typekit.net *.fontawesome.com *.bootstrapcdn.com media.lepetitsouk.fr static.lepetitsouk.fr d3gbdgnfs9ulge.cloudfront.net lepetitsouk.piwik.pro lepetitsouk.containers.piwik.pro *.addtoany.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com maps.googleapis.com *.adyen.com cdn.ampproject.org *.cloudflare.com sdkm.gwbq.fr *.gstatic.com *.pinterest.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.paypal.com *.twitter.com *.google.com *.google.fr *.instagram.com *.doubleclick.net media.lepetitsouk.fr static.lepetitsouk.fr d3gbdgnfs9ulge.cloudfront.net *.axept.io lepetitsouk.piwik.pro lepetitsouk.containers.piwik.pro gum.criteo.com static.addtoany.com *.facebook.com *.facebook.net http://dpm.demdex.net *.addthis.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com t.elasticsuite.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 script-src 'self' *.healius.com.au cdn.jsdelivr.net cdnjs.cloudflare.com code.jquery.com unpkg.com 'nonce-2726c7f26c' 'nonce-2726c7f261' 'nonce-2726c7f262';style-src 'self' *.healius.com.au fonts.googleapis.com;font-src 'self' *.healius.com.au fonts.googleapis.com fonts.gstatic.com;img-src 'self' *.healius.com.au cdn.cloudflare.com;frame-src 'self' *.healius.com.au;media-src 'self' *.healius.com.au;object-src 'none';child-src 'none';worker-src 'none';manifest-src 'none';prefetch-src 'none';connect-src 'none';navigate-to *.healius.com.au *.live.com *.microsoftonline.com login.microsoft.com;form-action *.healius.com.au *.live.com *.microsoftonline.com login.microsoft.com;default-src 'self' *.healius.com.au; 1 default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.com.ua https://www.myheritage.com.ua 'unsafe-eval' 'nonce-1d1098d2f72066d99f99a8bedb5bce9c' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.com.ua;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1 object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-X4R2VaII9B2aeYI3U3ALma5X8jWhxHBz'; base-uri 'none'; report-uri https://se.sanitino.eu/api/3/security/?sentry_key=b2d6b02f684b4691b5b10905f49956fa 1 object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-eAwzVJYwUAa7mcYe030VUqZCJq3P86lS'; base-uri 'none'; report-uri https://se.sanitino.eu/api/3/security/?sentry_key=b2d6b02f684b4691b5b10905f49956fa 1 font-src *.fontawesome.com *.amazonaws.com *.cloudfront.net 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com *.vimeocdn.com s.ytimg.com *.amazonaws.com *.cloudfront.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.avada.io *.amazonaws.com *.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com *.amazonaws.com *.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.amazonaws.com *.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://*.ingest.sentry.io https://get.geojs.io *.avada.io *.amazonaws.com *.cloudfront.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: js.hcaptcha.com cdn.contentful.com geoip-js.maxmind.com newassets.hcaptcha.com *.gstatic.com images.ctfassets.net ssl.kaptcha.com www.googletagmanager.com www.google-analytics.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; connect-src https: ws: ;frame-ancestors 'self'; report-uri /csp-violation-report-endpoint/ 1 font-src *.googleapis.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.google.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com canadapost.ca ct.soa-gw.canadapost.ca soa-gw.canadapost.ca checkout.sezzle.com sandbox.checkout.sezzle.com checkout.eu.sezzle.com sandbox.checkout.eu.sezzle.com tracking.sezzle.com tracking.eu.sezzle.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.hubspot.com *.googleapis.com *.gstatic.com www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com media.sezzle.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google.com *.gstatic.com *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.freshchat.com *.googleapis.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com s7.addthis.com *.googletagmanager.com https://www.googletagmanager.com tagmanager.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com checkout-sdk.sezzle.com sandbox.checkout-sdk.sezzle.com checkout-sdk.eu.sezzle.com sandbox.checkout-sdk.eu.sezzle.com widget.sezzle.com widget.eu.sezzle.com widget.sezzle.in 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com https://static.klaviyo.com *.freshchat.com fonts.googleapis.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google-analytics.com *.googleapis.com thm.visa.com ekr.zdassets.com/ https://www.google-analytics.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com canadapost.ca ct.soa-gw.canadapost.ca soa-gw.canadapost.ca t.elasticsuite.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com https://sis-t.redsys.es:25443 https://sis.redsys.es 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.doubleclick.net *.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://sandbox.sequracdn.com https://live.sequracdn.com *.trustpilot.com *.cookiebot.com *.google.es https://sis-t.redsys.es:25443 https://sis.redsys.es https://sandbox.sequrapi.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://images.unsplash.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://sandbox.sequracdn.com https://live.sequracdn.com *.google.es *.cookiebot.com media.tuandco.com mcusercontent.com janus.r.jakuli.com *.connectif.cloud https://sis-t.redsys.es:25443/sis/redsys-modal/graphics/close.png https://sis.redsys.es/sis/redsys-modal/graphics/close.png https://www.redsys.es/img/logo.png http://www.redsys.es/img/logo.png https://acceso.redsys.es/* data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com chimpstatic.com downloads.mailchimp.com *.list-manage.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://sandbox.sequracdn.com https://live.sequracdn.com *.trustpilot.com bam.nr-data.net *.cookiebot.com *.helpscout.net https://s3.amazonaws.com/downloads.mailchimp.com/js/goal.min.js www.clarity.ms *.connectif.cloud https://sis-t.redsys.es:25443 https://sis.redsys.es https://sandbox.sequrapi.com/assets/sequra_form-a9d97903ef99eefd5aa46c15bf2f4758dfda195f84d19461eccb67cff852d007.js https://live.sequrapi.com/assets/sequra_form-a9d97903ef99eefd5aa46c15bf2f4758dfda195f84d19461eccb67cff852d007.js 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com downloads.mailchimp.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.trustpilot.com https://sis-t.redsys.es:25443/sis/redsys-modal/css/redsys-modal.css https://sis.redsys.es 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com https://sandbox.sequracdn.com https://live.sequracdn.com *.googlesyndication.com *.clarity.ms *.cookiebot.com bam.nr-data.net *.g.doubleclick.net https://invitejs.trustpilot.com *.connectif.cloud 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src www.searchanise.com *.searchserverapi.com *.stripe.com *.google.com *.sagepay.com *.fontawesome.com *.gstatic.com www.factory-direct-flooring.co.uk data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.searchanise.com *.searchserverapi.com *.twitter.com *.stripe.com *.google.com *.sagepay.com *.facebook.com *.arcot.com *.securesuite.co.uk *.mycardsecure.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.wlp-acs.com * www.factory-direct-flooring.co.uk 'self' 'unsafe-inline'; frame-ancestors *.facebook.net www.factory-direct-flooring.co.uk 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.searchanise.com *.searchserverapi.com *.twitter.com *.stripe.com *.google.com *.sagepay.com *.hotjar.com *.facebook.com *.addthis.com *.arcot.com *.securesuite.co.uk *.pinterest.com *.mycardsecure.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.factory-direct-flooring.co.uk 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.twitter.com *.twimg.com www.google.ru www.searchanise.com *.searchserverapi.com s3.amazonaws.com *.stripe.com *.google.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.paypal.com *.sagepay.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.com *.facebook.net *.bing.com *.pinterest.com *.google.co.uk *.gstatic.com *.limely.co.uk *.gravatar.com *.googletagmanager.com *.postcodeanywhere.co.uk *.addthis.com *.factory-direct-flooring.co.uk *.carpetworlduk.co.uk www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.factory-direct-flooring.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com *.searchserverapi.com *.searchanise.com api.amplitude.com *.twitter.com *.twimg.com *.stripe.com *.google.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.sagepay.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cardinalcommerce.com *.googletagmanager.com *.facebook.net apis.google.com cdn.livechatinc.com *.hotjar.com *.bing.com *.pinimg.com *.pcapredict.com *.postcodeanywhere.co.uk *.pinterest.com *.addthis.com *.addthisedge.com *.gstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.factory-direct-flooring.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com www.searchanise.com *.searchserverapi.com searchanise-ef84.kxcdn.com s3.amazonaws.com *.twitter.com ton.twimg.com *.stripe.com *.google.com downloads.mailchimp.com *.sagepay.com https://static.klaviyo.com *.googleapis.com *.postcodeanywhere.co.uk *.gstatic.com *.fontawesome.com unsafe-inline assets.braintreegateway.com www.factory-direct-flooring.co.uk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.factory-direct-flooring.co.uk 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.amplitude.com stats.g.doubleclick.net *.stripe.com *.google.com *.paypal.com *.sagepay.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google-analytics.com *.cardinalcommerce.com *.googleapis.com *.pinterest.com *.hotjar.com wss://*.hotjar.com wss://*.hotjar.com/ *.hotjar.io *.postcodeanywhere.co.uk *.facebook.com *.doubleclick.net *.bing.com *.addthis.com *.reviews.co.uk api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com google.com www.factory-direct-flooring.co.uk 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.factory-direct-flooring.co.uk http: https: blob: 'self' 'unsafe-inline'; default-src www.factory-direct-flooring.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://factorydirectflooring.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1 font-src *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com applepay.cdn-apple.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.stripe.com *.cardinalcommerce.com *.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://www.googletagmanager.com/ *.stripe.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com api.payplug.com secure.payplug.com *.google.com *.cookiebot.com *.facebook.com *.google.it *.doubleclick.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ quickchart.io img.youtube.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.google.pl *.google.it *.google.com *.google.nl *.googleapis.com *.gstatic.com *.gh-stores.com *.facebook.com *.facebook.net *.atdmt.com *.adobedtm.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ widget.freshworks.com m2epro.freshdesk.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ pay.google.com *.avada.io *.gstatic.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com api.payplug.com applepay.cdn-apple.com https://cdn.payplug.com/js/integrated-payment/ *.google.com *.cookiebot.com *.stripe.com *.googleapis.com *.facebook.net *.cloudflare.com cdn.scalapay.com b2c-cdn.scalapay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com *.gstatic.com unsafe-inline *.googleapis.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com widget.freshworks.com m2epro.freshdesk.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.stripe.com https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.google.pl *.google.it *.google.com *.google.nl *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.googleapis.com *.googlesyndication.com *.cookiebot.com *.nr-data.net *.facebook.com *.scalapay.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';object-src 'none'; base-uri 'none'; connect-src 'self' *.zorgdoc.nl; report-uri https://sentry.zorgdoc.nl/api/11/security/?sentry_key=710eec7163c34959bcfe36be5404c07a 1 object-src 'none';base-uri 'self';script-src 'nonce-aOxqp-GmR-06Pv7dnzuILQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.facebook.com *.twitter.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.fls.doubleclick.net *.facebook.com *.awin1.com *.zenaps.com *.twitter.com *.trustpilot.com https://plumrocket.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: *.vimeocdn.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.awin1.com *.zenaps.com https://network-eu-stg.bazaarvoice.com/st.gif https://network-eu-stg.bazaarvoice.com/sid.gif *.ometria.com/track/v3/aa4288966067f9b9/event.gif *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.sandbox.paypal.com t.paypal.com www.youtube.com polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com s7.addthis.com https://network-eu-stg.bazaarvoice.com/id.json *.ometria.com/tags/aa4288966067f9b9.js *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trustpilot.com *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.google-analytics.com *.facebook.com *.facebook.net *.google.com https://the.sciencebehindecommerce.com ekr.zdassets.com/ *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-2KACHkVf7S1D5L2piVPXbQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src 'unsafe-hashes' 'sha256-5lSQFTOMNNoGBLbrC6eUxpYeuyBQW52hLO9rR85ASEA=' https: http: 'nonce-toeZDNkXymb34miNGeN9t4Af4MnWGRyNO0WKfXB5dF4=' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic';object-src 'none';frame-ancestors 'none';base-uri 'none';report-uri /api/csp-report 1 font-src *.cookiefirst.com *.azureedge.net *.google-analytics.com *.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cetelem.es *.cookiefirst.com *.facebook.com *.google-analytics.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.weltpixel.com *.oct8ne.com *.cookiefirst.com *.facebook.com *.google-analytics.com *.googleapis.com landofcoder.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://sandbox.sequracdn.com https://live.sequracdn.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.cetelem.es *.google.es *.facebook.com *.azureedge.net *.google-analytics.com *.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://sandbox.sequracdn.com https://live.sequracdn.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.cetelem.es *.sharethis.com *.cookiefirst.com *.facebook.net *.hotjar.com *.adobedtm.com *.oct8ne.com *.google-analytics.com *.googleapis.com wss://ws.hotjar.com landofcoder.com *.mgt.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://sandbox.sequracdn.com https://live.sequracdn.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cetelem.es *.cookiefirst.com *.fontawesome.com unsafe-inline tagmanager.google.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.cetelem.es *.saleago.com *.google.com *.cookiefirst.com *.hotjar.io *.hotjar.com *.oct8ne.com *.facebook.com *.analytics.google.com *.google-analytics.com *.doubleclick.net *.googleapis.com landofcoder.com https://get.geojs.io *.mgt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com https://sandbox.sequracdn.com https://live.sequracdn.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-4VQcGgpR3t2WMA0uX-AzWw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' *.a8b.co 1 default-src 'self'; script-src 'self' 'nonce-25b3682adfe1fbbacf23dda8c10be3d51982c4b72e62af91c9890fd102434e21' https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://*.googletagmanager.com https://*.clearbitjs.com https://*.licdn.com http://*.facebook.net https://*.adroll.com https://*.crazyegg.com https://www.clarity.ms http://*.bing.com https://*.bing.com http://*.hs-scripts.com https://*.hs-scripts.com https://*.hs-banner.com https://*.hs-analytics.net https://*.hsadspixel.net https://*.sa-as.com https://*.cloudfront.net https://www.redditstatic.com; script-src-elem 'self' 'nonce-25b3682adfe1fbbacf23dda8c10be3d51982c4b72e62af91c9890fd102434e21' http://static.ads-twitter.com https://sc.lfeeder.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://tagmanager.google.com https://www.googletagmanager.com https://*.clearbitjs.com https://*.licdn.com http://*.facebook.net https://*.adroll.com https://*.crazyegg.com https://www.clarity.ms http://*.bing.com https://*.bing.com http://*.hs-scripts.com https://*.hs-scripts.com https://*.hs-banner.com https://*.hs-analytics.net https://*.hsadspixel.net https://*.sa-as.com https://*.cloudfront.net https://www.redditstatic.com; img-src 'self' 'nonce-25b3682adfe1fbbacf23dda8c10be3d51982c4b72e62af91c9890fd102434e21' https://www.google-analytics.com https://*.g.doubleclick.net https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://*.google.com https://*.clearbitjs.com https://*.hsforms.net https://*.adsymptotic.com https://*.linkedin.com https://*.lfeeder.com https://*.cloudfront.net https://track.hubspot.com https://q.quora.com https://*.sa-as.com https://*.reddit.com https://*.bing.com; connect-src 'self' 'nonce-25b3682adfe1fbbacf23dda8c10be3d51982c4b72e62af91c9890fd102434e21' https://cs.lf-discover.com wss://visitors.live wss://in.visitors.live https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.google-analytics.com https://*.doubleclick.net https://*.leadinfo.net https://d.adroll.com https://*.clarity.ms https://*.crazyegg.com https://*.luckyorange.net https://*.hubapi.com https://*.hubspot.com https://*.hsforms.com https://minio.ghost.io; style-src 'self' 'nonce-25b3682adfe1fbbacf23dda8c10be3d51982c4b72e62af91c9890fd102434e21' https://*.cloudfront.net http://bat.bing.com https://bat.bing.com https://tagmanager.google.com https://fonts.googleapis.com; font-src 'self' 'nonce-25b3682adfe1fbbacf23dda8c10be3d51982c4b72e62af91c9890fd102434e21' https://fonts.gstatic.com; object-src 'none'; media-src 'self' 'nonce-25b3682adfe1fbbacf23dda8c10be3d51982c4b72e62af91c9890fd102434e21' https://*.cloudfront.net; frame-src 'self' 'nonce-25b3682adfe1fbbacf23dda8c10be3d51982c4b72e62af91c9890fd102434e21' https://bid.g.doubleclick.net https://www.google.com/ https://*.hubspot.com http://minio.lookbookhq.com https://minio.lookbookhq.com http://minio.pathfactory.com https://minio.pathfactory.com http://resources.min.io https://resources.min.ioframe-ancestors 'self' https://*.hubspot.com http://minio.lookbookhq.com https://minio.lookbookhq.com http://minio.pathfactory.com https://minio.pathfactory.com http://resources.min.io https://resources.min.io 1 base-uri 'self';connect-src 'self' https://*.pdenroller.org https://*.authorize.net *.services.visualstudio.com *.service.signalr.net wss://*.service.signalr.net;frame-src https://*.authorize.net https://*.gstatic.com https://*.google.com;font-src data: https:;img-src data: https:;manifest-src 'self';object-src 'none';script-src 'self' 'unsafe-eval' https://*.pdenroller.org https://*.authorize.net https://*.gstatic.com https://*.google.com 'nonce-3d54d40478c94979a9114d848514f978';style-src 'self' 'unsafe-inline' https://*.pdenroller.org https://*.gstatic.com https://*.google.com;report-uri https://api.pdenroller.org/log/csp 1 default-src 'self'; base-uri 'self'; connect-src 'self' about: api2.weltsparen.de 1752680588.rsc.cdn77.org *.google.com api.fbanalytics.org api.global-data-lab.com api.ultimateaderaser.com cdn.raisin.es ciuvo.com data: *.kaspersky-labs.com *.clarity.ms overbridgenet.com sdk-tracing.exponea.com tr.outbrain.com translate.googleapis.com w88p9x.com www.google.be www.google.ca www.google.cl www.google.co.cr www.google.co.jp www.google.co.mz www.google.co.uk www.google.com.ar www.google.com.bo www.google.com.br www.google.com.co www.google.com.do www.google.com.ec www.google.com.gt www.google.com.mx www.google.com.ni www.google.com.pa www.google.com.pe www.google.com.pr www.google.com.py www.google.com.sv www.google.de www.google.es www.google.fr www.google.hn www.google.it www.google.nl www.google.pt www.googletagmanager.com api2.raisin.com consent-api.service.consent.usercentrics.eu bat.bing.com *.google.com sdk-tracing.exponea.com service-proxy-logger-wfcmkywozq-ey.a.run.app www.facebook.com www.raisin.es api.raisin-pension.de collector.raisin.com region1.google-analytics.com stats.g.doubleclick.net pagestates-tracking.crazyegg.com assets-tracking.crazyegg.com tracking.crazyegg.com api.usercentrics.eu app.launchdarkly.com clientstream.launchdarkly.com ekr.zdassets.com events.launchdarkly.com privacy-proxy.usercentrics.eu raisin-api.exponea.com script.crazyegg.com bam.eu01.nr-data.net com-raisin-prod1.mini.snplow.net graphql.usercentrics.eu aggregator.service.usercentrics.eu raisin-es.zendesk.com api.weltsparen.de static.zdassets.com s3.eu-central-1.amazonaws.com auth.weltsparen.de *.clarity.ms; font-src 'self' about: fonts.gstatic.com cdn.raisin.es account.affilitizer.com chrome-extension moz-extension data: www.raisin.es cdnjs.cloudflare.com cdn.goin.cloud; frame-ancestors 'self'; frame-src 'self' tpc.googlesyndication.com www.facebook.com app.usercentrics.eu mozbar.moz.com notify.bluecoat.com www.googletagmanager.com td.doubleclick.net app.usercentrics.eu auth.weltsparen.de online-acquisition-pw-public-assets.s3.eu-central-1.amazonaws.com www.raisin.es www.youtube.com eu-app.contentstack.com; img-src *; manifest-src 'self'; media-src 'self'; object-src 'none'; report-uri /_/reports; script-src 'self' about: 'unsafe-inline' 'unsafe-eval' amplify.outbrain.com app.usercentrics.eu bat.bing.com connect.facebook.net conoret.com d1y068gyog18cq.cloudfront.net data1.eligrop.com data1.tatoflex.com data1.thetto.com *.kaspersky-labs.com js-agent.newrelic.com js.hs-analytics.net js.hs-banner.com mstat.acestream.net privacy-proxy.usercentrics.eu raisin-api.exponea.com sc-static.net script.crazyegg.com static.zdassets.com vwvwvwvw.b-cdn.net *.outbrain.com www.clarity.ms www.googleadservices.com www.googletagmanager.com *.raisin.es connect.facebook.net track.adform.net s2.adform.net bat.bing.com cdn.raisin.es d1y068gyog18cq.cloudfront.net www.google-analytics.com amplify.outbrain.com js.hs-scripts.com s.d.adup-tech.com webanalytics.btelligent.net js.hs-analytics.net connect.facebook.net js.hs-banner.com tr.outbrain.com blob: snap.licdn.com smct.co app.usercentrics.eu privacy-proxy.usercentrics.eu raisin-api.exponea.com static.zdassets.com www.googletagmanager.com js-agent.newrelic.com bam.eu01.nr-data.net script.crazyegg.com www.raisin.es cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' cdn.raisin.es js.hs-banner.com d.adup-tech.com cdn.jsdelivr.net fonts.googleapis.com translate.googleapis.com www.raisin.es cdnjs.cloudflare.com; worker-src 'self' blob: 1 font-src data: *.gstatic.com oct8necdneu.azureedge.net *.typekit.net *.stripe.com *.yotpo.com *.googleapis.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com sis-t.redsys.es:* sis.redsys.es sis-t.sermepa.es:* sis.sermepa.es *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com *.googleapis.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.vimeo.com *.oct8ne.com *.doubleclick.net *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com app-wallee.com *.weltpixel.com *.addthis.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://images.unsplash.com *.googleapis.com *.google.com *.google.es *.google.com.br *.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net oct8necdneu.azureedge.net *.amazonaws.com *.cookielaw.org *.doubleclick.net *.spoteffects.net *.google.de *.google.ch *.google.lu *.google.com.ua *.bing.com *.monetate.net *.amorana.ch cdn.doofinder.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.yotpo.com app-wallee.com *.ggpht https://img.youtube.com maps.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ polyfill.io *.googleapis.com *.google.com *.google.es *.google.com.br *.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.cookiebot.com *.oct8ne.com *.adyen.com *.webeyez.com *.sovendus.com *.klaviyo.com *.zendesk.com *.zdassets.com *.zopim.com *.mfgroup.ch *.cookielaw.org *.onetrust.com *.adform.net *.adt311.net *.spoteffects.net *.monetate.net *.bing.com *.clarity.ms cdn.doofinder.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com app-wallee.com s7.addthis.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net maps.googleapis.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.klaviyo.com *.doofinder.com https://static.klaviyo.com *.yotpo.com https://cdn.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com *.stripe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.oct8ne.com *.adyen.com *.googleapis.com *.webeyez.com cognito-identity.eu-west-1.amazonaws.com firehose.eu-west-1.amazonaws.com *.sovendus.com *.zendesk.com *.zopim.com *.cookielaw.org *.onetrust.com wss://*.zopim.com/ *.googlesyndication.com/ *.mfgroup.ch *.doofinder.com wss://*.doofinder.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.yotpo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com app-wallee.com *.klaviyo.com ekr.zdassets.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.gstatic.com *.amazonaws.com *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.twitter.com *.facebook.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline' *.cardinalcommerce.com *.paypal.com; frame-ancestors www.gstatic.com https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.klarnaservices.com *.braintreegateway.com *.authorize.net *.cloudfront.net *.klarna.com js.mollie.com assets.braintreegateway.com pay.google.com * *.weltpixel.com 'self' 'unsafe-inline' *.cardinalcommerce.com *.paypal.com; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net www.paypalobjects.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.postcodeanywhere.co.uk *.cloudflare.com *.zonos.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://cdn.clerk.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://www.mollie.com assets.braintreegateway.com *.gstatic.com data: 'self' 'unsafe-inline' *.cardinalcommerce.com *.paypal.com; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com includestest.ccdc02.com www.paypalobjects.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cloudflare.com *.twitter.com *.google.com *.feefo.com *.klaviyo.com *.cloudfront.net *.zonos.com *.clarity.ms *.hotjar.com *.cloudflareinsights.com *.bing.com *.pcapredict.com *.postcodeanywhere.co.uk *.klarna.com *.klarnacdn.net https://api.clerk.io https://cdn.clerk.io chimpstatic.com downloads.mailchimp.com *.list-manage.com widget.freshworks.com m2epro.freshdesk.com *.klarnaservices.com *.avada.io js.mollie.com js.braintreegateway.com assets.braintreegateway.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval' *.cardinalcommerce.com *.paypal.com; style-src *.adobe.com *.cloudflare.com *.googleapis.com *.postcodeanywhere.co.uk *.klarnacdn.net https://api.clerk.io https://cdn.clerk.io downloads.mailchimp.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.zopim.com *.clarity.ms 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.paypalobjects.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.dycdn.net wss://*.freshrelevance.com *.zonos.com *.klarnaevt.com widget.freshworks.com m2epro.freshdesk.com *.klarnacdn.net *.klarna.com *.klarnaservices.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google.com google.com https://www.google-analytics.com 'self' 'unsafe-inline' *.cardinalcommerce.com *.paypal.com; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.googleapis.com fonts.gstatic.com 'unsafe-inline' data: *.stripe.com *.google.com *.opayo.eu.elavon.com *.fontawesome.com *.gstatic.com 'self' data: *.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.stripe.com *.google.com *.opayo.eu.elavon.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors widget.reviews.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.stripe.com *.google.com *.opayo.eu.elavon.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * widget.trustpilot.com lpcdn.lpsnmedia.net *.reviews.io 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com *.stripe.com *.google.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.paypal.com *.opayo.eu.elavon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com *.cloudflare.com *.mdoq.io *.ibottles.co.uk *.google.co.uk www.epicmilitaria.com s3-eu-west-1.amazonaws.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com *.stripe.com *.google.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.opayo.eu.elavon.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googletagmanager.com tagmanager.google.com *.cloudflare.com *.twitter.com *.fontawesome.com *.liveperson.net *.trustpilot.com *.lpsnmedia.net widget.reviews.io epicm11112.pcapredict.com widgets.xsellco.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.stripe.com *.google.com downloads.mailchimp.com *.opayo.eu.elavon.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com tagmanager.google.com fonts.google.com *.cloudflare.com *.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.stripe.com *.google.com *.paypal.com *.opayo.eu.elavon.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com t.elasticsuite.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.cloudflare.com stats.g.doubleclick.net widgets.xsellco.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-KgCWjvTTzXtvvCwO4xthsw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 frame-ancestors https://sdccd.instructure.com/ https://sdmiramar.edu http://sdmiramar.edu https://dev.loc http://dev.loc ^localhost$; report-uri /report-csp-violation 1 default-src *;style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://fonts.googleapis.com https://ws.sharethis.com;img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.bc0a.com cdn.b0e8.com *.shelterpoint.com www.shelterpoint.com infostage.shelterpoint.com netdna.bootstrapcdn.com code.jquery.com www.chromestatus.com cdn.jsdelivr.net www.googletagmanager.com www.google-analytics.com www.gstatic.com www.google.com seal.digicert.com d2bnxibecyz4h5.cloudfront.net pi.pardot.com connect.facebook.net get663.com c.chuyueshop.com 1.safecdn01.com; script-src-elem 'unsafe-eval' 'unsafe-inline' cdn.bc0a.com cdn.b0e8.com *.shelterpoint.com www.shelterpoint.com infostage.shelterpoint.com netdna.bootstrapcdn.com code.jquery.com www.chromestatus.com cdn.jsdelivr.net www.googletagmanager.com www.google-analytics.com www.gstatic.com www.google.com seal.digicert.com d2bnxibecyz4h5.cloudfront.net pi.pardot.com connect.facebook.net get663.com c.chuyueshop.com 1.safecdn01.com;object-src 'none'; base-uri 'self'; frame-ancestors 'self'; report-uri /cspreport.aspx; 1 font-src https://fonts.gstatic.com *.gstatic.com *.bootstrapcdn.com *.tawk.to data: eadn-wc05-6548239.nxedge.io *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.tawk.to *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.affirm.com *.affirm.ca *.weltpixel.com *.tawk.to static.addtoany.com *.braintreegateway.com eadn-wc05-6548239.nxedge.io 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com *.affirm.com *.affirm.ca cdn.jsdelivr.net *.tawk.to *.google.com *.google.ca eadn-wc05-6548239.nxedge.io *.facebook.com flagpedia.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.affirm.com *.affirm.ca *.kaptcha.com *.tawk.to cdn.jsdelivr.net static.addtoany.com graph.facebook.com eadn-wc05-6548239.nxedge.io *.avada.io maps.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.googleapis.com *.bootstrapcdn.com cdn.jsdelivr.net eadn-wc05-6548239.nxedge.io *.fontawesome.com *.addtoany.com maxcdn.bootstrapcdn.com *.gstatic.com *.tawk.to tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.affirm.com *.affirm.ca *.kaptcha.com *.google-analytics.com stats.g.doubleclick.net *.tawk.to wss://*.tawk.to eadn-wc05-6548239.nxedge.io https://get.geojs.io *.avada.io http://dpm.demdex.net www.gstatic.com maps.googleapis.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; form-action https:; report-uri https://ggj3qf05xeualpl0weo7xdrg.httpschecker.net/report 1 report-uri https://api.sunbit.com/sampling/api/v1/csp-reports?application=my-sunbit&env=prod; default-src 'none'; frame-ancestors 'none'; script-src 'self' https://fpnpmcdn.net https://use1.fptls.com *.sunbit.* *.google.com https://cdn.polyfill.io https://cdnjs.cloudflare.com http://cdnjs.cloudflare.com https://sentry.io *.googletagmanager.com *.google-analytics.com *.datadoghq-browser-agent.com https://www.gstatic.com https://cdn.jsdelivr.net/npm/axios@1.6.2/dist/axios.min.js 'sha256-oNwErqIk8VRSUay1+8A7krM8W1V1Tq/5L14zrrLP8pw=' 'sha256-woAyRoW0yGOEl+CG3XDrIRRr4AqDTWyBET3GMzjr75g=' 'sha256-ThhI8UaSFEbbl6cISiZpnJ4Z44uNSq2tPKgyRTD3LyU=' 'sha256-AF490//jIflwN/2nTDszvAx/KI2V9GJG8gdwvGhO/zw=' 'sha256-8dULgHWW2eIwqjJTAQle9cUf85AipTjC2f9Ks83Sxks='; style-src 'self' 'unsafe-inline' *.googleapis.com blob:; frame-src data: http://epay *.sunbit.* *.google.com *.googletagmanager.com; child-src *.googletagmanager.com *.mysunbit.* blob:; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.gstatic.com https://www.google.co.il/ https://static.sunbit.*; font-src 'self' *.gstatic.com *.typekit.net data:; connect-src 'self' ws: about: http://api *.sunbit.* *.google.com https://sentry.io *.browser-intake-datadoghq.com *.datadoghq.com *.google-analytics.com www.google-analytics.com *.googletagmanager.com *.datadoghq.com *.datadoghq.eu tls-use1.fpapi.io https://use1.fptls.com/ https://api-js.mixpanel.com/ https://stats.g.doubleclick.net/; 1 script-src https: 'strict-dynamic' 'report-sample' 'nonce-2RvcNgdrAM84K/lAKiYznTKWrgVGWa5j8AhcXIAsmqM='; base-uri 'self';report-to csp-endpoint 1 script-src 'self' 'unsafe-inline' https://api.mapbox.com https://cdn-eu.readspeaker.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; style-src 'self' 'unsafe-inline' https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com cdn-eu.readspeaker.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com cdn-eu.readspeaker.com 1 object-src 'none';base-uri 'self';script-src 'nonce-k_1EW6DyaCywAjReuEclgQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self'; font-src 'self'; img-src 'self'; script-src 'self'; style-src 'self' 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://on-site.com https://*.on-site.com https://on-site.com:8765 https://*.on-site.com:8765 https://*.realpage.com https://*.erenterplan.com https://cdn.statuspage.io https://code.jquery.com https://acsbap.com https://acsbapp.com https://cdn.jsdelivr.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com https://www.gstatic.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com; object-src 'self'; worker-src 'self' blob:; report-uri /pub/csp_reports 1 font-src *.hotjar.com *.klevu.com *.typekit.net *.sagepay.com *.globalpay.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com *.ksearchnet.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.hotjar.com *.facebook.net *.facebook.com *.sagepay.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.google.com/ *.hotjar.com *.youtube.com *.addthis.com *.trustpilot.com *.facebook.net *.facebook.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.sagepay.com account.fetchify.com *.americanexpress.com *.globalpay.com *.mastercard.com *.visa.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.klevu.com *.doubleclick.net *.bing.com *.google.com *.google.co.uk *.cutwel.co.uk https://images.unsplash.com *.trackedlink.net *.paypal.com *.sagepay.com ebizmarts-website.s3.amazonaws.com *.globalpay.com *.facebook.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.gstatic.com *.googletagmanager.com *.hotjar.com *.zdassets.com *.trackedlink.net *.addthis.com *.klevu.com *.trustpilot.com *.moatads.com *.addthisedge.com *.googleadservices.com *.doubleclick.net *.tctm.co *.bing.com *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.sagepay.com *.aexp-static.com https://ajax.aspnetcdn.com *.globalpay.com *.gpapiservices.com connect.facebook.net *.google-analytics.com js.klevu.com *.ksearchnet.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.myfonts.net *.klevu.com *.typekit.net *.googleapis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.sagepay.com cc-cdn.com https://fonts.googleapis.com maxcdn.bootstrapcdn.com *.ksearchnet.com unsafe-inline assets.braintreegateway.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.hotjar.com *.hotjar.io *.zdassets.com *.zopim.com *.doubleclick.net *.google-analytics.com *.tctm.co *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.paypal.com *.sagepay.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-nzo-QKin-P9CYR2dUGDH8A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src https://*.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.google.com *.vimeo.com vimeo.com *.demdex.net *.facebook.com *.pinterest.com *.pinterest.co.uk *.doubleclick.net *.googletagmanager.com *.criteo.com *.extforms.netsuite.com my.wolf1834.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://*.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cookiefirst.com *.gstatic.com *.pixriot.com *.storeimaging.com * data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.cookiefirst.com *.googletagmanager.com tagmanager.google.com *.postcodeanywhere.co.uk *.pcapredict.com *.google.com *.google-analytics.com *.analytics.google.com *.gstatic.com *.doubleclick.net *.pinimg.com *.pinterest.com *.clarity.ms *.bing.com *.googleadservices.com *.googlesyndication.com *.criteo.com *.dwin1.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com/ downloads.mailchimp.com https://static.klaviyo.com maxcdn.bootstrapcdn.com *.cookiefirst.com *.googletagmanager.com tagmanager.google.com *.bootstrapcdn.com *.postcodeanywhere.co.uk fonts.googleapis.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.cookiefirst.com google-analytics.com *.pixriot.com *.storeimaging.com *.doubleclick.net *.postcodeanywhere.co.uk *.demdex.net *.pinterest.com *.pinterest.co.uk *.google-analytics.com *.clarity.ms *.google.com google.com *.analytics.google.com *.googlesyndication.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 frame-src https://* 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.facebook.com *.googleapis.com *.gstatic.com www.youtube.com analytics.google.com cdn.jsdelivr.net *.facebook.net www.googletagmanager.com code.jquery.com img.youtube.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 object-src 'none';base-uri 'self';script-src 'nonce-DNGeKcNqv9MvJ8tnf4s6DQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src https: 'strict-dynamic' 'report-sample' 'nonce-Ara8l855/QIIX4GPNQzstvBCFCa82omKHBlVRfd1rkQ='; base-uri 'self';report-to csp-endpoint 1 connect-src * 'unsafe-inline'; default-src * 'unsafe-inline' 'unsafe-eval'; font-src * data:; frame-src *; img-src * data: blob: 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1 default-src 'self'; script-src 'self' https://cdn.datatables.net/1.13.1/js/jquery.dataTables.min.js https://s3.tradingview.com/external-embedding/embed-widget-mini-symbol-overview.js https://s3.tradingview.com/external-embedding/embed-widget-financials.js https://s3.tradingview.com/tv.js https://statistiche.websim.it/js/container_3LWpcJWk.js 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' https://statistiche.websim.it; font-src 'self' data:; frame-src 'self' https://s.tradingview.com https://www.tradingview-widget.com https://www.youtube-nocookie.com; img-src 'self' data:; manifest-src 'self'; media-src 'self'; worker-src 'none'; report-uri /web/cspLogger.aspx; 1 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/transparency_google 1 font-src fonts.googleapis.com fonts.gstatic.com *.gstatic.com *.trustedshops.com https://fonts.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com vars.hotjar.com *.eventbrite.com sibautomation.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de https://plumrocket.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: www.apptrian.com www.facebook.com *.openstreetmap.org maps.googleapis.com maps.gstatic.com connect.facebook.net graph.facebook.com business.facebook.com *.trustedshops.com *.google.com *.google.fr *.googletagmanager.com *.viamichelin.com *.bing.com *.clarity.ms *.cloudflare.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.doubleclick.net https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com maps.googleapis.com www.apptrian.com www.facebook.com connect.facebook.net graph.facebook.com maps.gstatic.com fonts.googleapis.com business.facebook.com *.trustedshops.com static.hotjar.com script.hotjar.com vars.hotjar.com *.google.com *.google.fr *.gstatic.com *.googletagmanager.com *.eventbrite.com sibautomation.com *.viamichelin.com bat.bing.com *.clarity.ms *.cloudflare.com *.googleapis.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com *.googleapis.com *.trustedshops.com *.viamichelin.com *.cloudflare.com *.googletagmanager.com https://fonts.googleapis.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com www.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com connect.facebook.net graph.facebook.com www.facebook.com business.facebook.com *.trustedshops.com in.hotjar.com vc.hotjar.io *.google-analytics.com *.analytics.google.com stats.g.doubleclick.net maps.googleapis.com *.brevo.com *.google.com *.clarity.ms *.etrusted.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-EO9JUKYp5IKE2FI6mRrXDw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.youtube.com cdnjs.cloudflare.com ka-f.fontawesome.com *.doubleclick.net www.googletagmanager.com portal.azul.com.do www.google.com.do s.btstatic.com s.thebrighttag.com kit.fontawesome.com www.google-analytics.com analytics.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 img-src https://higherlogicdownload.s3.amazonaws.com/ITRC/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/ITRC/ https://img.youtube.com/vi/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/ITRC/ https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ fonts.googleapis.com https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/ITRC/ https://higherlogicdownload.s3.amazonaws.com/ITRC/ https://higherlogiclongterm.s3.amazonaws.com/ITRC/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ higherlogiccloudfront.s3.amazonaws.com fonts.googleapis.com https://higherlogicdownload.s3.amazonaws.com/ITRC/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/ITRC/ 'self' https://higherlogiclongterm.s3.amazonaws.com/ITRC/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; media-src https://higherlogiclongterm.s3.amazonaws.com/ITRC/ https://higherlogicdownload.s3.amazonaws.com/ITRC/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/ITRC/ https://higherlogicstream.s3.amazonaws.com/ITRC/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/ITRC/ https://higherlogicdownload.s3.amazonaws.com/ITRC/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d132x6oi8ychic.cloudfront.net cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/ITRC/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; script-src-elem https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d3uf7shreuzboy.cloudfront.net/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; worker-src 'self'; frame-src https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; default-src 'self'; base-uri 'self'; connect-src 'self' hl-managedservices.informz.net; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 1 default-src 'self' *.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com; font-src 'self' *.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com data: *.olark.com fonts.gstatic.com; script-src 'self' *.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com 'unsafe-inline' 'unsafe-eval' *.turn.com static.cloudflareinsights.com ajax.cloudflare.com *.youtube.com *.ytimg.com *.datadoghq-browser-agent.com *.getclicky.com clicky.com *.twitter.com *.ads-twitter.com *.facebook.net analytics.tiktok.com www.recaptcha.net recaptcha.net www.gstatic.com www.gstatic.cn www.google.com *.olark.com *.adroll.com *.googletagmanager.com tagmanager.google.com analytics.google.com google-analytics.com *.google-analytics.com *.g.doubleclick.net *.doubleclick.net *.googleadservices.com *.google.com *.googlesyndication.com *.googletagservices.com; style-src 'self' *.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com 'unsafe-inline' *.getclicky.com clicky.com *.olark.com *.googletagmanager.com tagmanager.google.com *.google.com fonts.googleapis.com; img-src 'self' *.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com 'unsafe-inline' data: *.turn.com secure.gravatar.com *.ytimg.com *.youtube.com *.getclicky.com *.twitter.com t.co *.facebook.com www.gstatic.com/recaptcha *.olark.com *.adroll.com d.adroll.com *.googletagmanager.com analytics.google.com *.analytics.google.com google-analytics.com *.google-analytics.com *.gstatic.com *.google.com *.doubleclick.net *.g.doubleclick.net *.googlesyndication.com www.googleadservices.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; media-src 'self' *.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com *.olark.com; connect-src 'self' *.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com cloudflareinsights.com *.datadoghq.com *.browser-intake-datadoghq.com *.getclicky.com *.facebook.com analytics.tiktok.com analytics.pangle-ads.com *.olark.com *.googletagmanager.com *.google-analytics.com analytics.google.com *.analytics.google.com *.g.doubleclick.net *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; frame-src 'self' *.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com *.zohopublic.com *.apple.com open.spotify.com *.soundcloud.com *.youtube.com *.youtube-nocookie.com www.facebook.com *.recaptcha.net recaptcha.net www.google.com recaptcha.google.com *.olark.com *.googletagmanager.com bid.g.doubleclick.net *.google.com *.doubleclick.net *.googlesyndication.com; child-src *.youtube.com *.youtube-nocookie.com *.googletagmanager.com; worker-src www.recaptcha.net; object-src *.googlesyndication.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub7c55919a7d54d6386d0f0b19bc82e82f&dd-evp-origin=content-security-policy&ddsource=csp-report; 1 font-src fonts.gstatic.com use.typekit.net https://fonts.gstatic.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.authorize.net *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net https://www.youtube-nocookie.com/ *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.pricespider.com https://www.googletagmanager.com/ *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com https://img.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net https://images.unsplash.com *.pricespider.com https://helloextend-static-assets.s3.amazonaws.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.pricespider.com https://*.helloextend.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ www.youtube.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com https://static.klaviyo.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.adobe.io performance.typekit.net *.sentry.io *.pricespider.com https://*.helloextend.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-dQeWyMUuSdWszuIldDeVLw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self'; img-src https: *.google-analytics.com www.10life.com https://10life-strapi-media-library-prod.s3.ap-southeast-1.amazonaws.com data:; worker-src 'self' blob: www.10life.com; style-src 'self' 'unsafe-inline' www.10life.com https://fonts.googleapis.com https://www.googletagmanager.com accounts.google.com https://cdn.jsdelivr.net; font-src 'self' data: https://fonts.gstatic.com https://cdn.jsdelivr.net; script-src 'self' 'self' 'unsafe-inline' www.10life.com *.google-analytics.com connect.facebook.net accounts.google.com www.googletagmanager.com s3-ap-southeast-1.amazonaws.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com script.hotjar.com s.yimg.com *.cloudfront.net; connect-src www.10life.com https://strapi-cms.10life.com *.google-analytics.com analytics.google.com stats.g.doubleclick.net s.yimg.com api.tenlife.asia api.10life.com vc.hotjar.io in.hotjar.com *.cloudfront.net *.tenlife.asia *.10lifeconnect.com; frame-src www.10life.com accounts.google.com vars.hotjar.com youtube.com www.youtube.com; media-src youtube.com www.youtube.com; form-action 'self'; frame-ancestors 'none'; object-src 'none'; base-uri www.10life.com 1 default-src 'self' widget.trustpilot.com paymentpage.getneteurope.com; script-src 'self' static.zdassets.com static.zentrada-network.eu widget-mediator.zopim.com v2.zopim.com widget.trustpilot.com paymentpage.getneteurope.com payengine.de 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' static.zdassets.com static.zentrada-network.eu widget-mediator.zopim.com v2.zopim.com widget.trustpilot.com paymentpage.getneteurope.com payengine.de 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' ratepay.com paymentpage.getneteurope.com 'unsafe-inline'; object-src ratepay.com; base-uri 'self'; connect-src 'self' translate.googleapis.com o1039570.ingest.sentry.io zendesk-eu.my.sentry.io code.jquery.com ekr.zdassets.com ingoschlooeu.zendesk.com ingoschloode.zendesk.com ingoschloofr.zendesk.com ingoschloonl.zendesk.com ingoschlooit.zendesk.com ingoschlooes.zendesk.com ingoschloohu.zendesk.com ingoschloopl.zendesk.com zentradaeuropegmbhcokg.zendesk.com zentradafrance.zendesk.com wss://widget-mediator.zopim.com widget-mediator.zopim.com widget.trustpilot.com static.zentrada-network.eu images.zentrada-network.eu; font-src 'self' data: static.zentrada-network.eu v2.zopim.com googleapis.com fonts.gstatic.com cloudflare.com github.com; frame-src 'self' widget.trustpilot.com paymentpage.getneteurope.com; img-src * data: blob:; manifest-src 'self'; media-src 'self' data: static.zdassets.com v2.zopim.com; worker-src 'self' blob:; report-uri https://app.tradesafe.eu/csp-report.cfm; report-to https://app.tradesafe.eu/csp-report.cfm; 1 font-src *.fontawesome.com *.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ pay.google.com pay-accept.bm.pl pay.bm.pl cards-accept.bm.pl cards.bm.pl c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com secure.payu.com merch-prod.snd.payu.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.salesmanago.pl *.salesmanago.es *.salesmanago.com platnosci.bm.pl platnosci-accept.bm.pl www.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com static.payu.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.salesmanago.pl *.salesmanago.es *.salesmanago.com cards-accept.bm.pl cards.bm.pl pay.google.com *.google-analytics.com *.googletagmanager.com https://cdn.polyfill.io https://browser.sentry-cdn.com s7.addthis.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com secure.payu.com secure.snd.payu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com pay-accept.bm.pl pay.bm.pl cards-accept.bm.pl cards.bm.pl *.googleapis.com *.fontawesome.com unsafe-inline *.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.google-analytics.com https://*.ingest.sentry.io ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com secure.payu.com merch-prod.snd.payu.com ws: 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.gstatic.com use.typekit.net *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.google.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.myedools.com *.twitter.com *.facebook.com www.facebook.com *.bb.com.br *.google.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.twitter.com *.cptec.inpe.br *.uol.com.br *.google.com *.doubleclick.net *.facebook.com www.facebook.com *.brasilseg.com.br *.googletagmanager.com *.directtalk.com.br widgets.aebroadcast.com.br devbrasilseg.espressolw.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' blob: data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net data: www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu urldefense.com *.facebook.com *.doubleclick.net *.tailtarget.com *.linkedin.com *.adsymptotic.com *.facebook.net www.google.com.br *.yahoo.com *.swagger.io *.broto.com.br d3wo5wojvuv7l.cloudfront.net tr.outbrain.com blob: *.google.com edools-3-production.s3.amazonaws.com assets.datagro.com https://img.youtube.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com bbseg-hml-router4me-webchat-broto-bundle.s3.amazonaws.com *.cloudflare.com *.twitter.com *.google-analytics.com *.google.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.facebook.net *.yimg.com *.jsuol.com.br *.yahoo.com *.uol.com.br *.licdn.com *.directtalk.com.br *.hotjar.com brasilseg.espressolw.com amplify.outbrain.com www.clarity.ms tr.outbrain.com appleid.cdn-apple.com https://www.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.com bbseg-hml-router4me-webchat-broto-bundle.s3.amazonaws.com/webchat.css 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.myedools.com *.cloudflare.com *.twitter.com *.twimg.com *.yimg.com *.google-analytics.com *.doubleclick.net viacep.com.br *.uol.com.br f.clarity.ms cdn.linkedin.oribi.io www.facebook.com *.bb.com.br wss://bbseg-hml.router4me.com h.clarity.ms n.clarity.ms i.clarity.ms bbseg-hml.router4me.com https://viacep.com.br 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.googleapis.com fonts.gstatic.com https://fonts.gstatic.com https://ws.colissimo.fr data: *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net *.monetico-services.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com *.instagram.com *.monetico-services.com *.avis-verifies.com *.doublick.net *.criteo.com *.google.com https://plumrocket.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.cdninstagram.com maps.googleapis.com maps.gstatic.com https://maps.googleapis.com https://maps.gstatic.com https://ws.colissimo.fr https://www.1083.fr https://www.maxvincent.fr https://www.modetic.com https://preprod.1083.fr https://preprod.maxvincent.fr https://preprod.modetic.com *.avis-verifies.com *.instagram.com https://www.netreviews.eu 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.instagram.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://ws.colissimo.fr https://api.mapbox.com *.avis-verifies.com https://bat.bing.com https://connect.facebook.net https://googleads.g.doubleclick.net https://*.google-analytics.com https://matomo.1083.fr https://www.googletagmanager.com https://widget.freshworks.com *.clarity.ms *.criteo.com *.axept.io https://cdnjs.cloudflare.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com https://fonts.googleapis.com https://ws.colissimo.fr https://api.mapbox.com https://widget.freshworks.com https://cdnjs.cloudflare.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.cdninstagram.com https://www.1083.fr https://www.maxvincent.fr https://www.modetic.com https://preprod.1083.fr https://preprod.maxvincent.fr https://preprod.modetic.com *.avis-verifies.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.monetico-services.com https://ws.colissimo.fr https://widget.freshworks.com https://matomo.1083.fr https://*.google-analytics.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.avis-verifies.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' https://themes.googleusercontent.com/ https://apps.geodan.nl https://acc.apps.geodan.nl https://platform.twitter.com/ https://syndication.twitter.com/ http://www.rovid.nl https://geodata.rivm.nl https://statistiek.rijksoverheid.nl https://mebi.rivm.nl https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://data.rivm.nl/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://statistiek.rijksoverheid.nl http://platform.twitter.com/ https://cdn.syndication.twimg.com https://mebi.rivm.nl https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://data.rivm.nl/ https://apps.rivm.nl; object-src https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/; style-src 'self' 'unsafe-inline' https://platform.twitter.com/ https://ton.twimg.com/ https://mebi.rivm.nl https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/; img-src 'self' https://rivm.nl/ https://*.rivm.nl/ https://statistiek.rijksoverheid.nl/ https://geodata.nationaalgeoregister.nl/ https://syndication.twitter.com/ https://pbs.twimg.com/ https://ton.twimg.com/ https://abs.twimg.com/ https://platform.twitter.com/ http://abs.twimg.com/ data: http://www.rovid.nl https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://service.pdok.nl/ https://data.rivm.nl/ https://*.openstreetmap.org/; frame-ancestors 'self' https://www.atlasleefomgeving.nl https://*.gezondeleefomgeving.nl https://*.woondossier.nl/ https://roosendaal.incijfers.nl https://*.nhnieuws.nl; child-src https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://data.rivm.nl/ ; font-src 'self' https://rivm.nl/ https://*.rivm.nl/ https://themes.googleusercontent.com/ https://cstm.rivm.nl/ https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ data: ; connect-src 'self' https://mebi.rivm.nl/* https://statistiek.rijksoverheid.nl/ https://statistiek.rijksoverheid.nl/* https://cstm.rivm.nl/ https://cstm.rivm.nl/* https://cgl-web-api.rivm.nl/ https://acceptatie-cgl-web-api.rivm.nl/ https://acc-api.rivm.nl https://api.rivm.nl/ https://api.pdok.nl/*; report-uri /report-csp-violation 1 font-src dhv2ziothpgrr.cloudfront.net *.googleapis.com *.gstatic.com *.fontawesome.com *.yotpo.com www.advanblack.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.yotpo.com www.advanblack.com 'self' 'unsafe-inline'; frame-ancestors www.advanblack.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com *.yotpo.com www.advanblack.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io dhv2ziothpgrr.cloudfront.net *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.facebook.com *.yotpo.com www.advanblack.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com *.yotpo.com www.advanblack.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com dhv2ziothpgrr.cloudfront.net fonts.googleapis.com downloads.mailchimp.com *.fontawesome.com unsafe-inline assets.braintreegateway.com tagmanager.google.com *.yotpo.com *.googleapis.com www.advanblack.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com www.advanblack.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.facebook.net *.yotpo.com www.advanblack.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.advanblack.com http: https: blob: 'self' 'unsafe-inline'; default-src www.advanblack.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: bat.bing.com *.googleapis.com snid.snitcher.com assets4.lottiefiles.com *.doubleclick.net www.google.com forms.hsforms.com snippet.maze.co js.hsforms.net b.6sc.co *.azure.com api.investisdigital.com *.gstatic.com *.linkedin.com *.hubspot.com ipv6.6sc.co *.onetrust.com *.gbgplc.com c.6sc.co *.wistia.com www.googletagmanager.com www.google.co.uk *.facebook.com prompts.maze.co *.googleadservices.com epsilon.6sense.com forms-na1.hsforms.com j.6sc.co ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 script-src https: 'strict-dynamic' 'report-sample' 'nonce-eMAtHdTswceWFCoTS8kzTjtZqd2h9Kpzt+WFGQ8ENKg='; base-uri 'self';report-to csp-endpoint 1 default-src 'self' www.scalemodelstore.com; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' www.scalemodelstore.com https://www.google.com www.gstatic.com https://www.googleadservices.com tpc.googlesyndication.com connect.facebook.net; frame-src www.google.com tpc.googlesyndication.com; img-src 'self' data: static.pay.nl www.gstatic.com https://googleads.g.doubleclick.net https://www.google.com rms.ups.com; object-src 'none'; report-uri /csp-violations.php; 1 font-src fonts.gstatic.com use.typekit.net https://superkoch.com.br https://mcstaging.superkoch.com.br *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com https://fonts.gstatic.com *.bootstrapcdn.com *.mundipagg.com *.fontawesome.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com 'self' data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://superkoch.com.br https://mcstaging.superkoch.com.br *.twitter.com *.facebook.com *.mundipagg.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors https://h.online-metrix.net 'self'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://h.online-metrix.net https://superkoch.com.br https://mcstaging.superkoch.com.br *.twitter.com https://www.google.com https://www.google.co.in https://www.facebook.com *.mundipagg.com *.criteo.com/ *.sunset.systems/ https://token.tuna-demo.uy https://token.tunagateway.com https://engine.tunagateway.com/ https://sandbox.tuna-demo.uy https://www.googletagmanager.com/ *.weltpixel.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com p.typekit.net www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://h.online-metrix.net https://superkoch.com.br http://mcstaging.superkoch.com.br https://www.superkoch.com.br/media/wysiwyg/logo-hibrido.svg *.cloudflare.com *.gstatic.com *.google.com *.google.com.br *.google.co.in https://www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com 'self' data: *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net *.youtube.com https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com *.mundipagg.com https://conectiva.io https://token.tuna-demo.uy https://token.tunagateway.com https://engine.tunagateway.com/ https://sandbox.tuna-demo.uy http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com *.croapp.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://h.online-metrix.net https://superkoch.com.br https://mcstaging.superkoch.com.br *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.newrelic.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://connect.facebook.net *.paypalobjects.com *.paypal.com https://chimpstatic.com *.googletagmanager.com *.youtube.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.bootstrapcdn.com *.mundipagg.com *.hotjar.com *.clearsale.com.br *.mouseflow.com *.cartstack.com.br https://conectiva.io *.getbutton.io *.goadopt.io *.amazonaws.com *.smartlook.com *.nr-data.net https://token.tuna-demo.uy https://token.tunagateway.com https://engine.tunagateway.com/ https://sandbox.tuna-demo.uy http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.googleapis.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com https://superkoch.com.br https://mcstaging.superkoch.com.br *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com fonts.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.youtube.com *.bootstrapcdn.com *.mundipagg.com *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com commerce.adobe.io commerce.adobe.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com qa-api.magedevteam.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://h.online-metrix.net https://superkoch.com.br https://mcstaging.superkoch.com.br *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google.com *.google.co.in *.facebook.com *.mundipagg.com *.cardinalcommerce.com *.nr-data.net *.doubleclick.net *.performa.ai *.goadopt.io *.smartlook.cloud https://token.tuna-demo.uy https://token.tunagateway.com https://engine.tunagateway.com/ https://sandbox.tuna-demo.uy http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com t.elasticsuite.io *.google-analytics.com https://viacep.com.br yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-wRl0HtsGzozWXwVJFGKDrdFUVNC8NW5Y'; base-uri 'none'; report-uri https://se.sanitino.eu/api/3/security/?sentry_key=b2d6b02f684b4691b5b10905f49956fa 1 font-src *.fontawesome.com *.gstatic.com 'self' data: fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com stats.g.doubleclick.net deploy.matomo.cloud pay.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com * account.fetchify.com *.meetanshi.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.facebook.com *.google.co.uk pay.google.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.meetanshi.com 'self' data: *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ stats.g.doubleclick.net deploy.matomo.cloud porjs.com *.facebook.net pay.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ s7.addthis.com *.avada.io *.meetanshi.com *.google.com *.gstatic.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.facebook.net pay.google.com unsafe-inline assets.braintreegateway.com cc-cdn.com https://static.klaviyo.com *.fontawesome.com *.googleapis.com *.gstatic.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com stats.g.doubleclick.net deploy.matomo.cloud pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ekr.zdassets.com/ https://get.geojs.io *.avada.io *.meetanshi.com t.elasticsuite.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.gstatic.com www.google-analytics.com www.googletagmanager.com www.riobilheteunico.com.br *.riocardmais.com.br newassets.hcaptcha.com www.google.com *.googleapis.com code.jquery.com js.hcaptcha.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 object-src 'none';base-uri 'self';script-src 'nonce-tTEzKW7DtnzP-Hu146LjEg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com https://fonts.gstatic.com/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://static.addtoany.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.stripe.com https://maps.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.gstatic.com blob: https://bat.bing.com https://alb.reddit.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.addtoany.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com tagmanager.google.com https://www.googletagmanager.com js.stripe.com https://static.cloudflareinsights.com https://bat.bing.com https://www.redditstatic.com https://edge.fullstory.com https://cdnjs.cloudflare.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com js.onrally.com js.sandbox.onrally.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com https://fonts.googleapis.com https://cdnjs.cloudflare.com/ https://static.klaviyo.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://stats.addtoany.com/menu www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.google-analytics.com https://rs.fullstory.com https://edge.fullstory.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com api.onrally.com api.sandbox.onrally.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.gstatic.com use.typekit.net *.gstatic.com data: *.fontawesome.com instantcredit.net test.instantcredit.net https://fonts.gstatic.com 'self' data: *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.paycomet.com api.paycomet.com *.yotpo.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.paycomet.com api.paycomet.com https://player.vimeo.com https://www.youtube-nocookie.com https://pageflip.rba.es/ www.xtento.com *.yotpo.com vars.hotjar.com player.vimeo.com www.youtube.com www.facebook.com ct.pinterest.com static.addtoany.com td.doubleclick.net aax-eu.amazon-adsystem.com 13964233.fls.doubleclick.net 12658434.fls.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com p.typekit.net www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://images.unsplash.com instantcredit.net test.instantcredit.net blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com www.xtento.com cdn.xtento.com *.yotpo.com sb.scorecardresearch.com www.google.com www.google.es www.facebook.com ad.doubleclick.net t.co analytics.twitter.com adservice.google.com bat.bing.com lh3.ggpht.com ct.pinterest.com www.googletagmanager.com bam.nr-data bam.nr-data.net creatividades.rba.es 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com commerce.adobedtm.com www.sandbox.paypal.com t.paypal.com commerce.adobe.net magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io www.paycomet.com api.paycomet.com instantcredit.net test.instantcredit.net code.jquery.com https://player.vimeo.com https://www.youtube.com www.xtento.com cdn.xtento.com *.yotpo.com www.googleoptimize.com connect.facebook.net analytics.tiktok.com sb.scorecardresearch.com static.hotjar.com script.hotjar.com sdk.privacy-center.org js-agent.newrelic.com bam.nr-data.net googleads.g.doubleclick.net static.ads-twitter.com bat.bing.com cdn.lordicon.com s.pinimg.com static.addtoany.com cdn-4.convertexperiments.com logs.convertexperiments.com cdn.jsdelivr.net c.amazon-adsystem.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com instantcredit.net test.instantcredit.net https://fonts.googleapis.com http://fonts.googleapis.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com instantcredit.net test.instantcredit.net https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io *.yotpo.com analytics.tiktok.com region1.google-analytics.com in.hotjar.com bam.nr-data.net stats.g.doubleclick.net www.google-analytics.com ws40.hotjar.com content.hotjar.io cdn.lordicon.com maps.googleapis.com ct.pinterest.com bat.bing.com region1.analytics.google.com www.google.es vc.hotjar.io ws.hotjar.com metrics.hotjar.io pagead2.googlesyndication.com wss://ws.hotjar.com/ logs.convertexperiments.com eu2.device-api.indigitall.com analytics.pangle-ads.com api.privacy-center.org www.google.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' kandypens.com *.kandypens.com verify.authorize.net secure.saintcorporation.com www.googletagmanager.com *.vimeocdn.com use.typekit.net staticw2.yotpo.com www.googleadservices.com googleads.g.doubleclick.net r2-t.trackedlink.net www.google-analytics.com www.google.com www.gstatic.com code.jquery.com jstest.authorize.net includes.ccdc02.com js.authorize.net kandypens.com.imgeng.in static.zdassets.com v2.zopim.com static.trackedweb.net; report-uri /.webscale/csp-report 1 font-src *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.syfpos.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.affirm.com *.affirm.ca *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com syf.demdex.net *.syfpos.com *.syf.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.affirm.com *.affirm.ca www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.syfpos.com *.syf.com analytics.synchrony.com *.d1.sc.omtrdc.net *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.affirm.com *.affirm.ca *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.syfpos.com analytics.synchrony.com *.mysynchrony.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com unsafe-inline *.syfpos.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.affirm.com *.affirm.ca *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.syfpos.com *.syf.com *.d1.sc.omtrdc.net *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.gstatic.com data: *.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.dotdigital-pages.com *.dotdigital.com landofcoder.com *.weltpixel.com *.google.com/ https://www.trustedsite.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.trustpilot.com e.issuu.com *.worthingtondirect.com https://va-s.c.liveperson.net https://lpcdn.lpsnmedia.net lpcdn.lpsnmedia.net https://static.addtoany.com/menu/sm.23.html https://amc.demdex.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com *.trackedlink.net https://www.magezon.com https://cdn.ywxi.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://redchamps.com *.licdn.com *.worthingtondirect.com *.linkedin.com *.bing.com *.google.com *.google.pl *.invocacdn.com *.invoca.net *.doubleclick.net px.adentifi.* https://lpcdn.lpsnmedia.net https://d1zloi9myumgkb.cloudfront.net https://static-1.worthingtondirect.com https://s3.amazonaws.com https://amcglobal.sc.omtrdc.net https://amc.demdex.net https://dpm.demdex.net https://cm.everesttech.net https://cdnjs.cloudflare.com/ajax/libs/galleriffic/2.0.1/css/loader.gif data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal landofcoder.com *.google.com https://cdn.ywxi.net https://www.trustedsite.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com assets.shipperhq.com *.trustpilot.com https://www.googletagmanager.com tagmanager.google.com *.licdn.com *.worthingtondirect.com *.linkedin.com *.bing.com *.google.pl *.invocacdn.com *.invoca.net *.doubleclick.net https://va-s.c.liveperson.net https://lptag.liveperson.net https://va.v.liveperson.net https://static.addtoany.com/menu/page.js https://lpcdn.lpsnmedia.net https://js-agent.newrelic.com/nr-1208.min.js https://accdn.lpsnmedia.net https://bam.nr-data.net https://js-agent.newrelic.com/nr-1209.min.js https://js-agent.newrelic.com/nr-1210.min.js https://assets.shipperhq.com/shq-checkout_0.1.85.js https://www.gstatic.com/recaptcha/releases/tftmXwdbgCvrXiHxr5HGbIaL/recaptcha__uk.js https://js-agent.newrelic.com https://web-sdk.aptrinsic.com/api/aptrinsic.js 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com https://maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com assets.shipperhq.com *.trustpilot.com tagmanager.google.com https://assets.shipperhq.com https://fonts.googleapis.com https://web-sdk.aptrinsic.com/style.css 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com landofcoder.com https://s3-us-west-2.amazonaws.com/mfesecure-public/ https://www.trustedsite.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com rms.shipperhq.com wss://rms.shipperhq.com/ ovs.shipperhq.com https://www.google-analytics.com *.licdn.com *.worthingtondirect.com *.linkedin.com *.bing.com *.invocacdn.com *.invoca.net *.doubleclick.net *.linkedin.oribi.io *.trustpilot.com maps.googleapis.com https://bam.nr-data.net https://amcglobal.sc.omtrdc.net wss://rms.shipperhq.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.es mws.amazonservices.fr api.comapi.com webchat.dotdigital.com *.authorize.net yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com https://dpm.demdex.net https://esp-m.aptrinsic.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.googleapis.com https://www.gstatic.com https://cdn.smilee.io https://fonts.gstatic.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.coupahost.com *.ariba.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com www.paypal.com www.sandbox.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com https://*.gstatic.com https://cdn.smilee.io https://saas.smilee.io https://saas.smilee.fi https://*.google.com https://*.googleapis.com https://*.googleusercontent.com www.paypal.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: www.facebook.com *.etra.fi www.google.fi data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ ajax.googleapis.com https://*.gstatic.com https://cdn.smilee.io *.google.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.gstatic.com saas.smilee.fi browser-update.org connect.facebook.net cdn.matomo.cloud static.hotjar.com static.cloudflareinsights.com js-agent.newrelic.com *.nr-data.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://saas.smilee.io https://saas.smilee.fi https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com *.bolt.com *.googleapis.com wss://saas.smilee.io wss://saas.smilee.fi https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com t.elasticsuite.io www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google-analytics.com saas.smilee.fi stats.g.doubleclick.net www.facebook.com *.nr-data.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.gstatic.com *.nitrocdn.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ sandbox.cashfree.com nitropack.io c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com api.razorpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io cashfreelogo.cashfree.com *.nitrocdn.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com cdn.razorpay.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com sdk.cashfree.com *.intercom.io *.nitrocdn.com *.intercomcdn.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com checkout.razorpay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.nitrocdn.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com cdn.ampproject.org *.getnitropack.com *.intercom.io *.zdassets.com *.nitrocdn.com *.intercomcdn.com wss://nexus-websocket-a.intercom.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com lumberjack.razorpay.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-vh3cT28vD-MsZfHd-sGI8w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 block-all-mixed-content; report-uri https://r7cms.abd.jp/apiViewer/getCspInfo 1 default-src 'self'; script-src 'self' 'nonce-aMDApmKEojNEFePZMInS77ZXzT2O2gG5mBVVNfJ85vIFCGX7ch0lCw' www.googletagmanager.com maps.googleapis.com c.leadlab.click s.pinimg.com connect.facebook.net snap.licdn.com ct.pinterest.com; connect-src 'self' stats.g.doubleclick.net px.ads.linkedin.com maps.googleapis.com ct.pinterest.com region1.google-analytics.com www.google-analytics.com t.leadlab.click adservice.google.com connect.facebook.net www.facebook.com; img-src 'self' data: adservice.google.com ct.pinterest.com googleads.g.doubleclick.net img.youtube.com maps.googleapis.com maps.gstatic.com www.google-analytics.com region1.google-analytics.com www.googletagmanager.com px.ads.linkedin.com t.leadlab.click www.facebook.com; style-src 'self' 'nonce-aMDApmKEojNEFePZMInS77ZXzT2O2gG5mBVVNfJ85vIFCGX7ch0lCw' fonts.googleapis.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' ct.pinterest.com www.youtube-nocookie.com td.doubleclick.net player.bilibili.com www.bimobject.com productsite.bimobject.com www.heinze.de www.facebook.com; base-uri 'self'; object-src 'none'; report-to default 1 font-src maxcdn.bootstrapcdn.com fonts.gstatic.com *.azureedge.net *.doofinder.com *.typekit.net *.googleapis.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com *.storyblok.com 'self'; frame-src www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.facebook.com platform.twitter.com *.multisafepay.com https://pay.google.com *.hotjar.com *.oct8ne.com *.pinterest.com *.doofinder.com *.empathybroker.com *.empathy.co *.criteo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com cdn.doofinder.com https://images.unsplash.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com *.multisafepay.com *.facebook.com *.google.com *.google.es widgets.trustedshops.com *.twitter.com t.co *.azureedge.net *.pinterest.com *.doofinder.com *.bing.com *.storyblok.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.doofinder.com connect.facebook.net twitter.com platform.twitter.com *.multisafepay.com https://pay.google.com www.googletagmanager.com *.googleoptimize.com widgets.trustedshops.com static-eu.oct8ne.com static.zdassets.com *.facebook.net *.tradedoubler.com *.doubleclick.net *.hotjar.com *.ads-twitter.com smct.co *.bsmartdata.com *.retargeted.co *.bing.com *.clarity.ms *.smartsuppcdn.com *.smartsuppchat.com *.smartsupp.com *.connectif.cloud *.klaviyo.com *.photoslurp.com *.pinimg.com *.nosto.com *.doofinder.com *.empathybroker.com *.unpkg.com *.storyblok.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.doofinder.com maxcdn.bootstrapcdn.com *.multisafepay.com *.photoslurp.com *.nosto.com *.klaviyo.com *.typekit.net *.storyblok.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.storyblok.com *.zdassets.com *.doofinder.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.doofinder.com wss://*.doofinder.com *.multisafepay.com *.oct8ne.com *.zendesk.com *.zopim.com *.doubleclick.net *.hotjar.com *.hotjar.io *.clarity.ms *.smartsuppcdn.com *.googleapis.com *.gstatic.com *.google-analytics.com *.google.es *.connectif.cloud *.klaviyo.com *.photoslurp.com *.zdassets.com *.pinterest.com *.nosto.com *.empathybroker.com *.empathy.co 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.opayo.eu.elavon.com *.fontawesome.com https://www.gstatic.com https://fonts.gstatic.com data: *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.opayo.eu.elavon.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.opayo.eu.elavon.com account.fetchify.com https://www.google.com www.youtube.com youtube.com player.vimeo.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.paypal.com *.opayo.eu.elavon.com www.xtento.com cdn.xtento.com *.google.com *.google.fr *.google.ie *.google.co.uk *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.opayo.eu.elavon.com *.avada.io *.google.com https://www.gstatic.com ict.infinity-tracking.net www.xtento.com cdn.xtento.com *.google.fr *.google.ie *.google.co.uk *.googletagmanager.com *.googleadservices.com googleads.g.doubleclick.net *.yotpo.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com *.opayo.eu.elavon.com cc-cdn.com *.fontawesome.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.paypal.com *.opayo.eu.elavon.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk ict.infinity-tracking.net *.google-analytics.com stats.g.doubleclick.net *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 style-src-elem https://personalization-web-stable.mindbox.ru *.yclients.com *.googleapis.com 'unsafe-inline' 'self'; script-src-elem https://personalization-web-stable.mindbox.ru https://*.googletagmanager.com https://www.google-analytics.com cstatic.weborama.fr https://js-agent.newrelic.com helpdeskeddy.loreal.com.ru https://vk.com https://*.yandex.ru https://cdn.leadplan.ru https://api.mindbox.ru https://*.nr-data.net *.maps.yandex.net https://www.youtube.com https://yastatic.net 'unsafe-inline' 'self'; font-src https://fonts.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://kerastaseru.push.world https://*.google.com https://*.doubleclick.net/ https://n87.alteg.io https://www.facebook.com/ https://*.doubleclick.net https://helpdeskeddy.loreal.com.ru https://*.weborama.fr https://ru.spotscan.com https://loreal-webconsultation.modiface.com https://makeupstat.ru https://skinstat.ru https://staicxx.facebook.com https://tag.rutarget.ru https://*.criteo.com https://www.facebook.com https://www.youtube.com https://*.googletagmanager.com https://api.flocktory.com https://vk.com https://*.criteo.net https://rbnt.org https://*.yandex.ru https://e-academie.ru https://*.yclients.com https://loreal.helpdeskeddy.com https://beautyid.pro 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://vk.com https://api-maps.yandex.ru https://www.google.com https://www.google.ru https://cdn.retailrocket.net w1.yclients.com https://*.maps.yandex.net http://ad.doubleclick.net https://adservice.google.com https://www.facebook.com https://*.mail.ru https://*.flocktory.com https://disk.leadplan.ru https://adservice.google.ru https://storage.cloud.croc.ru https://*.yandex.ru https://*.fls.doubleclick.net https://*.weborama.fr personalization-pixel-stable.mindbox.ru data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ http://www.googletagmanager.com https://vk.com https://api-maps.yandex.ru https://yastatic.net http://cdn.retailrocket.ru https://www.google.com https://www.gstatic.com https://www.artfut.com http://*.yandex.ru https://*.facebook.net https://*.mindbox.ru https://loreal-luxe-services.directcrm.ru https://aprtx.com https://aprtn.com https://*.mail.ru https://*.lenmit.com http://*.lenmit.com https://*.flocktory.com https://kerastaseru.push.world *.avada.io https://cdn.leadplan.ru/ https://cdn.helpdeskeddy.com https://helpdeskeddy.loreal.com.ru cstatic.weborama.fr https://js-agent.newrelic.com https://*.nr-data.net https://www.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com https://cdn.retailrocket.net https://w1.yclients.com *.fontawesome.com https://personalization-web-stable.mindbox.ru 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net https://analytics.google.com/ www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://tracking.retailrocket.net https://cdn.retailrocket.net https://api.retailrocket.net https://stats.g.doubleclick.net https://geocode-maps.yandex.ru https://e-academie.ru https://mc.yandex.ru https://*.mindbox.ru https://*.mail.ru https://aprtx.com https://get.geojs.io *.avada.io https://app.leadplan.ru/ https://*.weborama.fr https://*.analytics.google.com/ https://www.google-analytics.com https://*.nr-data.net https://suggestions.dadata.ru 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' ; base-uri 'self' ; object-src 'none' ; style-src 'self' 'unsafe-inline' cdn.plyr.io https://fonts.googleapis.com https://devcomapbotpilot-test.azurewebsites.net/ https://chatbotapp-stage.azurewebsites.net/ https://intelibot-prod.azurewebsites.net/ ; script-src 'strict-dynamic' 'nonce-K4l6IQqWTsUD7IQtVaObFk2yPxTXHQGO' 'self' 'unsafe-inline' 'unsafe-eval' https://js.monitor.azure.com https://admin.dev.comap-control.bluehosting.cz https://chatbotapp-stage.azurewebsites.net/ https://devcomapbotpilot-test.azurewebsites.net/ https://intelibot-prod.azurewebsites.net/ ; font-src 'self' https://fonts.gstatic.com/ ; connect-src 'self' https://*.logic.azure.com/ https://devcomapbotpilot-test.azurewebsites.net https://chatbotapp-stage.azurewebsites.net/ https://intelibot-prod.azurewebsites.net/ https://devcomapcognitiveservices-test.azurewebsites.net https://intelisearch-stage.azurewebsites.net https://intelisearch.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.in.applicationinsights.azure.com/ wss://localhost:44377 ws://localhost:50602 noembed.com cdn.plyr.io ; img-src * 'self' data: ; media-src 'self' *.comap-control.com/ https://comapkenticouat6527.blob.core.windows.net ; frame-src https://www.thinglink.com youtube-nocookie.com www.youtube-nocookie.com youtube.com www.youtube.com vimeo.com www.vimeo.com https://www.google.com/ ; frame-ancestors https://admin.dev.comap-control.bluehosting.cz/ 1 img-src https://higherlogicdownload.s3.amazonaws.com/PTG/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/PTG/ https://img.youtube.com/vi/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/PTG/ https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ fonts.googleapis.com https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/PTG/ https://higherlogicdownload.s3.amazonaws.com/PTG/ https://higherlogiclongterm.s3.amazonaws.com/PTG/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ higherlogiccloudfront.s3.amazonaws.com fonts.googleapis.com https://higherlogicdownload.s3.amazonaws.com/PTG/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/PTG/ 'self' https://higherlogiclongterm.s3.amazonaws.com/PTG/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; media-src https://higherlogiclongterm.s3.amazonaws.com/PTG/ https://higherlogicdownload.s3.amazonaws.com/PTG/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/PTG/ https://higherlogicstream.s3.amazonaws.com/PTG/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/PTG/ https://higherlogicdownload.s3.amazonaws.com/PTG/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d132x6oi8ychic.cloudfront.net cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/PTG/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; script-src-elem https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d3uf7shreuzboy.cloudfront.net/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; worker-src 'self'; frame-src https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; default-src 'self'; base-uri 'self'; connect-src 'self' hl-managedservices.informz.net; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: vc.hotjar.io www.google.com.br bp-digital-cdn.brasilprev.com.br www.google-analytics.com www.youtube.com api.brasilprev.com.br vlibras.gov.br *.hotjar.com *.doubleclick.net content.hotjar.io *.gstatic.com www.googletagmanager.com analytics.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 font-src https://fonts.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://player.vimeo.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com https://player.vimeo.com https://www.youtube.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com https://fonts.googleapis.com http://fonts.googleapis.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com https://fonts.googleapis.com https://fonts.gstatic.com www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 frame-ancestors 'self' *.ift.edu.mo *.iftm.edu.mo 1 object-src 'none';base-uri 'self';script-src 'nonce-TBVJB831L_KqSxb6slKFrA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src https:; connect-src https: 'unsafe-eval' 'unsafe-inline' wss://pubsubsec.usedesk.ru; script-src https: 'unsafe-eval' 'unsafe-inline' pubsubsec.usedesk.ru; style-src https: 'unsafe-inline' pubsubsec.usedesk.ru; img-src https: data:; font-src https: data:; report-uri /csp-report 1 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com *.googleapis.com data: *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.doubleclick.net *.facebook.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com magento-cloudflare.jetrails.com www.youtube.com *.klarna.com https://stringfurniture.com https://*.stringfurniture.com https://cdn.consentmanager.mgr.consensu.org/ https://consentcdn.cookiebot.com *.trustpilot.com *.hotjar.com https://*.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.weltpixel.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com https://d1pna5l3xsntoj.cloudfront.net d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://www.google.com *.google.bg https://www.facebook.com *.facebook.net *.doubleclick.net *.bird.eu *.ytimg.com *.klarna.com *.klarnaevt.com https://cdn.consentmanager.net https://scontent.cdninstagram.com https://dot.designtorget.se https://cdn.valuesportal.com www.googletagmanager.com *.googleadservices.com *.google-analytics.com https://googleads.g.doubleclick.net https://www.google.se *.paypal.com *.paypalobjects.com https://mcusercontent.com https://js.klevu.com https://*.mgr.consensu.org https://cx.atdmt.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com www.xtento.com cdn.xtento.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://core.helloretail.com https://d1pna5l3xsntoj.cloudfront.net *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.klarna.com *.hotjar.io https://dot.designtorget.se https://valuesportal.com https://consentcdn.cookiebot.com https://consent.cookiebot.com www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://maps.googleapis.com *.gstatic.com https://connect.facebook.net/ *.trustpilot.com https://chimpstatic.com *.klarnacdn.net *.adyen.com https://js.klevu.com https://downloads.mailchimp.com *.list-manage.com *.hotjar.com *.gtm.adt313.net https://checkoutshopper-test.adyen.com https://*.mgr.consensu.org https://*.cloudflareinsights.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://d1pna5l3xsntoj.cloudfront.net *.googleapis.com *.doubleclick.net *.facebook.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com https://designtorget.se https://designtorget.com *.fonts.googleapis.com *.gstatic.com https://downloads.mailchimp.com https://js.klevu.com https://*.mgr.consensu.org unsafe-inline tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com https://core.helloretail.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.facebook.com *.facebook.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.klarnaevt.com https://dot.designtorget.se api.adtraction.net consentcdn.cookiebot.com *.paypal.com *.cardinalcommerce.com *.stripe.com *.klarna.com *.klarnacdn.net *.addwish.com *.doubleclick.net *.hotjar.com https://*.mgr.consensu.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' hippieartesanatos.com *.hippieartesanatos.com hippieartesanatos.fbitsstatic.net fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br dzpxyxks1bfmb.cloudfront.net *.g.doubleclick.net *.hippieartesanatos.com.br *.gstatic.com *.soclminer.com.br *.btg360.com.br *.socialminer.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.sizebay.technology *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.fbits.store *.adyen.com ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.hippieartesanatos.com hippieartesanatos.com; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho 1 object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-I5-_ofTfbZtAbP_zhhWsEbsvXOP7-cco'; base-uri 'none'; report-uri https://se.sanitino.eu/api/3/security/?sentry_key=b2d6b02f684b4691b5b10905f49956fa 1 frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.cloudmaestro.com www.nightingale.com nightingale.com www.googletagmanager.com acsbap.com acsbapp.com www.google-analytics.com 'unsafe-hashes'; report-uri /.webscale/csp-report 1 default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.ch ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com *.google-analytics.com *.analytics.google.com sanalytics.spreadshirt.ch *.spreadshirt.ch ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.google-analytics.com *.analytics.google.com *.spreadshirt.ch ; font-src 'self' https: data: *.spreadshirt.ch ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.ch ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.ch ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.doubleclick.net beacon.krxd.net *.adsrvr.org cdn.cookielaw.org bam.nr-data.net js-agent.newrelic.com www.google-analytics.com cdn.krxd.net cdn.clinch.co cdn.jsdelivr.net cdn.treasuredata.com www.googletagmanager.com www.youtube.com www.google.com www.google.co.za in.treasuredata.com *.clarity.ms *.serving-sys.com analytics.google.com trk.clinch.co ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 frame-ancestors 'self';block-all-mixed-content;default-src 'self';script-src 'self' data: 'report-sample' 'unsafe-inline' 'unsafe-eval' https://static.zdassets.com https://ekr.zdassets.com https://googleads.g.doubleclick.net https://connect.facebook.net https://kit.fontawesome.com https://maps.googleapis.com https://script.hotjar.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.hotjar.com https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://secure.gravatar.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://snap.licdn.com;style-src 'self' 'report-sample' 'unsafe-inline' secure.gravatar.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://www.googletagmanager.com;object-src 'none';frame-src 'self' data: atlassian-companion: https://www.youtube.com https://www.google.com https://player.vimeo.com https://www.facebook.com https://td.doubleclick.net;child-src 'self';img-src 'self' data: https://www.googletagmanager.com https://i.vimeocdn.com https://www.linkedin.com https://maps.googleapis.com https://www.googletagmanager.com/a *.gravatar.com https://www.google-analytics.com https://maps.gstatic.com https://px.ads.linkedin.com https://www.facebook.com https://www.google.com https://www.google.com.au https://px4.ads.linkedin.com;font-src 'self' data: https://fonts.gstatic.com https://ka-p.fontawesome.com;connect-src 'self' https://px.ads.linkedin.com https://borderexpress.zendesk.com https://ekr.zdassets.com https://www.google.com.au https://analytics.google.com *.gravatar.com https://yoast.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ka-p.fontawesome.com https://maps.googleapis.com https://www.google-analytics.com https://kit.fontawesome.com https://pagead2.googlesyndication.com https://vc.hotjar.io;manifest-src 'self';base-uri 'self';form-action 'self' https://www.facebook.com ;media-src 'self';worker-src 'self'; 1 default-src 'self' data: 'unsafe-inline' *.google.com *.usercentrics.eu *.sleeknote.com *.hubapi.com blob: *.googleapis.com *.gstatic.com *.hsforms.com *.hubspot.com *.doubleclick.net *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hsadspixel.net *.hsforms.net *.hsleadflows.net *.linkedin.com *.licdn.com *.google-analytics.com *.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.usercentrics.eu *.doubleclick.net *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.net js.hsforms.net *.hsleadflows.net *.sleeknote.com *.licdn.com wasm-eval *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.hsadspixel.net *.hsforms.net *.google.com; script-src-elem 'self' 'unsafe-inline' *.usercentrics.eu googleads.g.doubleclick.net *.googletagmanager.com *.google-analytics.com *.licdn.com *.hs-scripts.com *.sleeknote.com *.hs-banner.com *.hsadspixel.net *.hsleadflows.net *.hs-analytics.net *.hsforms.net; style-src 'self' data: 'unsafe-inline' *.googleapis.com; style-src-elem 'self' data: 'unsafe-inline' *.googleapis.com *.gstatic.com; style-src-attr 'unsafe-inline'; img-src 'self' data: *.hubspotusercontent-na1.net *.doubleclick.net *.google.com *.sleeknote.com *.usercentrics.eu blob: *.hubspotusercontent10.net *.gstatic.com *.hsforms.com *.ytimg.com *.baidu.com *.linkedin.com *.gravatar.com *.hsstatic.net *.hubspot.com *.placeholder.com *.google-analytics.com *.googletagmanager.com app.usercentrics.eu www.google.ch; font-src 'self' data: *.gstatic.com github.com; connect-src 'self' *.doubleclick.net *.google.com *.usercentrics.eu *.hubapi.com *.killadsapi.com *.solarspireconsulting.com *.googleapis.com *.hsforms.com *.hubspot.com *.s3.amazonaws.com *.sleeknote.com *.linkedin.com *.google-analytics.com yoast.com adservice.google.com aggregator.service.usercentrics.eu api.usercentrics.eu; media-src data:; child-src *.usercentrics.eu *.hsforms.com; frame-src 'self' *.usercentrics.eu *.hsforms.com *.tradebyte.org *.doubleclick.net *.youtube.com td.doubleclick.net; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' *.hsforms.com; manifest-src 'self'; report-uri https://bleech.report-uri.com/r/d/csp/wizard 1 font-src *.feedbackcompany.com *.googleapis.com https://www.gstatic.com fonts.gstatic.com https://fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.feedbackcompany.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.mollie.com www.xtento.com *.freshchat.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://images.unsplash.com *.feedbackcompany.com 'self' data: https:/at19.net https://bdt9.net https://ds1.nl https://dt51.net https://dt61.net https://fr135.net https://glp8.net https://jdt8.net https://jf79.net https://hs82.net https://lt45.net https://mt74.net https://ndt5.net https://rkn3.net *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://img.youtube.com https://www.mollie.com flagpedia.net https://redchamps.com ts.tradetracker.net www.magmodules.eu www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.feedbackcompany.com *.googletagmanager.com tagmanager.google.com https://*.google.com *.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com s7.addthis.com https://cdn.polyfill.io https://browser.sentry-cdn.com js.mollie.com maps.googleapis.com tm.tradetracker.net www.xtento.com cdn.xtento.com gateway.tweakwisenavigator.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com tagmanager.google.com fonts.google.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/css/fontawesome.min.css 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.feedbackcompany.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com ekr.zdassets.com/ https://*.ingest.sentry.io www.gstatic.com maps.googleapis.com gateway.tweakwisenavigator.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.googleapis.com *.gstatic.com *.fontawesome.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com 'self' data: *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com https://player.vimeo.com https://www.youtube-nocookie.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.googleapis.com *.gstatic.com https://www.magezon.com *.google.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com 'self' data: www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com s7.addthis.com *.avada.io *.google.com cdn.jsdelivr.net https://player.vimeo.com https://www.youtube.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.google.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.googleapis.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com ekr.zdassets.com/ https://get.geojs.io *.avada.io https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io t.elasticsuite.io *.google-analytics.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self'; script-src 'nonce-4oj3WK7QyzkzhHuo801aXA==' 'strict-dynamic' 'self' 'self' 'unsafe-inline' 'unsafe-eval' https: http:; style-src 'self' unsafe-inline; font-src 'self' data:; img-src 'self' https: blob: data:; object-src 'none'; form-action 'self'; connect-src 'self' https://*; frame-src https://docs.google.com/forms; report-uri https://a63yeeri7wl76nn3q62tl44l3y0zlkpz.lambda-url.ap-northeast-1.on.aws/ 1 default-src 'self'; script-src 'self' 'unsafe-inline' https://analytics.mykrone.green https://consent.cookiebot.com https://consentcdn.cookiebot.com https://maps.googleapis.com; frame-src 'self' *.youtube.com *.mykrone.green *.krone.de *.dev-datineo.de *.agroparts.com *.paypal.com *.crefopay.de *.cookiebot.com *.krone-uk.com *.krone.fr *.krone-nederland.nl *.krone-austria.at *.empolisservices.com *.k8s.internetx.io mailto: tel:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' *.mykrone.green landmaschinen.krone.de www.krone-agriculture.com data: *.openstreetmap.org https://maps.gstatic.com https://maps.googleapis.com; connect-src 'self' https://analytics.mykrone.green/ https://consentcdn.cookiebot.com/ https://maps.googleapis.com; font-src 'self' https://fonts.gstatic.com; report-uri https://mykrone.green/control/cspReport; 1 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.gstatic.com https://static.buckaroo.nl ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com log.pinterest.com ssl.google-analytics.com maps.googleapis.com maps.gstatic.com dev.visualwebsiteoptimizer.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl chimpstatic.com downloads.mailchimp.com *.list-manage.com www.gstatic.com t.trackedlink.net assets.pinterest.com maps.googleapis.com ssl.google-analytics.com dev.visualwebsiteoptimizer.com js-agent.newrelic.com bam-cell.nr-data.net s7.addthis.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.trustpilot.com www.giftomatic.io https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl downloads.mailchimp.com fonts.googleapis.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl log.pinterest.com bam-cell.nr-data.net ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://bestpractice.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1 object-src 'none';base-uri 'self';script-src 'nonce-tRXaUYDfCvQ2aXn08RVBGA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self'; connect-src 'self' assets-cdn.kodomo-booster.com www.google-analytics.com am.yahoo.co.jp analytics.google.com measurement-api.criteo.com stats.g.doubleclick.net; font-src 'self' fonts.gstatic.com assets-cdn.kodomo-booster.com data:; frame-src 'self' bid.g.doubleclick.net youtube.com www.youtube.com fledge.as.criteo.com gum.criteo.com td.doubleclick.net; img-src 'self' image2.kodomo-booster.com assets-cdn.kodomo-booster.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google-analytics.com googleads.g.doubleclick.net www.google.com maps.gstatic.com *.googleapis.com *.ggpht ad.as.amanad.adtdp.com ade.clmbtech.com adgen.socdm.com adx.dable.io b99.yahoo.co.jp beacon.krxd.net c.bing.com cm.g.doubleclick.net contextual.media.net criteo-sync.teads.tv cs.adingo.jp dev.visualwebsiteoptimizer.com dis.criteo.com eb2.3lift.com gum.criteo.com hb.yahoo.net ib.adnxs.com idsync.rlcdn.com pixel.rubiconproject.com r.casalemedia.com rtb-csync.smartadserver.com s.ad.smaato.net simage2.pubmatic.com sync-criteo.ads.yieldmo.com sync-t1.taboola.com sync.outbrain.com tags.bluekai.com tg.socdm.com tr.line.me www.facebook.com www.google.co.jp x.bidswitch.net data:; script-src 'self' assets-cdn.kodomo-booster.com tagmanager.google.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com www.google.com googleads.g.doubleclick.net maps.googleapis.com www.itokuro.jp b99.yahoo.co.jp connect.facebook.net d.line-scdn.net dev.visualwebsiteoptimizer.com sslwidget.criteo.com 'unsafe-inline' 'unsafe-eval' 'nonce-IB2xhHT18AFhai4A7YKou+J1E55T/vZxVXFJ9KF3t+c='; style-src 'self' tagmanager.google.com fonts.googleapis.com assets-cdn.kodomo-booster.com 'unsafe-inline' 'nonce-IB2xhHT18AFhai4A7YKou+J1E55T/vZxVXFJ9KF3t+c='; report-uri https://o240875.ingest.sentry.io/api/5769216/security/?sentry_key=bf03e8125dc74d988001801b90a625db&sentry_environment=production 1 connect-src 'self' trc-events.taboola.com trc.taboola.com; font-src 'self' data: fonts.gstatic.com; form-action fiorirh.intrallianz.es:4443 online.allianz-assistance.es:5310 seguros.fenixdirecto.com sis.redsys.es www.allianz.es www.aznet.com.pt www.e-pacallianz.com 'self' app.allianz.es es.allianzdirect.es oficinas.allianz.pt www.allianzdirect.es www.es.intrallianz.com www.facebook.com www.fenixdirecto.com; frame-ancestors 'self' 'unsafe-eval' about; frame-src 'self' www.googletagmanager.com 'unsafe-eval' 3ds.vinea.es 8383920.fls.doubleclick.net acestream.me asp.infobolsanet.com azeu.demdex.net bid.g.doubleclick.net cdncache-a.akamaihd.net sas.redsys.es sis.redsys.es tpc.googlesyndication.com www.allianz.es www.allianz.pt; img-src 'self' bat.bing.com blob: data: googleads.g.doubleclick.net px.ads.linkedin.com www.facebook.com www.google.com www.google.es www.linkedin.com; object-src 'self' www.allianz.pt; script-src-attr 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' api.ipify.org cdn.taboola.com connect.facebook.net snap.licdn.com trc.taboola.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' bat.bing.com cdn.cookielaw.org cdn.taboola.com connect.facebook.net geolocation.onetrust.com trc.taboola.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com; style-src-elem translate.googleapis.com www.gstatic.com 'self' 'unsafe-inline'; style-src 'self' 'unsafe-eval' www.e-pacallianz.com 'unsafe-inline' self; style-src-attr 'unsafe-inline'; report-uri https://allianz.report-uri.com/r/d/csp/wizard 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: gtmss.comprecimed.com.br cdn.datatables.net prism.app-us1.com region1.analytics.google.com cdn.amplitude.com cdn.pushowl.com api.amplitude.com cdn.navdmp.com *.clarity.ms widget-api.socialhead.io app.identixweb.com ad.sxp.smartclip.net api.voxus.tv *.tiktok.com cdn.shopify.com cdn.judge.me www.googletagmanager.com adservice.google.com apps.thrustapps.com cdn1.judge.me s.yimg.com *.mathtag.com js.hcaptcha.com sp.analytics.yahoo.com cdn.sweettooth.io *.doubleclick.net trackcmp.net cdnjs.cloudflare.com *.myshopify.com api.pushowl.com *.adsrvr.org www.comprecimed.com.br *.demdex.net *.facebook.com app.cart-bot.net www.google-analytics.com *.taboola.com static-socialhead.cdnhub.co targeting.voxus.tv use.fontawesome.com newassets.hcaptcha.com api.ipify.org targeting.voxus.com.br *.gstatic.com evhubcart.azurewebsites.net analytics.google.com use.typekit.net fonts.shopifycdn.com monorail-edge.shopifysvc.com shop.app scheduledbanners.bighornwebsolutions.com www.merchant-center-analytics.goog logs-01.loggly.com *.smartadserver.com www.google.com static.socialhead.io cdn-app.cart-bot.net www.google.com.br bat.bing.com *.everesttech.net secure.adnxs.com api.judge.me js.smile.io cdn.targeting.voxus.com.br tag.navdmp.com diffuser-cdn.app-us1.com forms.shopifyapps.com *.criteo.com cms.analytics.yahoo.com *.facebook.net platform.smile.io shopify-chat.shopifyapps.com *.windows.net usr.navdmp.com *.googleapis.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 default-src 'self' http: https:; font-src 'self' https: data:; img-src 'self' http: https: data: blob:; object-src 'none'; connect-src 'self' wss: http: https:; script-src 'self' https: http: 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: http: 'unsafe-inline'; worker-src blob:; report-uri https://hlidacky.report-uri.com/r/d/csp/reportOnly 1 font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.typekit.net *.trustedshops.com *.trustpilot.com *.googleapis.com https://www.gstatic.com https://fonts.gstatic.com *.yotpo.com https://static.klaviyo.com/onsite/hosted-fonts/ https://player.vimeo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.nosto.com *.nos.to https://plumrocket.com *.paymentexpress.com *.windcave.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk https://www.google.com *.doubleclick.net *.facebook.com *.nosto.com *.nos.to *.addthis.com *.hotjar.com *.laybuy.com *.flashtalking.com https://plumrocket.com www.xtento.com *.paymentexpress.com *.windcave.com https://accounts.google.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.yotpo.com https://popup.laybuy.com *.afterpay.com https://player.vimeo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.afterpay.com https://site-assets.afterpay.com/ 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.nosto.com *.nos.to *.cloudflare.com https://cdn.klarna.com * *.paypal.com *.afterpay.com https://s.ytimg.com *.usercentrics.eu *.trustpilot.com *.googleapis.com *.hotjar.com www.xtento.com cdn.xtento.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com https://scontent.cdninstagram.com/ https://integration-assets.laybuy.com/ http://mcstaging.max.co.nz/ https://usage.trackjs.com/usage.gif https://player.vimeo.com *.zendesk.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://api.addressfinder.io https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com polyfill.io https://www.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ s7.addthis.com *.avada.io *.nosto.com *.nos.to *.cloudflare.com *.adobe.com *.authorize.net *.foursixty.com *.trustedshops.com *.usercentrics.eu *.trustpilot.com *.googleapis.com *.intercomcdn.com *.intercom.io *.hotjar.com *.newrelic.com *.nr-data.net http://foursixty.com *.paypal.com js.braintreegateway.com *.cardinalcommerce.com *.afterpay.com *.klaviyo.com *.addthis.com *.addthisedge.com *.moatads.com https://www.gstatic.com *.xtento.com *.braintreegateway.com *.maxmind.com *.yotpo.com *.quantserve.com www.xtento.com cdn.xtento.com https://accounts.google.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com https://static.hotjar.com https://cdn.trackjs.com https://script.hotjar.com https://js-agent.newrelic.com https://widget.intercom.io https://bam.nr-data.net https://static-tracking.klaviyo.com https://foursixty.com *.getsitecontrol.com *.clarity.ms *.quantcount.com https://player.vimeo.com *.zdassets.com *.zendesk.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://api.addressfinder.io static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com *.nosto.com *.nos.to *.cloudflare.com *.typekit.net *.foursixty.com foursixty.com/* http://foursixty.com *.trustedshops.com *.usercentrics.eu *.trustpilot.com *.hotjar.com *.afterpay.com/ https://accounts.google.com *.yotpo.com https://www.gstatic.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com * 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.addressfinder.io static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.algolia.net *.algolianet.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ekr.zdassets.com/ https://get.geojs.io *.avada.io *.nosto.com *.nos.to *.cloudflare.com * foursixty.com *.paypal.com *.googleapis.com *.sandbox.paypal.com *.paypalobjects.com *.afterpay.com *.klaviyo.com *.algolianet.net *.intercom.io *.hotjar.com *.nr-data.net *.mmapiws.com https://accounts.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com *.yotpo.com wss://nexus-websocket- https://capture.trackjs.com https://bam.nr-data.net https://player.vimeo.com *.zdassets.com *.zendesk.com wss://pod-15.zendesk.com/sc/faye 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io store.paradoxlabs.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.authorize.net *.hsforms.net *.hsforms.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.authorize.net t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.fontawesome.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.safaricom.co.ke *.payfort.com prizehandling.com *.promotionserv.com:* *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.safaricom.co.ke *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.google.com prizehandling.com *.promotionserv.com:* *.doubleclick.net *.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.googletagmanager.com *.gstatic.com prizehandling.com *.promotionserv.com:* *.cookielaw.org *.googleapis.com *.facebook.com *.google.ca *.google.com *.google.co.in *.google.co.ke www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.safaricom.co.ke *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.coke.com js-agent.newrelic.com bam.nr-data.net *.googletagmanager.com *.google.com *.gstatic.com campwidget.com *.googleapis.com prizehandling.com *.promotionserv.com:* *.zdassets.com *.cookielaw.org *.facebook.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.coke.com bam.nr-data.net *.amazonaws.com campwidget.com *.googleapis.com prizehandling.com *.promotionserv.com:* wss://*.promotionserv.com:* *.cookielaw.org *.zdassets.com mycokestore.zendesk.com wss://*.zopim.com:* *.onetrust.com *.google.com *.google.ca *.google.co.in *.google.co.ke *.doubleclick.net *.adobedc.net adobedc.demdex.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.sagepay.com *.yotpo.com *.googleapis.com *.gstatic.com www.partstown.co.uk data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.sagepay.com *.facebook.com *.yotpo.com www.partstown.co.uk 'self' 'unsafe-inline'; frame-ancestors www.partstown.co.uk 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.sagepay.com *.weltpixel.com *.yotpo.com www.partstown.co.uk 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.adyen.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.paypal.com *.sagepay.com validate.fishpig.co.uk *.gstatic.com *.facebook.com *.yotpo.com www.partstown.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com maps.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.sagepay.com https://www.googletagmanager.com tagmanager.google.com analytics.google.com *.facebook.net *.yotpo.com www.partstown.co.uk https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com *.sagepay.com tagmanager.google.com *.yotpo.com *.googleapis.com www.partstown.co.uk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.partstown.co.uk 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.paypal.com *.sagepay.com *.google-analytics.com analytics.google.com *.facebook.net https://www.google-analytics.com *.yotpo.com www.partstown.co.uk 'self' 'unsafe-inline'; child-src www.partstown.co.uk http: https: blob: 'self' 'unsafe-inline'; default-src www.partstown.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com https://fonts.googleapis.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com https://maps.googleapis.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com https://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src https://fonts.gstatic.com maxcdn.bootstrapcdn.com https://*.quadpay.com https://*.zip.co *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://cdn.chatbot.com https://cdn.jst.ai *.dotdigital-pages.com *.dotdigital.com www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com https://www.google.com *.google.com *.paypal.com vimeo.com *.klaviyo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.quadpay.com https://*.zip.co www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.googletagmanager.com https://www.dwin1.com https://cdn.noibu.com https://cdn.chatbot.com https://acsbapp.com https://cdn.jsdelivr.net https://cdn.jst.ai https://aly.jst.ai https://my.jst.ai https://recommend.jst.ai https://cdnjs.cloudflare.com *.cardinalcommerce.com *.google.com *.paypal.com *.dotdigital-pages.com *.braintreegateway.com *.trackedweb.net *.trackedlink.net *.optimizely.com *.segment.com *.segment.io *.facebook.net *.google-analytics.com *.fullstory.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.quadpay.com https://*.zip.co js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://cdn.jst.ai *.fontawesome.com fonts.googleapis.com maxcdn.bootstrapcdn.com https://static.klaviyo.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://cdn.acsbapp.com https://cdn.chatbot.com https://aly.jst.ai https://my.jst.ai https://stats.g.doubleclick.net https://recommend.jst.ai https://cdnjs.cloudflare.com https://bt.signifyd.com https://input.noibu.com *.google.com *.paypal.com *.cardinalcommerce.com *.trackedweb.net *.trackedlink.net *.dotdigital-pages.com *.braintreegateway.com *.braintree-api.com *.optimizely.com *.segment.com *.google-analytics.com *.fullstory.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.quadpay.com https://*.zip.co api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com google.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: in.treasuredata.com *.gstatic.com *.facebook.net *.adsrvr.org s.yimg.com *.doubleclick.net *.tiktok.com analytics.google.com www.googletagmanager.com *.clarity.ms *.mimecast.com trk.clinch.co cdn.treasuredata.com *.facebook.com cdn.krxd.net sp.analytics.yahoo.com beacon.krxd.net www.google.com.ar *.windows.net *.onetrust.com *.googleapis.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 object-src 'none';base-uri 'self';script-src 'nonce-JZHd3oJ5fuTDiaDN59MjJg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com data: *.flixfacts.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://www.googletagmanager.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.twitter.com *.doubleclick.net *.hotjar.com *.facebook.com *.flixcar.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.google.com *.google.ca *.doubleclick.net *.multiluminaire.ca *.facebook.com *.flix360.com *.flixcar.com *.flix360.io *.flixfacts.io *.flixfacts.com *.flixcar.io *.intuit.com *.mcusercontent.com *.privacy-center.org data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.googleapis.com *.gstatic.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.doubleclick.net *.googletagmanager.com trackcmp.net *.google.com *.facebook.net *.hotjar.com *.flixcar.com *.flix360.io *.flixfacts.com *.flixgvid.com *.newrelic.com *.privacy-center.org *.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline fonts.googleapis.com downloads.mailchimp.com https://static.klaviyo.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.flixcar.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.cloudflare.com *.twitter.com *.twimg.com *.hotjar.com *.hotjar.io *.google.com *.nr-data.net *.doubleclick.net *.klaviyo.com *.privacy-center.org 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.googleapis.com fonts.gstatic.com data: *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.wistia.net *.wistia.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com tracking.monsido.com *.wistia.net *.wistia.com https://img.youtube.com 'self' data: *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ unpkg.com *.sketchfab.com s7.addthis.com app-script.monsido.com *.wistia.net *.wistia.com *.google.com *.gstatic.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.wistia.net *.wistia.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.wistia.net *.wistia.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ekr.zdassets.com/ t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.wistia.net *.wistia.com 'self' 'unsafe-inline'; 1 default-src https:; script-src 'self' blob: catalyst-analytics.net stats.catalyst-au.net cdnjs.cloudflare.com *.youtube.com *.twitter.com *.twimg.com *.ytimg.com *.googleapis.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net h5p.org *.wikipedia.org 'unsafe-inline' 'unsafe-eval'; font-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: *.yimg.com *.twimg.com *.navy.gov.au *.army.gov.au amc.edu.au gfs.org.au abc.net.au catalyst-analytics.net; report-uri https://www.adele.edu.au/local/csp/collector.php?uid=0&cid=1 1 font-src *.gstatic.com data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com www.google.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.googleapis.com store.paradoxlabs.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.googleapis.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.authorize.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline *.googleapis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.authorize.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 frame-ancestors 'self' https://*.cloud.infor.com 1 base-uri 'self'; default-src 'self'; connect-src 'self' https://track.connect.bcg.com https://heapanalytics.com https://session-replay.browser-intake-datadoghq.com https://*.logs.datadoghq.com; font-src 'self' https://fonts.gstatic.com; frame-ancestors 'self' https://*.bcg.com https://*.keysuite.com https://*.gamma-platform.com; frame-src 'self' https://*.bcg.com https://bcg01.egnyte.com https://www.113.vovici.net https://players.brightcove.net https://player.vimeo.com https://*.youtube.com https://*.trustarc.com https://bcgcloud.sharepoint.com; img-src 'self' https://track.connect.bcg.com https://heapanalytics.com https://*.trustarc.com blob: data:; media-src 'self' https://vod-progressive.akamaized.net https://player.vimeo.com https://brightcove.hs.llnwd.net https://*.media.brightcove.com https://*.bcg.com; script-src 'self' https://track.connect.bcg.com https://cdn.heapanalytics.com https://*.trustarc.com https://www.datadoghq-browser-agent.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; worker-src 'self' blob:; upgrade-insecure-requests 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.gstatic.com 02p-sitehoregional-c-p01.azurewebsites.net *.doubleclick.net api.davivienda.com.hn *.googleapis.com asistentevirtual.davivienda.com.hn davivienda-resources.s3.amazonaws.com www.google.com www.googletagmanager.com www.google.hn ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 object-src 'none'; script-src 'self' 'unsafe-eval' https://www.googletagmanager.com https://www.googleadservices.com https://www.googleoptimize.com https://www.google-analytics.com https://cookie-cdn.cookiepro.com https://munchkin.marketo.net https://script.crazyegg.com https://snap.licdn.com https://bat.bing.com https://googleads.g.doubleclick.net https://trk.techtarget.com https://tag.marinsm.com https://komito.net https://pixel-geo.prfct.co https://www.clarity.ms https://b2btagmgr.azalead.com https://*.adroll.com https://app-lon05.marketo.com https://static.addtoany.com; script-src-attr 'self'; script-src-elem 'self' https://www.googletagmanager.com 'sha256-FpNA5qjKVUpZDhy5Gnq9feQZbD33N+EF38yukPxoGas=' 'sha256-As6F+kKnguakKZJhou419i5+OTBMkVhEedCIew0+w6M=' 'sha256-0QANSs7BsNN1shZdeRMPb5HoBlkYS6c9i74X2YRSYvE=' 'sha256-e5l0JnipN+mfcgkwcsxv9nviFTygz9kKxVMGCxUA94s=' 'sha256-5TSo/ossgUVqQiI/8fxPSw8wJ57QLsfqde7c7J6Nw/c=' 'sha256-STi4MOt6ijkbM+hg8YAEqROyVsP46zQWoIrrnxe9Wco=' https://www.googleadservices.com https://www.googleoptimize.com https://www.google-analytics.com https://cookie-cdn.cookiepro.com https://munchkin.marketo.net https://view.ceros.com https://player.vimeo.com https://script.crazyegg.com https://snap.licdn.com https://m.addthis.com https://z.moatads.com https://v1.addthisedge.com 'sha256-3/mNUpqF9X/gMYE+bOG6g8d6I32wdYdWwWuAk90mPCM=' 'sha256-iqOPaRlwwgtNy7J3vh/+LSW9/QVdN+Fl+YfMS8+GcPo=' https://bat.bing.com https://googleads.g.doubleclick.net https://trk.techtarget.com https://tag.marinsm.com https://komito.net https://pixel-geo.prfct.co https://www.clarity.ms https://b2btagmgr.azalead.com https://*.adroll.com https://bam.nr-data.net https://js-agent.newrelic.com 'sha256-De2mpaFLR0YDSf4Kwof2qARuqqxurfOvrVuX1nl4SGc=' https://app-lon05.marketo.com https://static.addtoany.com; style-src 'self' 'unsafe-inline' https://app-lon05.marketo.com https://cookie-cdn.cookiepro.com https://www.googletagmanager.com https://fonts.googleapis.com; style-src-attr 'self' 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' 1 default-src 'self' https://*.wistia.com https://*.wistia.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.mxpnl.com js.arcgis.com maps.googleapis.com www.google.com/jsapi www.google-analytics.com https://*.wistia.com https://*.wistia.net https://src.litix.io d3hp7afai0nikn.cloudfront.net/v658764/; connect-src 'self' maps.googleapis.com api-js.mixpanel.com arcgis.com www.arcgis.com js.arcgis.com www.js.arcgis.com cdn.arcgis.com static.arcgis.com basemaps.arcgis.com basemaps-api.arcgis.com www.google-analytics.com stats.g.doubleclick.net https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://*.litix.io; font-src 'self' data: fonts.gstatic.com js.arcgis.com https://*.wistia.com d3hp7afai0nikn.cloudfront.net/v658764/; frame-src 'self' https://fast.wistia.com https://fast.wistia.net; style-src 'self' 'unsafe-inline' blob: fonts.googleapis.com js.arcgis.com fast.wistia.com d3hp7afai0nikn.cloudfront.net/v658764/; worker-src 'self' blob:; media-src 'self' blob data: orgwiki-app-files-prod.s3.amazonaws.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; img-src 'self' data: blob: cdn.arcgis.com *.licdn.com *.googleusercontent.com maps.gstatic.com *.twimg.com/profile_images/ www.google-analytics.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net d3hp7afai0nikn.cloudfront.net/v658764/; report-uri /csp-report; 1 default-src https: blob: wss://*.zopim.com 'unsafe-inline' 'unsafe-eval' wss://*.travelmoneyoz.com:*; frame-ancestors *.calypso.net.au *.travelmoneyoz.com; report-uri /api/csp_report; img-src https: blob: data:; font-src https: blob: data:; 1 font-src s3-eu-west-1.amazonaws.com *.klarnacdn.net *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://plumrocket.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.youtube-nocookie.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com account.fetchify.com *.facebook.net *.pinterest.com *.global-e.com https://plumrocket.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com www.xtento.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.facebook.com *.facebook.net *.pinterest.com *.bing.com *.global-e.com *.google.co.uk *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com chimpstatic.com downloads.mailchimp.com *.list-manage.com widget.freshworks.com m2epro.freshdesk.com *.facebook.com *.facebook.net *.rakuten.com *.pinimg.com *.bglobale.com *.bing.com *.global-e.com *.clarity.ms *.klarnacdn.net s7.addthis.com *.klarna.com *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.googleapis.com *.google.com *.gstatic.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com webappanalyzer.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com www.xtento.com cdn.xtento.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src downloads.mailchimp.com widget.freshworks.com m2epro.freshdesk.com cc-cdn.com *.bglobale.com *.global-e.com *.klarnacdn.net https://static.klaviyo.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com maxcdn.bootstrapcdn.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com widget.freshworks.com m2epro.freshdesk.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.global-e.com *.clarity.ms stats.g.doubleclick.net *.pinterest.com ekr.zdassets.com/ *.klarnaevt.com *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io www.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com webappanalyzer.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-xxqSxUb3URt_8podWudDFw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self'; base-uri 'self'; connect-src 'self' bam.nr-data.net sentry.io *.freshworksapi.com wss://*.freshworksapi.com www.google-analytics.com heapanalytics.com www.in-freshbots.ai *.pusher.com; font-src 'self' d2r0bfj5oxwi8g.cloudfront.net d3t6wcud4kij68.cloudfront.net d28y7gk8dndm8e.cloudfront.net data: fonts.gstatic.com use.typekit.net maxcdn.bootstrapcdn.com heapanalytics.com; frame-src 'self' *.webpush.freshchat.com *.freshreports.com wchat.freshchat.com *.freshid.io *.freshworks360.io *.chargebee.com *.myfreshworks.dev *.freshworksweb.com freshdesk.com *.freshworks.com *.int.myfreshworks.dev; img-src https: data: blob: heapanalytics.com; manifest-src 'self'; media-src 'self' https:; object-src 'none'; script-src 'report-sample' 'self' 'unsafe-eval' accounts.freshworks.com bam.nr-data.net d2r0bfj5oxwi8g.cloudfront.net d3t6wcud4kij68.cloudfront.net d28y7gk8dndm8e.cloudfront.net js-agent.newrelic.com polyfill.io wchat.freshchat.com sentry.io js.chargebee.com www.google-analytics.com *.freshworksapi.com heapanalytics.com *.heapanalytics.com fonts.googleapis.com cdn.in-freshbots.ai stats.pusher.com cdn.inlinemanual.com fe-perf-assets.freshworks.com 'unsafe-inline'; style-src 'report-sample' 'self' 'unsafe-inline' accounts.freshworks.com d2r0bfj5oxwi8g.cloudfront.net d3t6wcud4kij68.cloudfront.net d28y7gk8dndm8e.cloudfront.net wchat.freshchat.com fonts.googleapis.com cdn.in-freshbots.ai heapanalytics.com; worker-src 'self'; report-uri https://vfm4r1o44m.execute-api.us-east-1.amazonaws.com/default/FreshreleaseCSPReport 1 font-src maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ account.fetchify.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com landofcoder.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://redchamps.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com s7.addthis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com landofcoder.com https://www.googletagmanager.com tagmanager.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com cc-cdn.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk ekr.zdassets.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com landofcoder.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src https://www.gstatic.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.affirm.com *.affirm.ca https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.affirm.com *.affirm.ca *.bird.eu maps.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.affirm.com *.affirm.ca *.googleapis.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com unpkg.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src downloads.mailchimp.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.affirm.com *.affirm.ca *.googleapis.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src localhost:8080 fonts.googleapis.com fonts.gstatic.com *.fontawesome.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ https://www.googletagmanager.com/ *.google.com/ *.multisafepay.com https://pay.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com *.analytics.google.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://www.magezon.com 'self' blob: data localhost:8080 *.cookiebot.com www.logistiekconcurrent.nl bat.bing.com integrations.etrusted.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.multisafepay.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn-4.convertexperiments.com localhost:8080 bat.bing.com *.cookiebot.com widgets.trustedshops.com cdnjs.cloudflare.com www.googleoptimize.com *.hotjar.com *.appspot.com *.convertexperiments.com *.leadinfo.net http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.shoppingminds.net *.shoppingminds.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.avada.io *.google.com/ *.multisafepay.com https://pay.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com localhost:8080 fonts.googleapis.com *.appspot.com integrations.etrusted.com 'self' blob: data *.fontawesome.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.multisafepay.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com cdn-4.convertexperiments.com localhost:8080 *.hotjar.io bat.bing.com ws: *.google.com *.leadinfo.net *.appspot.com *.cookiebot.com *.convertexperiments.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.shoppingminds.net *.shoppingminds.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site https://get.geojs.io *.avada.io *.multisafepay.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src https://cdnjs.cloudflare.com *.googleapis.com use.typekit.net use.fontawesome.com *.reamaze.com yotpo-stool.s3.amazonaws.com *.useinsider.com hallwines.api.useinsider.com waltwines.api.useinsider.com bacawines.api.useinsider.com *.cloudflare.com maxcdn.bootstrapcdn.com fonts.gstatic.com *.gstatic.com 'self' data: *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com core.spreedly.com *.facebook.com *.yotpo.com swellrewards.com *.swellrewards.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com core.spreedly.com *.rfihub.com *.facebook.com live.rezync.com hallsandbox-reservations.vintegrate.com hall-reservations.vintegrate.com kazzit.com player.cnbc.com player.ooyala.com *.paperturn-view.com amc.demdex.net *.eventbee.com *.useinsider.com hallwines.api.useinsider.com waltwines.api.useinsider.com bacawines.api.useinsider.com *.yotpo.com swellrewards.com *.swellrewards.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.googleapis.com *.google.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.waltwines.com *.hallwines.com *.bacawines.com cdn.reamaze.com reamaze-prod.s3.amazonaws.com i1.wp.com data.coremetrics.com tools.luckyorange.com *.pages05.net *.bing.com t.co analytics.twitter.com *.clarity.ms *.facebook.com connect.facebook.net *.googletagmanager.com *.doubleclick.net *.adsrvr.org shareasale-analytics.com shareasale.com secure.gravatar.com *.cloudfront.net *.monetate.net px.adentifi.com *.ads.linkedin.com *.linkedin.com linkedin.com forms.hsforms.com track.hubspot.com *.hubspotusercontent-na1.net *.useinsider.com hallwines.api.useinsider.com waltwines.api.useinsider.com bacawines.api.useinsider.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.yotpo.com swellrewards.com *.swellrewards.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com 'self' data: www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.commerce7.com https://cdn.commerce7.com/v2/manifest.d29b1967fa6a16696049.js.gz https://cdn.commerce7.com/v2/vendor.84cd85564b7f2f406b66.js.gz https://cdn.commerce7.com/v2/bundle.8cf96308b65ac6590a85.js.gz core.spreedly.com *.subscribepro.com tools.luckyorange.com *.pages05.net *.nagich.com *.reamaze.com *.rfihub.net *.serving-sys.com *.cloudfront.net *.cloudflare.com bat.bing.com connect.facebook.net *.clarity.ms commercelibs.ibm.com *.brilliantcollector.com static.ads-twitter.com *.googleapis.com hall-reservations-frame.vintegrate.com *.steelhousemedia.com *.paperturn-view.com player.ooyala.com embed.typeform.com bam.nr-data.net *.monetate.net *.dwin1.com *.eventbee.com js.hsadspixel.net snap.licdn.com shareasale-analytics.com js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net js.hs-banner.com js.hsleadflows.net *.useinsider.com *.commerce7.com player.vimeo.com hallwines.api.useinsider.com waltwines.api.useinsider.com bacawines.api.useinsider.com *.clickcease.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.yotpo.com swellrewards.com *.swellrewards.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.gstatic.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.subscribepro.com cloud.typography.com tools.luckyorange.com hello.myfonts.net *.nagich.com *.typekit.net cdn.reamaze.com *.useinsider.com hallwines.api.useinsider.com waltwines.api.useinsider.com bacawines.api.useinsider.com *.cloudflare.com embed.typeform.com *.yotpo.com swellrewards.com *.swellrewards.com fonts.googleapis.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com cdn.reamaze.com 'self' 'unsafe-inline'; manifest-src *.useinsider.com hallwines.api.useinsider.com waltwines.api.useinsider.com bacawines.api.useinsider.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com https://api.commerce7.com https://portal.claritysystemsinc.com *.subscribepro.com core.spreedly.com *.luckyorange.com wss://*.luckyorange.com *.nagich.com cdn.reamaze.com *.reamaze.io wss://ws.reamaze.com hallwines.reamaze.io *.serving-sys.com am.freshrelevance.com/ wss://am.freshrelevance.com/ *.dycdn.net wss://in.visitors.live in.visitors.live *.brilliantcollector.com *.clarity.ms *.bing.com *.analytics.google.com *.cloudfront.net *.doubleclick.net bam.nr-data.net cdn.linkedin.oribi.io facebook.com *.facebook.com forms.hubspot.com forms.hscollectedforms.net *.useinsider.com *.commerce7.com api.hubapi.com px.ads.linkedin.com hallwines.api.useinsider.com waltwines.api.useinsider.com bacawines.api.useinsider.com *.claritysystemsinc.com *.waltwines.com *.hallwines.com *.bacawines.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.googleapis.com *.yotpo.com swellrewards.com *.swellrewards.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src https://cdn.checkout.com egoi.page egoi.site www.istore.pt www.istore-qa.toogas.com *.newrelic.com bam.nr-data.net bam-cell.nr-data.net cdnjs.cloudflare.com *.swogo.net *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.vimeocdn.com www.istore.pt www.istore-qa.toogas.com *.newrelic.com bam.nr-data.net bam-cell.nr-data.net googletagmanager.com facebook.com *.jotfor.ms *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://js.checkout.com *.klarna.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com egoi.page https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com www.facebook.com www.istore.pt www.istore-qa.toogas.com *.newrelic.com *.doubleclick.net *.nr-data.net bam-cell.nr-data.net *.genial.ly *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com egoimmerce.e-goi.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com vimeo.com www.google.com www.google.pt www.facebook.com www.istore.pt www.istore-qa.toogas.com *.newrelic.com *.nr-data.net bam-cell.nr-data.net *.e-goi.com *.swogo.net *.googleapis.com *.gstatic.com *.jotfor.ms *.jotform.com https://qldecommerce.cetelem.pt/ecomapi/assets/logo.png *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.checkout.com *.klarnacdn.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com e-goi.com cdn-te.e-goi.com egoi.site http://www.googletagmanager.com/ https://www.googletagmanager.com/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com connect.facebook.net www.googletagmanager.com www.google.com www.google.pt googleads.g.doubleclick.net static-tracking.klaviyo.com static-forms.klaviyo.com cdn.usehero.com api.usehero.com cdn.inspectlet.com www.istore-qa.toogas.com *.newrelic.com *.nr-data.net bam-cell.nr-data.net *.egoiapp2.com *.e-goi.com *.klarnaservices.com *.hotjar.com https://cdn.jsdelivr.net/npm/swiper@9/swiper-bundle.min.js https://cdn.jsdelivr.net/npm/swiper@9/swiper-bundle.esm.browser.min.js *.googleapis.com *.cookiefirst.com *.gstatic.com *.swogo.net *.hotjar.io *.googlesyndication.com *.jotfor.ms *.jotform.com *.jquery.com *.cloudflare.com https://qldecommerce.cetelem.pt/ecomapi/partner-checkout-element.js https://qldecommerce.cetelem.pt/ecomapi/partner-checkout-client-es5-gen.js *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.trusted.com https://cdn.checkout.com cdn.dnky.co webchat.dotdigital.com egoiapp2.com unsafe-inline *.doubleclick.net vimeo.com *.vimeocdn.com www.istore.pt www.istore-qa.toogas.com *.newrelic.com *.nr-data.net bam-cell.nr-data.net https://cdn.jsdelivr.net/npm/swiper@9/swiper-bundle.min.css *.cookiefirst.com cdnjs.cloudflare.com *.jotfor.ms *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com https://js.checkout.com *.klarnaevt.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com vimeo.com hn.inspectlet.com *.vimeocdn.com www.istore.pt www.istore-qa.toogas.com googleads.g.doubleclick.net stats.g.doubleclick.net static-forms.klaviyo.com cdn.usehero.com api.usehero.com telemetrics.klaviyo.com *.newrelic.com *.nr-data.net bam-cell.nr-data.net *.egoiapp.com egoiapp2.com *.analytics.google.com www.facebook.com *.googleapis.com *.cookiefirst.com *.gstatic.com *.swogo.net *.hotjar.io www.google.pt www.google.com google-analytics.com *.googlesyndication.com https://qldecommerce.cetelem.pt/ecommerce/v1.0/content/webcontent https://qld-api.bnpparibas-pf.pt/ecommerce/pricing https://qld-api.bnpparibas-pf.pt/ecommerce/content *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.vimeocdn.com www.istore.pt www.istore-qa.toogas.com *.newrelic.com *.nr-data.net bam-cell.nr-data.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.istore.pt/csp/report; report-to report-endpoint; 1 script-src * 'unsafe-inline' 'unsafe-eval'; script-src-attr 'self' 'unsafe-inline'; script-src-elem * 'unsafe-inline'; style-src * 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' 1 font-src *.cloudflare.com https://fonts.gstatic.com/ https://staticw2.yotpo.com/ *.typekit.net *.trustedshops.com *.fontawesome.com fonts.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://klear.com https://s7.addthis.com/ https://www.google.com/ https://player.vimeo.com/ https://bid.g.doubleclick.net/ https://8985111.fls.doubleclick.net/ https://td.doubleclick.net/ https://www.youtube.com/ https://www.facebook.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://plumrocket.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://*.googletagmanager.com https://*.teads.tv/ https://www.facebook.com/ *.klaviyo.com *.cloudfront.net *.cloudflare.com https://cdn.klarna.com *.paypal.com https://www.janmarini.com https://p.yotpo.com/ https://cdn-yotpo-images-production.yotpo.com/ blob: https://www.google.com *.doubleclick.net *.cdninstagram.com https://s.ytimg.com *.usercentrics.eu img.icons8.com cfvod.kaltura.com staticw2.yotpo.com maps.googleapis.com maps.gstatic.com meetanshi.com *.kickfire.com https://www.rumiview.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com *.fbcdn.net *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com https://f.vimeocdn.com/ www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://klear.com https://*.tiktok.com/ *.cloudflare.com *.demandbase.com *.kickfire.com *.klaviyo.com https://*.googletagmanager.com https://googleads.g.doubleclick.net/ https://www.google.com/ https://www.gstatic.com/ maps.googleapis.com https://www.googleapis.com/ https://connect.facebook.net/ https://cmp.osano.com/ https://cdn.jsdelivr.net/ https://stackpath.bootstrapcdn.com/ https://staticw2.yotpo.com/ *.trustedshops.com *.usercentrics.eu https://s7.addthis.com/ https://z.moatads.com/ https://v1.addthisedge.com/ https://m.addthis.com/ https://code.jquery.com/ https://vimeo.com/ https://cdnapisec.kaltura.com/ https://assets.adobedtm.com/ https://www.rumiview.com/ https://i.simpli.fi/ https://tag.simpli.fi/ https://www.dialogtech.com/ https://*.teads.tv/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ s7.addthis.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com js.authorize.net jstest.authorize.net ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com *.yotpo.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.klaviyo.com *.cloudflare.com *.typekit.net https://fonts.googleapis.com/ https://staticw2.yotpo.com/ *.trustedshops.com *.usercentrics.eu https://code.jquery.com/ https://cdn.jsdelivr.net/ https://static.klaviyo.com *.fontawesome.com unsafe-inline fonts.googleapis.com tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://*.tiktok.com/ https://klear.com https://*.teads.tv/ https://*.rumiview.com/ *.klaviyo.com *.doubleclick.net *.cloudflare.com https://w2.yotpo.com https://staticw2.yotpo.com/ https://*.instagram.com/ https://tattle.api.osano.com/ *.paypal.com https://app.proofo.io/ https://api.yotpo.com/ https://dpm.demdex.net/ https://www.google-analytics.com/ https://analytics.google.com/ https://bt.signifyd.com:11103/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com apitest.authorize.net jstest.authorize.net https://www.google-analytics.com *.instagram.com *.googleusercontent.com *.yotpo.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.cloudflare.com *.gstatic.com *.iconscout.com *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://www.google.com/ secure.authorize.net test.authorize.net www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com https://vars.hotjar.com/ *.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://www.magezon.com *.cloudflare.com https://stats.g.doubleclick.net/ *.cloudfront.net s.ytimg.com *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.yotpo.com *.facebook.com *.linkedin.com t.co *.google.com *.google.co.za *.adsymptotic.com *.adroll.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.googleapis.com *.google.com *.gstatic.com *.avada.io *.google.com/ *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com *.twitter.com secure.authorize.net test.authorize.net js.braintreegateway.com *.cardinalcommerce.com video.google.com *.payments-amazon.com *.payments-amazon.de *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.yotpo.com https://www.gstatic.com/ *.paypal.com www.youtube.com sibforms.com *.addtoany.com *.googleoptimize.com static.zdassets.com *.hotjar.com *.roomvo.com *.trustpilot.com connect.facebook.net snap.licdn.com static.ads-twitter.com *.adroll.com d.adroll.mgr.consensu.org https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com *.cloudflare.com *.iconscout.com *.bootstrapcdn.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com sibforms.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://*.ingest.sentry.io http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io *.cloudflare.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.yotpo.com *.zdassets.com *.zendesk.com roomvo.com wss://widget-mediator.zopim.com/ *.google-analytics.com stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.klarnacdn.net *.cloudfront.net *.klarna.com *.zdassets.com *.mekster.se *.mekster.no *.firebase.com *.zendesk.com *.gstatic.com *.googleapis.com *.tryggehandel.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mekster.se *.mekster.no *.facebook.com *.google.com *.trackedweb.net *.criteo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarna.com *.mekster.se *.mekster.no *.facebook.com *.google.com *.castrol.com *.lubricantadvisor.com *.mobil1.se *.zendesk.com *.thule.com *.criteo.com *.criteo.net *.mpmoil.se 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.mekster.se *.mekster.no *.bing.com *.doubleclick.net *.facebook.com *.google.com *.google.co.in *.ytimg.com *.gstatic.com *.redchamps.com *.cloudfront.net *.firebase.com *.zendesk.com *.googletagmanager.com *.facebook.net google-analytics.com *.googleapis.com *.tryggehandel.net cdn.cookielaw.org *.criteo.net *.criteo.com *.google.se *.google.no *.google.pl https://redchamps.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarna.com *.klarnacdn.net *.klarnaservices.com s7.addthis.com *.mekster.se *.mekster.no *.bing.com *.google.com *.gstatic.com *.adtraction.com *.adnxs.com *.googletagmanager.com *.facebook.net *.googleapis.com *.firebase.com *.zdassets.com *.zopim.com *.cloudfront.net *.zendesk.com *.criteo.net *.criteo.com *.dotdigital.com *.swagger.com *.doubleclick.net code.jquery.com tagmanager.google.com *.google-analytics.com *.googleadservices.com cdn.cookielaw.org *.onetrust.com *.tryggehandel.net *.clarity.ms 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarnacdn.net *.mekster.se *.mekster.no *.cloudfront.net *.klarna.com *.zdassets.com *.firebase.com *.zendesk.com tagmanager.google.com *.googleapis.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src *.mekster.se *.mekster.no *.cloudfront.net *.zendesk.com 'self' 'unsafe-inline'; media-src *.adobe.com *.mekster.se *.mekster.no *.klarna.com *.cloudfront.net *.zendesk.com *.zdassets.com *.zopim.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com ekr.zdassets.com/ *.mekster.se *.mekster.no *.facebook.com *.google.com *.doubleclick.net *.zopim.com *.zdassets.com *.zendesk.com *.cloudfront.net *.youtube.com *.firebase.com *.googletagmanager.com cdn.cookielaw.org *.onetrust.com insights.algolia.io *.clarity.ms *.google-analytics.com *.criteo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.ie ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com *.google-analytics.com *.analytics.google.com sanalytics.spreadshirt.ie *.spreadshirt.ie ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.google-analytics.com *.analytics.google.com *.spreadshirt.ie ; font-src 'self' https: data: *.spreadshirt.ie ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.ie ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.ie ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1 font-src cdn.jsdelivr.net fonts.gstatic.com https://fonts.gstatic.com https://ws.colissimo.fr *.fontawesome.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com *.yotpo.com *.googleapis.com *.gstatic.com *.typekit.net dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://maps.googleapis.com https://maps.gstatic.com https://ws.colissimo.fr https://*.tile.openstreetmap.fr maps.googleapis.com maps.gstatic.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.jsdelivr.net jquery.sellxed.com chimpstatic.com downloads.mailchimp.com *.list-manage.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://ws.colissimo.fr https://api.mapbox.com *.avada.io maps.googleapis.com www.gstatic.com www.google.com https://cdnjs.cloudflare.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.jsdelivr.net fonts.googleapis.com downloads.mailchimp.com https://fonts.googleapis.com https://ws.colissimo.fr https://api.mapbox.com *.fontawesome.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com *.yotpo.com *.googleapis.com *.typekit.net dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.getalma.eu www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es https://nominatim.openstreetmap.org https://get.geojs.io *.avada.io maps.googleapis.com *.yotpo.com ws: * dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 block-all-mixed-content 1 default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl https://deploy.mopinion.com https://static.hotjar.com https://script.hotjar.com https://tdn.r42tag.com https://www.google-analytics.com https://collect.mopinion.com https://www.googletagmanager.com https://www.googleoptimize.com https://static.cloud.coveo.com https://data1.ralasis.com https://optimize.google.com https://translate.googleapis.com https://translate.google.com https://dev.visualwebsiteoptimizer.com https://admin.relay42.com https://static.hotjar.com https://www.google-analytics.com https://app.vwo.com https://cdn.harvest.graindata.com;style-src 'self' 'unsafe-inline' https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl https://collect.mopinion.com https://fonts.mopinion.com https://static.cloud.coveo.com https://fonts.googleapis.com https://translate.googleapis.com https://optimize.google.com https://admin.relay42.com https://app.vwo.com;img-src data: 'self' https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl https://www.google-analytics.com https://www.gstatic.com https://i.ytimg.com https://translate.google.com https://translate.googleapis.com https://admin.relay42.com https://tdn.r42tag.com https://t.svtrd.com https://fonts.gstatic.com https://region1.google-analytics.com https://dev.visualwebsiteoptimizer.com https://www.googletagmanager.com;font-src data: 'self' https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl https://fonts.mopinion.com https://gstatic.mopinion.com https://fonts.gstatic.com;connect-src * https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl wws://*.hotjar.com https://*.hotjar.com;media-src * 'self' https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl;object-src 'none' ;child-src https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl https://t.svtrd.com/ https://vars.hotjar.com https://www.youtube-nocookie.com https://www.google.com https://www.youtube-nocookie.com https://www.google.com https://optimize.google.com https://m.youtube.com https://app.vwo.com; worker-src blob:;frame-ancestors https://www.youtube-nocookie.com https://www.google.com https://optimize.google.com https://m.youtube.com https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl https://app.vwo.com;form-action 'self' https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl https://t.svtrd.com/structure-collection https://broker.nxtid.nl;block-all-mixed-content;base-uri https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl;report-uri https://bcd8a826da9dc721f317d24ae6b9e320.ams.report-uri.com/r/t/csp/reportOnly; 1 object-src 'none';base-uri 'self';script-src 'nonce-tIccyzFfKf-pTJXglqZEow' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.facebook.net *.salesforceliveagent.com cdn.cookielaw.org *.everesttech.net *.onetrust.com assets.adobedtm.com assets.taconic.com *.demdex.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' *.intuit.com intuit.com *.quickbooks.com quickbooks.com *.square.com square.com *.squareupstaging.com squareupstaging.com *.squareup.com squareup.com *.bambee.com bambee.com *.gusto.com gusto.com *.dripos.com dripos.com *.enkempass.com enkempass.com *.miter.com miter.com *.eddy.com eddy.com *.housecallpro.com housecallpro.com *.monograph.com monograph.com *.joinwarp.com joinwarp.com *.central.inc central.inc *.7shifts.com 7shifts.com *.belfrysoftware.com belfrysoftware.com *.plane.com plane.com *.checkhq.com checkhq.com; script-src * 'unsafe-inline' 'unsafe-eval' data: blob:; report-uri https://simplyinsured.report-uri.com/r/d/csp/reportOnly 1 font-src *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com fonts.gstatic.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.googleapis.com *.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.bird.eu maps.gstatic.com maps.googleapis.com cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com maps.googleapis.com https://cdnjs.cloudflare.com payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com maps.googleapis.com payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.twitter.com www.google.com www.google.co.in www.facebook.com landofcoder.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io store.paradoxlabs.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.texmetals.com *.cloudflare.com *.gstatic.com *.google.com *.google.co.in www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net stats.g.doubleclick.net d.adroll.com pixel.advertising.com pixel.rubiconproject.com simage2.pubmatic.com dsum-sec.casalemedia.com ads.yahoo.com eb2.3lift.com sync.outbrain.com trc.taboola.com x.bidswitch.net/sync ib.adnxs.com idsync.rlcdn.com us-u.openx.net ups.analytics.yahoo.com segments.company-target.com sync.tidaltv.com img.riskified.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ s7.addthis.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com connect.facebook.net *.paypalobjects.com *.googletagmanager.com s.adroll.com d.adroll.com d.adroll.mgr.consensu.org *.bootstrapcdn.com cdn.socket.io beacon.riskified.com mouseflow.com cdn.mouseflow.com widget.nfusionsolutions.com landofcoder.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' style *.cloudflare.com *.googleapis.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.youtube.com *.bootstrapcdn.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cloudflare.com *.twitter.com *.twimg.com *.google-analytics.com *.facebook.com websocket.texmetals.com wss://websocket.texmetals.com ws-so-staging.texmetals.com wss://ws-so-staging.texmetals.com *.riskified.com *.mouseflow.com landofcoder.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri {{baseUrl}}; report-to report-endpoint; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.gbgplc.com *.gstatic.com *.linkedin.com prompts.maze.co *.facebook.net services.postcodeanywhere.co.uk *.hubspot.com scout.us4.salesloft.com snippet.maze.co cdnjs.cloudflare.com www.google.co.uk *.onetrust.com www.google.com *.wistia.com unpkg.com ipv6.6sc.co b.6sc.co c.6sc.co j.6sc.co appapi.loqate.com *.azure.com www.googletagmanager.com *.hotjar.com monitor.clickcease.com *.facebook.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 object-src 'none';base-uri 'self';script-src 'nonce-w4kluKetKgbwbI23lFjt5Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-fk4mZJ0Qs0-NOO4wu1Y6Mw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 report-uri https://cspevents.azurewebsites.net/api/collect;default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.scope.ne.jp *.pay.jp stscopestatics001.blob.core.windows.net scope-files.s3.amazonaws.com *.rakuten.co.jp ui.customsearch.ai hosteduxprod.blob.core.windows.net cdnjs.cloudflare.com www.googletagmanager.com www.google-analytics.com analytics.google.com *.analytics.google.com www.google.co.jp func-bbs-scope-stage-japaneast.azurewebsites.net func-bbs-scope-prod-japaneast.azurewebsites.net *.youtube.com yt.ggpht.com *.gstatic.com i.ytimg.com static.doubleclick.net stats.g.doubleclick.net www.facebook.com connect.facebook.net player.vimeo.com td.doubleclick.net js-agent.newrelic.com bam.nr-data.net 1 object-src 'none';base-uri 'self';script-src 'nonce-Te9ojZpNLI10flbf5xatAg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 img-src https://higherlogicdownload.s3.amazonaws.com/AUVSI/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AUVSI/ https://img.youtube.com/vi/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/AUVSI/ https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ fonts.googleapis.com https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AUVSI/ https://higherlogicdownload.s3.amazonaws.com/AUVSI/ https://higherlogiclongterm.s3.amazonaws.com/AUVSI/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ higherlogiccloudfront.s3.amazonaws.com fonts.googleapis.com https://higherlogicdownload.s3.amazonaws.com/AUVSI/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AUVSI/ 'self' https://higherlogiclongterm.s3.amazonaws.com/AUVSI/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; media-src https://higherlogiclongterm.s3.amazonaws.com/AUVSI/ https://higherlogicdownload.s3.amazonaws.com/AUVSI/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AUVSI/ https://higherlogicstream.s3.amazonaws.com/AUVSI/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/AUVSI/ https://higherlogicdownload.s3.amazonaws.com/AUVSI/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d132x6oi8ychic.cloudfront.net cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AUVSI/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; script-src-elem https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d3uf7shreuzboy.cloudfront.net/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; worker-src 'self'; frame-src https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; default-src 'self'; base-uri 'self'; connect-src 'self' hl-managedservices.informz.net; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 1 font-src fonts.googleapis.com fonts.gstatic.com static.klaviyo.com maxcdn.bootstrapcdn.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.meetanshi.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com platform.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.devdomain.io *.sessioncam.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io cdnjs.cloudflare.com services.postcodeanywhere.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://meetanshi.com/media/logo.png *.meetanshi.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.feefo.com *.gstatic.com 'self' data: *.bakerdays.com *.bing.com *.t.co *.sessioncam.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.pcapredict.com services.postcodeanywhere.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.meetanshi.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com twitter.com platform.twitter.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com https://chimpstatic.com *.feefo.com *.pinimg.com *.ads-twitter.com *.twitter.com *.cloudfront.net *.sessioncam.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com services.postcodeanywhere.co.uk https://static.klaviyo.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com services.postcodeanywhere.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.meetanshi.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.doubleclick.net *.feefo.com https://www.google-analytics.com *.sessioncam.com www.googleapis.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com maxcdn.bootstrapcdn.com *.cloudfront.net *.reviews.co.uk *.stagescycling.com *.bugherd.com *.cloudflare.com data: *.google.co.uk *.google.com google.com *.googleusercontent.com *.facebook.net *.braintree-api.com *.braintreegateway.com *.sciencebehindecommerce.com *.dwin1.com *.awin1.com *.zenaps.com *.acsbapp.com acsbapp.com *.accessibe.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.icomoon.io *.reviews.io www.googletagmanager.com googletagmanager.com tagmanager.google.com *.pinterest.com *.pinimg.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com *.cybersource.com *.cardinalcommerce.com *.paypal.com https://plumrocket.com *.reviews.io *.reviews.co.uk *.affirm.com *.bluesnap.com *.braintree-api.com *.braintreegateway.com data: *.facebook.net *.klarnaevt.com *.klarnacdn.net *.klarna.com www.googletagmanager.com googletagmanager.com tagmanager.google.com *.postaffiliatepro.com *.sharethis.com *.sleeknote.com *.sciencebehindecommerce.com *.dwin1.com *.awin1.com *.zenaps.com *.acsbapp.com acsbapp.com *.accessibe.com *.pinterest.com *.pinimg.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.sharethis.com *.google.com *.doubleclick.net *.facebook.com *.affirm.com *.affirm.ca *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com *.mention-me.com *.cybersource.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://plumrocket.com *.reviews.co.uk *.stagescycling.com *.acsbapp.com acsbapp.com *.accessibe.com *.bluesnap.com *.cloudflare.com *.google.co.uk google.com *.gstatic.com *.googleapis.com *.googleusercontent.com *.googlesyndication.com *.facebook.net data: *.reviews.io *.braintreegateway.com *.kaptcha.com *.paypalobjects.com *.braintree-api.com *.geoplugin.net *.tagserve.com *.klarnaevt.com *.klarnacdn.net *.klarna.com www.googletagmanager.com googletagmanager.com tagmanager.google.com *.bugherd.com *.zenaps.com *.hotjar.com *.arcot.com *.pinterest.com *.pinimg.com *.sleeknote.com *.trackjs.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.sharethis.com *.googleapis.com *.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ flagpedia.net store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudfront.net *.reviews.co.uk *.stagescycling.com *.acsbapp.com acsbapp.com *.accessibe.com *.bluesnap.com *.cloudflare.com *.google.co.uk google.com *.googleusercontent.com *.googlesyndication.com *.google-analytics.com *.googleadservices.com *.ytimg.com *.paypalobjects.com blob: *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.online-metrix.net *.payments-amazon.com *.reviews.io *.geoplugin.net *.tagserve.com *.klarnaevt.com *.klarnacdn.net *.klarna.com googletagmanager.com tagmanager.google.com *.sleeknote.com *.bing.com *.awin.com *.awin1.com *.dwin1.com *.magentocommerce.com *.zenaps.com *.trackjs.com *.hotjar.com *.arcot.com *.pinterest.com *.pinimg.com maps.googleapis.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com *.googleapis.com *.gstatic.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.affirm.com *.affirm.ca *.online-metrix.net testflex.cybersource.com flex.cybersource.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ player.vimeo.com *.mention-me.com maps.googleapis.com *.cardinalcommerce.com h.online-metrix.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.reviews.io *.reviews.co.uk *.stagescycling.com *.avmws.com *.cloudflare.com *.cloudflareinsights.com *.clarity.ms *.google.co.uk google.com 'unsafe-eval' *.googleadservices.com *.googlesyndication.com *.googletagservices.com googletagmanager.com tagmanager.google.com *.trackedlink.net *.trackedweb.net *.bluesnap.com *.braintree-api.com *.braintreegateway.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klaviyo.com *.paypalobjects.com data: *.pcapredict.com *.postaffiliatepro.com *.postcodeanywhere.co.uk *.pinterest.com *.pinimg.com *.segment.com *.sleeknote.com *.trackjs.com *.xtento.com *.sciencebehindecommerce.com *.dwin1.com *.awin1.com *.zenaps.com *.acsbapp.com acsbapp.com *.accessibe.com *.termly.io ajax.googleapis.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://static.klaviyo.com maxcdn.bootstrapcdn.com unsafe-inline *.cloudfront.net *.reviews.co.uk *.stagescycling.com *.affirm.com *.cloudflare.com *.google.co.uk *.google.com google.com *.googleusercontent.com *.googlesyndication.com *.facebook.net data: 'unsafe-inline' *.icomoon.io *.paypal.com *.reviews.io *.braintree-api.com *.braintreegateway.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klaviyo.com *.pinterest.com *.pinimg.com www.googletagmanager.com googletagmanager.com tagmanager.google.com *.sleeknote.com *.sciencebehindecommerce.com *.dwin1.com *.awin1.com *.zenaps.com *.acsbapp.com acsbapp.com *.accessibe.com 'self' 'unsafe-inline'; object-src *.stagescycling.com *.cloudflare.com *.google.co.uk *.google.com google.com *.gstatic.com *.googleapis.com *.googleusercontent.com *.googletagmanager.com *.doubleclick.net *.googleadservices.com *.googlesyndication.com *.googletagservices.com *.arcot.com *.pinterest.com *.pinimg.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.mention-me.com www.gstatic.com maps.googleapis.com *.cardinalcommerce.com h.online-metrix.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.stagescycling.com *.acsbapp.com acsbapp.com *.accessibe.com *.bing.com *.bluesnap.com *.bugherd.com *.bugsnag.com *.clarity.ms *.cloudflare.com data: *.google.co.uk google.com *.gstatic.com *.googleusercontent.com *.googlesyndication.com googletagmanager.com tagmanager.google.com about: *.doubleclick.net *.braintreegateway.com *.klaviyo.com *.postaffiliatepro.com *.pusherapp.com api.segment.io *.segment.com *.segment.io *.sleeknote.com *.trackjs.com *.rollbar.com *.sciencebehindecommerce.com *.dwin1.com *.awin1.com *.zenaps.com *.googleadservices.com *.pinterest.com *.pinimg.com *.termly.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com *.stagescycling.com *.cloudflare.com *.youtube.com *.google.co.uk *.google.com google.com *.gstatic.com *.googleapis.com *.googleusercontent.com *.doubleclick.net *.googlesyndication.com www.googletagmanager.com googletagmanager.com tagmanager.google.com data: blob: *.arcot.com *.pinterest.com *.pinimg.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://stagescycling.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1 default-src 'self'; img-src 'self' data: 'unsafe-eval' https://cdn.rand.com https://s1749.t.eloqua.com https://cihost.uberflip.com https://dpm.demdex.net https://idsync.rlcdn.com https://sync.crwdcntrl.net https://match.adsrvr.org https://ps.eyeota.net https://px.ads.linkedin.com https://b.6sc.co https://ml314.com https://chatserver12.comm100.io https://www.google.com https://www.google.ca https://www.google-analytics.com https://insights.sitesearch360.com https://content.cdntwrk.com https://i.ytimg.com https://app.cdntwrk.com https://blogs.rand.com https://vue.comm100.com https://www.googletagmanager.com https://bat.bing.com https://tags.bluekai.com https://cm.g.doubleclick.net https://ws.rqtrk.eu https://pippio.com https://pixel.tapad.com https://dmp.adform.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bat.bing.com https://googleads.g.doubleclick.net https://ajax.aspnetcdn.com https://img.en25.com/i/elqCfg.min.js https://img.en25.com/i/elqCfg.min.js https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://cdnjs.cloudflare.com https://cdn.sitesearch360.com/ https://j.6sc.co/6si.min.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://vue.comm100.com https://ml314.com https://415621.tctm.xyz/t.js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://content.cdntwrk.com; connect-src 'self' https://www.google-analytics.com https://c.6sc.co https://ipv6.6sc.co https://stats.g.doubleclick.net https://chatserver12.comm100.io https://cdn.linkedin.oribi.io https://analytics.google.com https://epsilon.6sense.com https://insights.sitesearch360.com ; font-src 'self' data: https://fonts.gstatic.com https://vue.comm100.com; frame-src 'self' https://www.youtube-nocookie.com https://www.google.com; 1 default-src 'self' fonts.gstatic.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com ctrack.trafficjunky.net geo-tracker.smadex.com 'self' https://newassets.hcaptcha.com;;style-src 'self' 'unsafe-inline' fonts.googleapis.com;script-src 'self' 'unsafe-inline' *.googletagmanager.com mc.yandex.ru *.google-analytics.com *.youtube.com mc.yandex.com mc.yandex.ru *.google.com *.gstatic.com *.mightytips.com my.rtmark.net *.hybrid.ai https://*.g.doubleclick.net ctrack.trafficjunky.net geo-tracker.smadex.com;img-src * data:;font-src 'self' fonts.gstatic.com;connect-src 'self' mc.yandex.ru *.analytics.google.com *.google-analytics.com doubleclick.net *.googletagmanager.com mc.yandex.com mc.yandex.ru mc.yandex.md yandexmetrica.com *.mightytips.com https://*.g.doubleclick.net ctrack.trafficjunky.net geo-tracker.smadex.com https://analytics.google.com;frame-src 'self' *.youtube.com *.instagram.com *.twitter.com *.yandex.com *.google.com my.rtmark.net *.hybrid.ai https://*.g.doubleclick.net ctrack.trafficjunky.net geo-tracker.smadex.com 'self' https://newassets.hcaptcha.com;;script-src-elem 'self' 'unsafe-inline' *.instagram.com *.googletagmanager.com *.yandex.ru *.google-analytics.com *.twitter.com *.youtube.com mc.yandex.com *.google.com *.gstatic.com mc.yandex.ru *.mightytips.com my.rtmark.net *.hybrid.ai https://*.g.doubleclick.net ctrack.trafficjunky.net geo-tracker.smadex.com track.trackingtraffo.com https://www.hcaptcha.com/1/api.js;frame-ancestors 'self'; report-uri /cspreport.php 1 font-src https://js.klevu.com *.googleapis.com *.hotjar.com dhv2ziothpgrr.cloudfront.net *.klevu.com *.ksearchnet.com use.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com *.yotpo.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.ometria.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com account.fetchify.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.hotjar.com https://9957200.fls.doubleclick.net https://danv01ao0kdr2.cloudfront.net https://dj3zaulksz6yg.cloudfront.net *.brandlock.io *.braintreegateway.com *.klarna.com https://accounts.google.com *.mention-me.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://www.incontinencechoice.co.uk https://prod.choiceadmin.co.uk https://staging.choiceadmin.co.uk https://admin.vivactive.com https://trk.ometria.com *.brandlock.io https://www.google.com https://bat.bing.com https://pixel.quantserve.com https://www.facebook.com *.googleapis.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://s3-eu-west-1.amazonaws.com dhv2ziothpgrr.cloudfront.net *.klevu.com *.ksearchnet.com *.yotpo.com swellrewards.com *.swellrewards.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://cdn.ometria.com *.hotjar.com https://polyfill.io https://js.klevu.com/ https://bat.bing.com https://secure.quantserve.com https://www.gstatic.com https://connect.facebook.net https://dj3zaulksz6yg.cloudfront.net *.brandlock.io https://cdn-ukwest.onetrust.com https://geolocation.onetrust.com https://songbirdstag.cardinalcommerce.com https://www.googleoptimize.com https://cdn.oribi.io https://app.factors.ai https://rules.quantcount.com https://googleads.g.doubleclick.net https://www.clarity.ms *.googleapis.com https://www.googletagmanager.com/gtag/js *.klarna.com *.klarnacdn.net https://accounts.google.com https://tag.rmp.rakuten.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net js.klevu.com *.ksearchnet.com *.mention-me.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cc-cdn.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.hotjar.com https://accounts.google.com https://www.gstatic.com dhv2ziothpgrr.cloudfront.net *.klevu.com *.ksearchnet.com *.yotpo.com swellrewards.com *.swellrewards.com fonts.googleapis.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://payments.sandbox.braintree-api.com https://api.sandbox.braintreegateway.com https://origin-analytics-sand.sandbox.braintree-api.com/ https://danv01ao0kdr2.cloudfront.net *.brandlock.io https://cdn-ukwest.onetrust.com https://privacyportal-uk.onetrust.com *.google-analytics.com https://stats.g.doubleclick.net https://www.paypal.com https://geolocation.onetrust.com *.hotjar.com *.hotjar.io wss://*.hotjar.com https://api.factors.ai https://b.clarity.ms *.googleapis.com *.klarnaevt.com https://accounts.google.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com *.klevu.com *.ksearchnet.com *.mention-me.com *.ometria.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.stripe.com *.google.com *.sagepay.com maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.gstatic.com *.googleapis.com *.doofinber.com *.typekit.net *.twimg.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.stripe.com *.google.com *.sagepay.com *.nosto.com *.nos.to *.twitter.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com *.stripe.com *.google.com *.sagepay.com account.fetchify.com *.nosto.com *.nos.to *.twitter.com *.trustpilot.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.rvvuptech.com *.clearpay.co.uk *.sandbox.paypal.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.trackedlink.net *.stripe.com *.google.com ebizmarts-website.s3.amazonaws.com *.paypal.com *.sagepay.com https://images.unsplash.com *.nosto.com *.nos.to *.mad4tools.com *.mad4tools.test *.cloudflare.com *.googleadservices.com *.google-analytics.com *.google.co.uk *.twitter.com t.co *.twimg.com *.ytimg.com *.usercentrics.eu *.particularaudience.com *.bing.com *.pinterest.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.afterpay.com *.sandbox.paypal.com *.stats.paypal.com ts.tradetracker.net www.magmodules.eu *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal *.stripe.com *.google.com *.sagepay.com *.nosto.com *.nos.to *.mad4tools.com *.mad4tools.test *.trustpilot.com *.cloudflare.com *.twitter.com *.ads-twitter.com *.facebook.com *.gstatic.com *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.doofinber.com *.bing.com *.clarity.ms *.twimg.com *.fontawesome.com *.particularaudience.com static.zdassets.com assets.zendesk.com mad4tools.zdassets.com *.paypal.com *.paypalobjects.com *.cloudiq.com *.pinimg.com *.attn.tv js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.afterpay.com *.sandbox.paypal.com tm.tradetracker.net https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.stripe.com *.google.com *.sagepay.com cc-cdn.com maxcdn.bootstrapcdn.com *.nosto.com *.nos.to *.mad4tools.com *.mad4tools.test *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.fontawesome.com *.particularaudience.com unsafe-inline assets.braintreegateway.com *.trustpilot.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.stripe.com *.google.com *.paypal.com *.sagepay.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.nosto.com *.nos.to *.cloudflare.com *.twitter.com *.twimg.com *.particularaudience.com *.pinterest.com *.attentivemobile.com *.attn.tv *.zdassets.com *.zendesk.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com *.sandbox.paypal.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-inline' upload.bazar.at asset.bazar.at static.kurier.at *.googletagservices.com *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.googleapis.com *.gstatic.com *.google.com *.google.at *.google.de *.google.sk *.privacy-center.org *.hotjar.com *.doubleclick.net *.openstreetmap.fr *.addthis.com cdn.ampproject.org; connect-src 'self' upload.bazar.at asset.bazar.at static.kurier.at *.googletagservices.com *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.googleapis.com *.gstatic.com *.google.com *.google.at *.google.de *.google.sk *.privacy-center.org *.hotjar.com *.doubleclick.net *.openstreetmap.fr *.addthis.com cdn.ampproject.org; base-uri 'self'; form-action 'self'; img-src 'self' data: upload.bazar.at asset.bazar.at static.kurier.at *.googletagservices.com *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.googleapis.com *.gstatic.com *.google.com *.google.at *.google.de *.google.sk *.privacy-center.org *.hotjar.com *.doubleclick.net *.openstreetmap.fr *.addthis.com cdn.ampproject.org; script-src 'self' 'unsafe-inline' upload.bazar.at asset.bazar.at static.kurier.at *.googletagservices.com *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.googleapis.com *.gstatic.com *.google.com *.google.at *.google.de *.google.sk *.privacy-center.org *.hotjar.com *.doubleclick.net *.openstreetmap.fr *.addthis.com cdn.ampproject.org; 1 script-src 'self' 'unsafe-eval' https://cdn.cookielaw.org mdbootstrap.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://snap.licdn.com https://stats.webleads-tracker.com https://get.smart-data-systems.com https://s.yimg.com https://connect.facebook.net https://bat.bing.com https://sp.analytics.yahoo.com https://eqy.link https://secure.wait8hurl.com https://cdn.cookielaw.org https://www.googleadservices.com mdbootstrap.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com mdbootstrap.com use.fontawesome.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' 1 object-src 'none';base-uri 'self';script-src 'nonce-PD_rttiMb-1d7jQzJFgFMw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-aA2CrVPWb6OMK0gNa5PA8w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-822Brd-wA-4myj_gSOlsbQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src fonts.gstatic.com use.typekit.net https://fonts.gstatic.com https://ws.colissimo.fr *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com api.bazaarvoice.com stg.api.bazaarvoice.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com https://www.youtube.com *.pinterest.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.adyen.com https://maps.googleapis.com https://maps.gstatic.com https://ws.colissimo.fr https://*.tile.openstreetmap.fr *.trustedshops.com docker.creative-serving.com *.gstatic.com trkr.shoppingminds.net bam.nr-data.net *.googleapis.com *.google.* *.etrusted.com *.pinterest.com bat.bing.com *.facebook.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com cdn.doofinder.com https://img.youtube.com blob: www.google.ge *.google.com *.google.co.uk *.google.ca www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com ts.tradetracker.net www.magmodules.eu data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.adyen.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://ws.colissimo.fr https://api.mapbox.com *.trustedshops.com *.etrusted.com *.kk-resources.com *.googleoptimize.com cdn.cookielaw.org l.getsitecontrol.com script.shoppingminds.com script.shoppingminds.net js-agent.newrelic.com bam.nr-data.net static.hotjar.com script.hotjar.com s2.getsitecontrol.com *.google.* *.pinterest.com s.pinimg.com analytics.topdrinks.nl analytics.topdrinks.fr analytics.topdrinks.dk analytics.topdrinks.de analytics.topdrinks.at analytics.topdrinks.be *.googletagmanager.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com cdn.doofinder.com s7.addthis.com https://connect.facebook.net analytics.tiktok.com *.google.fr *.google.com *.google.co.uk *.google.ca js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com tm.tradetracker.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net https://fonts.googleapis.com https://ws.colissimo.fr https://api.mapbox.com *.etrusted.com *.google.* *.pinterest.com display.ugc.bazaarvoice.com *.doofinder.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net 'self' 'unsafe-inline'; manifest-src plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.adyen.com https://nominatim.openstreetmap.org *.google.lk analytics.topdrinks.nl analytics.topdrinks.fr analytics.topdrinks.dk analytics.topdrinks.de analytics.topdrinks.at analytics.topdrinks.be cdn.cookielaw.org geolocation.onetrust.com *.g.doubleclick.net l.getsitecontrol.com *.shoppingminds.net *.google.com *.googleapis.com bam.nr-data.net cdn1.api.trustedshops.com pay.google.com privacyportal-de.onetrust.com vc.hotjar.io events.getsitectrl.com *.etrusted.com *.pinterest.com *.google-analytics.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.doofinder.com wss://*.doofinder.com ekr.zdassets.com/ analytics.tiktok.com https://analytics.tiktok.com *.google.fr *.google.co.uk *.google.ca api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' blob: data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google-analytics.com https://*.matomo.cloud https://googleads.g.doubleclick.net https://connect.facebook.net https://az416426.vo.msecnd.net https://www.googleadservices.com https://www.googletagmanager.com https://static-resource.com https://cdn-javascript.net https://tpc.googlesyndication.com https://www.google.com https://tagmanager.google.com https://translate.googleapis.com https://translate.google.com https://u-verdier-test.byggforsk.no https://u-verdier-beta.byggforsk.no https://u-verdier.byggforsk.no https://matomojs.trackify.info https://www.youtube.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://translate.googleapis.com https://tagmanager.google.com https://fonts.googleapis.com https://u-verdier-test.byggforsk.no https://u-verdier-beta.byggforsk.no https://u-verdier.byggforsk.no https://cdn.jsdelivr.net;img-src 'self' https: data: https://www.facebook.com;frame-src https://www.youtube.com https://www.facebook.com https://www.googletagmanager.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net;font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com;connect-src 'self' https://*.google-analytics.com https://dc.services.visualstudio.com https://www.facebook.com https://connect.facebook.net https://stats.g.doubleclick.net https://stats.g.doubleclick.net/j/collect https://www.google.com https://www.bing.com https://no.api4load.com https://data.brreg.no https://adservice.google.com https://api.bring.com https://translate.google.com https://u-verdier-test.byggforsk.no https://u-verdier-beta.byggforsk.no https://u-verdier.byggforsk.no https://sintef.matomo.cloud/matomo.php https://fonts.googleapis.com https://ewrkoyhc.api.sanity.io https://admin.kotobee.com;report-uri https://byggforsk.report-uri.com/r/d/csp/reportOnly 1 upgrade-insecure-requests; default-src 'self' data: 'unsafe-inline'; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.googletagmanager.com connect.facebook.net platform.twitter.com *.twimg.com platform.linkedin.com cdnjs.cloudflare.com s.ytimg.com; script-src-elem 'self' data: 'unsafe-inline' *.google-analytics.com *.googletagmanager.com *.googleapis.com translate.google.com; connect-src 'self' data: 'unsafe-inline' *.googleapis.com *.google-analytics.com *.googletagmanager.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com platform.twitter.com *.twimg.com cdnjs.cloudflare.com; img-src 'self' data: blob: mosaico.io *.google.com *.googleapis.com *.gstatic.com www.facebook.com *.twitter.com *.twimg.com yt3.ggpht.com i.ytimg.com *.mailchimp.com *.global.ssl.fastly.net www.legalmomentum.org lm-vatraining.org; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com themes.googleusercontent.com; frame-src 'self' data: *.google.com www.facebook.com platform.twitter.com syndication.twitter.com www.youtube.com *.soundcloud.com *.vimeo.com; worker-src 'self' data: blob: platform.twitter.com www.facebook.com www.youtube.com cdn.gtranslate.net 1 font-src *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.fontawesome.com *.gstatic.com 'self' data: https://widgets.trustedshops.com https://integrations.etrusted.com *.yotpo.com *.googleapis.com dov2wmtwbx0y8.cloudfront.net data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com dov2wmtwbx0y8.cloudfront.net 'self' 'unsafe-inline'; frame-ancestors dov2wmtwbx0y8.cloudfront.net 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.awin1.com *.zenaps.com *.fls.doubleclick.net *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.wesupply.xyz *.yotpo.com dov2wmtwbx0y8.cloudfront.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com www.facebook.com *.awin1.com *.zenaps.com https://www.magezon.com googletagmanager.com *.googletagmanager.com tagmanager.google.com *.tagmanager.google.com google.com *.google.com google.at *.google.at google.ru *.google.ru google.com.ua *.google.com.ua google-analytics.com *.google-analytics.com doubleclick.net *.doubleclick.net *.g.doubleclick.net stats.g.doubleclick.net bid.g.doubleclick.net babauba.de 'self' data: https://widgets.trustedshops.com https://integrations.etrusted.com www.xtento.com cdn.xtento.com *.yotpo.com dov2wmtwbx0y8.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com www.facebook.com connect.facebook.net graph.facebook.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com googletagmanager.com *.googletagmanager.com tagmanager.google.com *.tagmanager.google.com google.com *.google.com google.at *.google.at google-analytics.com *.google-analytics.com doubeclick.net *.doubeclick.net *.g.doubleclick.net stats.g.doubleclick.net bid.g.doubleclick.net *.newrelic.com bam.eu01.nr-data.net https://www.googletagmanager.com https://polyfill.io *.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com *.cloudflare.com www.xtento.com cdn.xtento.com *.yotpo.com dov2wmtwbx0y8.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com googletagmanager.com *.googletagmanager.com tagmanager.google.com *.tagmanager.google.com google.com *.google.com google.at *.google.at google-analytics.com *.google-analytics.com doubleclick.net *.doubleclick.net *.g.doubleclick.net stats.g.doubleclick.net bid.g.doubleclick.net *.fontawesome.com *.googleapis.com *.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com *.yotpo.com dov2wmtwbx0y8.cloudfront.net 'self' 'unsafe-inline'; object-src dov2wmtwbx0y8.cloudfront.net 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com www.facebook.com dov2wmtwbx0y8.cloudfront.net 'self' 'unsafe-inline'; manifest-src dov2wmtwbx0y8.cloudfront.net 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com connect.facebook.net graph.facebook.com https://the.sciencebehindecommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.doubleclick.net google-analytics.com *.google-analytics.com *.newrelic.com bam.eu01.nr-data.net t.elasticsuite.io *.trustedshops.com *.etrusted.com *.yotpo.com dov2wmtwbx0y8.cloudfront.net 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com dov2wmtwbx0y8.cloudfront.net http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com dov2wmtwbx0y8.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri dov2wmtwbx0y8.cloudfront.net 'self' 'unsafe-inline'; 1 script-src 'self' https://script.hotjar.com https://static.hotjar.com https://static.axept.io https://tr.snapchat.com https://code.jquery.com https://cdnjs.cloudflare.com https://uicdn.toast.com https://blueimp.github.io https://cdn-app.myLi.io/ https://tarteaucitron.io 'unsafe-inline' 'unsafe-eval' data: https://js.stripe.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://sc-static.net https://connect.facebook.net https://google.fr https://www.facebook.com https://analytics.tiktok.com https://try.abtasty.com ; img-src 'self' data: blob: https://axeptio.imgix.net https://pictures.myLi.io https://tarteaucitron.io https://www.google.fr https://www.facebook.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://uicdn.toast.com ; report-uri /repository/csppolicyviolationreporter.php 1 default-src 'self'; img-src 'self' data: blob: https:; media-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.chempoint.com https://cms.chempoint.com https://go.chempoint.com https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://munchkin.marketo.net https://app-ab23.marketo.com https://script.infinity-tracking.com https://bat.bing.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://cdn.sajari.com https://consent.trustarc.com https://apps.mypurecloud.com https://a.quora.com https://solutions.invocacdn.com https://pnapi.invoca.net https://j.6sc.co https://cdn.sajari.net https://ajax.cloudflare.com https://cdn.sajari.net https://connect.facebook.net; connect-src 'self' https://www.chempoint.com https://cms.chempoint.com https://go.chempoint.com https://www.google.com https://www.google-analytics.com https://analytics.google.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://964-znr-442.mktoresp.com https://script.infinity-tracking.com https://web.lon.infinity-tracking.com https://nas.lon.infinity-tracking.com https://ict.infinity-tracking.net https://bat.bing.com https://ipv6.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://jsonapi.sajari.net https://secure.adnxs.com https://ipapi.co https://pnapi.invoca.net https://964-znr-442.mktoutil.com https://c.6sc.co https://adservice.google.com https://region1.analytics.google.com https://ajax.cloudflare.com https://epsilon-globalaccelerator.6sense.com https://q.quora.com https://api.mypurecloud.com https://api.mypurecloud.ie wss://streaming.mypurecloud.com wss://streaming.mypurecloud.ie; style-src 'self' 'unsafe-inline' https://www.chempoint.com https://cms.chempoint.com https://go.chempoint.com https://apps.mypurecloud.com https://www.gstatic.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; font-src 'self' data: https://www.chempoint.com https://cms.chempoint.com https://go.chempoint.com https://apps.mypurecloud.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; frame-src 'self' https://go.chempoint.com https://td.doubleclick.net https://www.youtube.com https://iframe.dacast.com https://www.googletagmanager.com https://consent-pref.trustarc.com; frame-ancestors 'self' https://cmsdev.chempoint.net https://cms.chempoint.com; report-uri https://chempoint.report-uri.com/r/t/csp/reportOnly; report-to csp-endpoint 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: vc.hotjar.io www.google.com.br corretoronlinenoticias.com.br *.doubleclick.net www.youtube.com www.googletagmanager.com *.gstatic.com analytics.google.com i.ytimg.com w.soundcloud.com *.googleapis.com *.hotjar.com content.hotjar.io metrics.hotjar.io open.spotify.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 object-src 'none';base-uri 'self';script-src 'nonce-dcfMxlpxKGqaufc0upWBeg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src fonts.gstatic.com use.typekit.net *.gstatic.com *.typekit.net *.fontawesome.com *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * js.stripe.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://*.doubleclick.net https://*.google.com https://*.hotjar.com *.trustpilot.com *.twitter.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net data: *.trackedlink.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com validate.fishpig.co.uk https://*.doubleclick.net https://*.google.com https://*.google.co.uk *.cloudfront.net https://redchamps.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com js.stripe.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com widget.freshworks.com m2epro.freshdesk.com https://*.pcapredict.com/js/sensor.js https://www.googletagmanager.com https://www.google.com *.gstatic.com https://*.hotjar.com https://*.doubleclick.net https://secure.leadforensics.com https://*.googleapis.com *.avada.io *.trustpilot.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com downloads.mailchimp.com widget.freshworks.com m2epro.freshdesk.com https://*.googleapis.com *.typekit.net *.fontawesome.com *.trustpilot.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com webchat.dotdigital.com webchat.staging.dotdigital.com widget.freshworks.com m2epro.freshdesk.com https://*.hotjar.com https://*.adobedc.net https://*.nr-data.net https://get.geojs.io *.avada.io *.cloudflare.com *.twitter.com *.twimg.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri https://blogun.report-uri.io/r/default/csp/reportOnly 1 object-src 'none';base-uri 'self';script-src 'nonce-hafESayUx6nJ_So6c7-fLg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-PkIlvLr6_N91uUVNtv3gWQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-Rzw-pqd9SyyMdegyBoCNhw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-8psZYi9w5iSZLsaxzOv_tg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-4aZaSB6nor6ZNtK6gDj-sw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-xR0pQeAr0cyZvKAPxEuDtA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-5-5QIaaX01cFf5lWYwaTTQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-LG17RKk1I9j1RELZtY1-8A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-e51KbN-fuaYlRHDevXhPug' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/verily 1 object-src 'none';base-uri 'self';script-src 'nonce-RvNWEQTqduTAY1q78k9mBA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-aH5ssQrTGBhy0-u7MMWpeg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-CDyUbffQriAZyuxofYmFMA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-1yOKVj5Vv57ybpxsONjRfQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' *.leaseplan.com *.leaseplandigital.com *.leaseplan.io; script-src 'unsafe-inline' https: 'nonce-iI5EbhDOR7tg5wB+7yGcXw==' 'strict-dynamic'; connect-src 'self' *.ayvens.com *.leaseplan.com edge.adobedc.net ad.doubleclick.net adservice.google.com api.realytics.io api.rudderlabs.com bat.bing.com bis.blastingnews.com browser-http-intake.logs.datadoghq.eu *.browser-intake-datadoghq.eu cdn.cookielaw.org cdn.imagin.studio cdn.linkedin.oribi.io content.hotjar.io csmetrics.hotjar.com geolocation.onetrust.com *.clarity.ms in.hotjar.com leaseplan-dataplane.rudderstack.com m.realytics.io optanon.blob.core.windows.net privacyportal-de.onetrust.com region1.google-analytics.com s.yimg.com sentry-proxy.hotjar.com service.giosg.com settings.luckyorange.net sst.leaseplan.com stats.g.doubleclick.net surveystats.hotjar.io vc.hotjar.io www.facebook.com www.google-analytics.com www.google.com www.leaseplan.it; img-src 'self' data: ad.doubleclick.net bat.bing.com *.clarity.ms cdn.cookielaw.org cdn.imagin.studio i.ytimg.com idt9rpjm7d.execute-api.eu-west-1.amazonaws.com img.youtube.com p1.zemanta.com px.ads.linkedin.com script.hotjar.com tracking.adstrategysites.com tracking.audio.thisisdax.com translate.google.com www.drive.leaseplan.pt www.facebook.com www.google-analytics.com www.google.com www.google.cz www.google.de www.googletagmanager.com www.gstatic.com www.leaseplan.it; media-src 'self' *.leaseplandigital.com www.leaseplanbrand.com; worker-src blob:; style-src 'self' 'unsafe-inline' *.leaseplancdn.com cdn.cookielaw.org maxcdn.bootstrapcdn.com translate.googleapis.com www.leaseplan.it; frame-src 'self' *.leaseplan.com player.vimeo.com www.youtube.com www.youtube-nocookie.com https://map.openchargemap.io widget.klantenthousiasme.nl; font-src 'self' *.leaseplancdn.com; object-src 'none'; base-uri 'none'; 1 default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 1 object-src 'none';base-uri 'self';script-src 'nonce-TLiv0sWLQQkjsc9nZR0cAQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'report-sample' 'self' cdn.jsdelivr.net www.google-analytics.com cdn-cookieyes.com www.google.com www.googletagmanager.com www.gstatic.com gstatic.com google.com googletagmanager.com; style-src 'unsafe-inline' 'report-sample' 'self' use.typekit.net p.typekit.net; object-src 'none'; base-uri 'self'; connect-src 'self' www.google-analytics.com www.yoast.com yoast.com stats.g.doubleclick.net region1.analytics.google.com www.analytics.google.com cdn-cookieyes.com log.cookieyes.com directory.cookieyes.com; font-src 'self' use.typekit.net data:; frame-ancestors 'self'; frame-src 'self' www.google.com google.com; img-src 'self' data: google-analytics.com www.google-analytics.com google.com www.google.com secure.gravatar.com www.w3.org gravatar.com w3c.org cdn-cookieyes.com google.nl www.google.nl; manifest-src 'self'; media-src 'self'; worker-src 'self'; 1 object-src 'none';base-uri 'self';script-src 'nonce-zFifUZGsiRGAOWGzuUKqpw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-pAxBVKx0EJa0UsrO11R4Ug' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googleapis.com *.google-analytics.com *.googletagmanager.com *.salesforceliveagent.com *.pendo.io; object-src 'none'; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' *.google.com *.google.nl *.pendo.io *.googletagmanager.com; connect-src 'self' *.google-analytics.com *.doubleclick.net; font-src 'self' *.gstatic.com 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: bat.bing.com *.vimeo.com *.twitter.com t.trackedlink.net *.doubleclick.net www.googletagmanager.com www.google.co.uk p.typekit.net *.gstatic.com cdn.cookielaw.org use.typekit.net *.mktoresp.com cdn.jsdelivr.net static.oktopost.com munchkin.marketo.net *.googleapis.com okt.to adservice.google.com *.linkedin.com *.onetrust.com t.co ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 base-uri 'self'; default-src 'self' https://stats.g.doubleclick.net stats.g.doubleclick.net https://browser.sentry-cdn.com browser.sentry-cdn.com https://buzzsprout.com buzzsprout.com https://www.buzzsprout.com www.buzzsprout.com https://connect.facebook.net connect.facebook.net https://googleapis.com googleapis.com https://*.googleapis.com *.googleapis.com https://gstatic.com gstatic.com https://*.gstatic.com *.gstatic.com https://fonts.gstatic.com fonts.gstatic.com https://google-analytics.com google-analytics.com https://*.google-analytics.com *.google-analytics.com https://analytics.google.com analytics.google.com https://*.analytics.google.com *.analytics.google.com https://nedc.com.au nedc.com.au https://www.nedc.com.au www.nedc.com.au https://www.google www.google https://googletagmanager.com googletagmanager.com https://*.googletagmanager.com *.googletagmanager.com https://stats.g.doubleclick.net stats.g.doubleclick.net https://translate.google.com translate.google.com https://*.translate.google.com *.translate.google.com https://youtube.com youtube.com https://*.youtube.com *.youtube.com https://youtu.be youtu.be https://*.youtu.be *.youtu.be https://youtube-nocookie.com youtube-nocookie.com https://*.youtube-nocookie.com *.youtube-nocookie.com https://vimeo.com vimeo.com https://*.vimeo.com *.vimeo.com; child-src; connect-src 'self' https://www.google-analytics.com www.google-analytics.com; font-src 'self' https://browser.sentry-cdn.com browser.sentry-cdn.com https://buzzsprout.com buzzsprout.com https://www.buzzsprout.com www.buzzsprout.com https://connect.facebook.net connect.facebook.net https://googleapis.com googleapis.com https://*.googleapis.com *.googleapis.com https://gstatic.com gstatic.com https://*.gstatic.com *.gstatic.com https://fonts.gstatic.com fonts.gstatic.com https://google-analytics.com google-analytics.com https://*.google-analytics.com *.google-analytics.com https://analytics.google.com analytics.google.com https://*.analytics.google.com *.analytics.google.com https://nedc.com.au nedc.com.au https://www.nedc.com.au www.nedc.com.au https://www.google www.google https://googletagmanager.com googletagmanager.com https://*.googletagmanager.com *.googletagmanager.com https://stats.g.doubleclick.net stats.g.doubleclick.net https://translate.google.com translate.google.com https://*.translate.google.com *.translate.google.com https://youtube.com youtube.com https://*.youtube.com *.youtube.com https://youtu.be youtu.be https://*.youtu.be *.youtu.be https://youtube-nocookie.com youtube-nocookie.com https://*.youtube-nocookie.com *.youtube-nocookie.com https://vimeo.com vimeo.com https://*.vimeo.com *.vimeo.com data:; form-action 'self'; frame-ancestors 'self'; frame-src; img-src 'self' https://browser.sentry-cdn.com browser.sentry-cdn.com https://buzzsprout.com buzzsprout.com https://www.buzzsprout.com www.buzzsprout.com https://connect.facebook.net connect.facebook.net https://googleapis.com googleapis.com https://*.googleapis.com *.googleapis.com https://gstatic.com gstatic.com https://*.gstatic.com *.gstatic.com https://fonts.gstatic.com fonts.gstatic.com https://google-analytics.com google-analytics.com https://*.google-analytics.com *.google-analytics.com https://analytics.google.com analytics.google.com https://*.analytics.google.com *.analytics.google.com https://nedc.com.au nedc.com.au https://www.nedc.com.au www.nedc.com.au https://googletagmanager.com googletagmanager.com https://*.googletagmanager.com *.googletagmanager.com https://translate.google.com translate.google.com https://*.translate.google.com *.translate.google.com https://youtube.com youtube.com https://*.youtube.com *.youtube.com https://youtu.be youtu.be https://*.youtu.be *.youtu.be https://youtube-nocookie.com youtube-nocookie.com https://*.youtube-nocookie.com *.youtube-nocookie.com https://vimeo.com vimeo.com https://*.vimeo.com *.vimeo.com blob: data:; media-src data:; object-src 'none'; script-src 'self' https://browser.sentry-cdn.com browser.sentry-cdn.com https://buzzsprout.com buzzsprout.com https://www.buzzsprout.com www.buzzsprout.com https://connect.facebook.net connect.facebook.net https://googleapis.com googleapis.com https://*.googleapis.com *.googleapis.com https://gstatic.com gstatic.com https://*.gstatic.com *.gstatic.com https://google-analytics.com google-analytics.com https://*.google-analytics.com *.google-analytics.com https://analytics.google.com analytics.google.com https://*.analytics.google.com *.analytics.google.com https://nedc.com.au nedc.com.au https://www.nedc.com.au www.nedc.com.au https://www.google www.google https://googletagmanager.com googletagmanager.com https://*.googletagmanager.com *.googletagmanager.com https://stats.g.doubleclick.net stats.g.doubleclick.net https://translate.google.com translate.google.com https://*.translate.google.com *.translate.google.com https://youtube.com youtube.com https://*.youtube.com *.youtube.com https://youtu.be youtu.be https://*.youtu.be *.youtu.be https://youtube-nocookie.com youtube-nocookie.com https://*.youtube-nocookie.com *.youtube-nocookie.com https://vimeo.com vimeo.com https://*.vimeo.com *.vimeo.com 'unsafe-inline' 'unsafe-eval' blob: data:; style-src 'self' https://fonts.googleapis.com fonts.googleapis.com 'unsafe-inline'; report-uri https://o4504115515686912.ingest.sentry.io/api/4504373260386304/security/?sentry_key=b2c30554689049048fdf0b5f45af84d4; report-to https://o4504115515686912.ingest.sentry.io/api/4504373260386304/security/?sentry_key=b2c30554689049048fdf0b5f45af84d4; upgrade-insecure-requests 1 font-src fonts.gstatic.com *.fontawesome.com www.mstyle.co.uk data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com www.mstyle.co.uk 'self' 'unsafe-inline'; frame-ancestors www.mstyle.co.uk 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com landofcoder.com *.weltpixel.com payment.preprod.direct.worldline-solutions.com www.mstyle.co.uk 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io validate.fishpig.co.uk www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com www.mstyle.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com landofcoder.com https://www.googletagmanager.com tagmanager.google.com payment.preprod.direct.worldline-solutions.com www.mstyle.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com unsafe-inline tagmanager.google.com www.mstyle.co.uk 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com www.mstyle.co.uk 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com cdn.ampproject.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com landofcoder.com https://www.google-analytics.com payment.preprod.direct.worldline-solutions.com www.mstyle.co.uk 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.mstyle.co.uk http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src www.mstyle.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' 'nonce-Dio2ETQ9W7btyy43L0f1zg==' 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.facebook.net www.google.com munchkin.marketo.net tags.srv.stackadapt.com analytics.google.com *.marketo.com maxcdn.bootstrapcdn.com *.mktoutil.com cdn.bizible.com play.vidyard.com *.ads-twitter.com *.doubleclick.net cdn.bizibly.com www.googletagmanager.com *.twitter.com *.googleadservices.com cdn-icons-png.flaticon.com cdn.jsdelivr.net *.mktoresp.com *.licdn.com stackpath.bootstrapcdn.com *.googleapis.com *.facebook.com *.gstatic.com www.google-analytics.com cdn2.iconfinder.com code.jquery.com t.co ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 object-src 'none';base-uri 'self';script-src 'nonce-DK0LUuzMnG-BLr-6YAExqg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-82s2kqmwdDKV5-TQnwXmGg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-ke8WtJfEERuWzstD0rEMvA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-EyR9Qp-ZYtU1hbnUFGxZyg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-0CX3PTG023k6bFbrB9UOaQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-6CNZpXZoqb1e7T1WeOBUlQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-rWzZ4ugzsBJ72843nDnl7A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none'; script-src 'self' pagecdn.io; script-src-attr 'self'; style-src 'self'; frame-ancestors 'self' 1 font-src *.fontawesome.com *.accesstrade.in *.accesstrade.in.th fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.accesstrade.in *.accesstrade.in.th *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.accesstrade.in *.accesstrade.in.th *.weltpixel.com https://vars.hotjar.com https://bid.g.doubleclick.net *.wesupply.xyz https://wesupplylabs.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.accesstrade.in *.accesstrade.in.th https://i.ibb.co https://googleads.g.doubleclick.net https://www.google.com https://www.google.co.th https://www.facebook.com https://www.google.com.vn *.gstatic.com *.facebook.com *.cdninstagram.com *.fbcdn.net maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.accesstrade.in *.accesstrade.in.th https://js-agent.newrelic.com https://bam.nr-data.net https://connect.facebook.net *.hotjar.com https://www.google.com https://www.google.com.vn https://www.google.co.th https://googleads.g.doubleclick.net *.cloudflare.com ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com *.instagram.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.fontawesome.com *.accesstrade.in *.accesstrade.in.th fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.accesstrade.in *.accesstrade.in.th *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.accesstrade.in *.accesstrade.in.th https://stats.g.doubleclick.net https://bam.nr-data.net https://in.hotjar.com https://www.facebook.com *.google-analytics.com *.facebook.net https://www.google-analytics.com *.instagram.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-Y2ebEw4kY3kjja2SyHI5jA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-Co88D0OGjI8PmAGcPfsysw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-qK7Nn3PR6tfewR8l-Q-K9A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 frame-ancestors 'self'; default-src 'self' https:; script-src 'report-sample' 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'report-sample' 'self' https: 'unsafe-inline'; font-src 'self' https: 'unsafe-inline' data:; img-src 'self' https: data:; report-uri https://5eb1e20184090c563b06661b.endpoint.csper.io; 1 object-src 'none';base-uri 'self';script-src 'nonce-htyZsRcjg-45rgsbRt55vA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.typekit.net fonts.gstatic.com use.typekit.net *.klevu.com *.ksearchnet.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.braintreegateway.com *.paypal.com *.sharethis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.paypal.com *.typekit.net p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net *.sharethis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.commerce-payment-services.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.typekit.net amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.sharethis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.sharethis.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.sharethis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-SVnRLBrNQ31gAa7vGtW_uQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-B563hf-isXwydtlt3iXOhQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-8M4QmUb_aCAoPhECEnMDCA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-Qv3JP2wulxtafPQHv9JI0A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-TmgXPEBwx3FDsXIMCVt3GA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-8_nU1lDRf0fI2dUIS_hZbg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-8wJ2MdtKiXNKqdYYcFxDmg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-1GAGW_lxf1p-B6PLKIU8fg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-Xkr6wps43AUv3H_kdpDqfw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.fontawesome.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com test.saferpay.com www.saferpay.com saferpay.com *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ test.saferpay.com www.saferpay.com saferpay.com https://www.googletagmanager.com/ *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com test.saferpay.com www.saferpay.com saferpay.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cloudfront.net *.reviews.io *.reviews.co.uk 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js test.saferpay.com www.saferpay.com saferpay.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://cdn.polyfill.io https://browser.sentry-cdn.com *.reviews.io *.reviews.co.uk *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.fontawesome.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com test.saferpay.com www.saferpay.com saferpay.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.ingest.sentry.io *.cloudfront.net *.reviews.io *.reviews.co.uk t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src test.saferpay.com www.saferpay.com saferpay.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-9G8Re5QyyOc-BWIvRLxRwQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-WXj1MRk-7FOl0NbKbKZIsw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-FX9pvwSDxVAZxnuwJL072g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-K6gN3M-OwQqef97O03-aPg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src https: 'unsafe-eval' 'unsafe-inline' data: about: gsa://onpageload; report-uri /_csp_report_/ 1 object-src 'none';base-uri 'self';script-src 'nonce-873mVGhsXyyjmqMY_4SfPQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-6jOxh4wuXuHCCLfP6ls1NA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-AwKWLSG0cyv4zv-tlwcG5g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-C7n-w_IwYm06b8U1HhO-6Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://www.magezon.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com *.avada.io *.google.com/ *.gstatic.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-jySx2vZKVk_uefqWJW1OuQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-JJ5_gKRmDUe_b0oiD6NPlg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-bZ_E8WdS7WF5zBBMgm6Fow' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-Y9UITrUhpLNSG4vwplrEWw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' *.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com; font-src 'self' *.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com data: *.olark.com fonts.gstatic.com; script-src 'self' *.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com 'unsafe-inline' 'unsafe-eval' *.turn.com static.cloudflareinsights.com ajax.cloudflare.com *.youtube.com *.ytimg.com *.datadoghq-browser-agent.com *.getclicky.com clicky.com *.twitter.com *.ads-twitter.com *.facebook.net analytics.tiktok.com www.recaptcha.net recaptcha.net www.gstatic.com www.gstatic.cn www.google.com *.olark.com *.adroll.com *.googletagmanager.com tagmanager.google.com analytics.google.com google-analytics.com *.google-analytics.com *.g.doubleclick.net *.doubleclick.net *.googleadservices.com *.google.com *.googlesyndication.com *.googletagservices.com; style-src 'self' *.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com 'unsafe-inline' *.getclicky.com clicky.com *.olark.com *.googletagmanager.com tagmanager.google.com *.google.com fonts.googleapis.com; img-src 'self' *.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com 'unsafe-inline' data: *.turn.com secure.gravatar.com *.ytimg.com *.youtube.com *.getclicky.com *.twitter.com t.co *.facebook.com www.gstatic.com/recaptcha *.olark.com *.adroll.com d.adroll.com *.googletagmanager.com analytics.google.com *.analytics.google.com google-analytics.com *.google-analytics.com *.gstatic.com *.google.com *.doubleclick.net *.g.doubleclick.net *.googlesyndication.com www.googleadservices.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://umfworldwide.com https://ultrapassport.com https://umfstage.com https://ultramusicfestival.com https://resistancemiami.com https://ultrataiwan.com https://resistancemusic.com https://thailand.roadtoultra.com https://ultrabali.com https://ultrajapan.com https://india.roadtoultra.com https://ultraabudhabi.com https://resistanceibiza.com https://ultraeurope.com https://costadelsol.ultrabeach.com https://guatemala.roadtoultra.com https://costarica.roadtoultra.com https://ultrachile.com https://ultraperu.com https://ultrabrasil.com https://lima.resistancemusic.com https://buenosaires.resistancemusic.com https://medellin.resistancemusic.com https://guatemala.resistancemusic.com https://colombia.roadtoultra.com https://ultrakorea.com https://ultraaustralia.com https://australia.resistancemusic.com https://ultrasouthafrica.com https://mexico.resistancemusic.com https://santacruz.resistancemusic.com https://panama.resistancemusic.com https://sanjose.resistancemusic.com https://uruguay.resistancemusic.com https://santiago.resistancemusic.com https://ultrasingapore.com https://ultramexico.com https://quito.resistancemusic.com https://ultrabeijing.com https://ultrashanghai.com https://hongkong.roadtoultra.com https://philippines.roadtoultra.com https://paraguay.roadtoultra.com https://roadtoultra.com https://bolivia.roadtoultra.com https://*.umfworldwide.com https://*.ultrapassport.com https://*.umfstage.com https://*.ultramusicfestival.com https://*.resistancemiami.com https://*.ultrataiwan.com https://*.resistancemusic.com https://*.thailand.roadtoultra.com https://*.ultrabali.com https://*.ultrajapan.com https://*.india.roadtoultra.com https://*.ultraabudhabi.com https://*.resistanceibiza.com https://*.ultraeurope.com https://*.costadelsol.ultrabeach.com https://*.guatemala.roadtoultra.com https://*.costarica.roadtoultra.com https://*.ultrachile.com https://*.ultraperu.com https://*.ultrabrasil.com https://*.lima.resistancemusic.com https://*.buenosaires.resistancemusic.com https://*.medellin.resistancemusic.com https://*.guatemala.resistancemusic.com https://*.colombia.roadtoultra.com https://*.ultrakorea.com https://*.ultraaustralia.com https://*.australia.resistancemusic.com https://*.ultrasouthafrica.com https://*.mexico.resistancemusic.com https://*.santacruz.resistancemusic.com https://*.panama.resistancemusic.com https://*.sanjose.resistancemusic.com https://*.uruguay.resistancemusic.com https://*.santiago.resistancemusic.com https://*.ultrasingapore.com https://*.ultramexico.com https://*.quito.resistancemusic.com https://*.ultrabeijing.com https://*.ultrashanghai.com https://*.hongkong.roadtoultra.com https://*.philippines.roadtoultra.com https://*.paraguay.roadtoultra.com https://*.roadtoultra.com https://*.bolivia.roadtoultra.com; media-src 'self' *.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com *.olark.com; connect-src 'self' *.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com cloudflareinsights.com *.datadoghq.com *.browser-intake-datadoghq.com *.getclicky.com *.facebook.com analytics.tiktok.com analytics.pangle-ads.com *.olark.com *.googletagmanager.com *.google-analytics.com analytics.google.com *.analytics.google.com *.g.doubleclick.net *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; frame-src 'self' *.ultramusicfestival.com ultramusicfestival.com umfworldwide.com ultrapassport.com *.ultrapassport.net resistancemusic.com *.resistancemusic.com roadtoultra.com *.roadtoultra.com *.zohopublic.com *.apple.com open.spotify.com *.soundcloud.com *.youtube.com *.youtube-nocookie.com www.facebook.com *.recaptcha.net recaptcha.net www.google.com recaptcha.google.com *.olark.com *.googletagmanager.com bid.g.doubleclick.net *.google.com *.doubleclick.net *.googlesyndication.com; child-src *.youtube.com *.youtube-nocookie.com *.googletagmanager.com; worker-src www.recaptcha.net; object-src *.googlesyndication.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub7c55919a7d54d6386d0f0b19bc82e82f&dd-evp-origin=content-security-policy&ddsource=csp-report; 1 object-src 'none';base-uri 'self';script-src 'nonce-KJ4aASU5H7sFQ90o260ZQg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-gzb0VIsjW33hEtJWXotMBg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-99HPS6aG0t7QWNWdbWnkng' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-694EFw6Aurjv4JvPLJDSaQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-8xneHpEIpiXOg1X3vyIn8g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-DSzWBessNt3BC-oO0DwjuA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-laeBfyiu_fgKwWQqbx1Wsg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 connect-src www.google-analytics.com stats.g.doubleclick.net www.facebook.com vc.hotjar.io metrics.hotjar.io; font-src data: fonts.gstatic.com; frame-ancestors 'self'; frame-src www.youtube.com www.facebook.com www.google.com; img-src data: 'self' www.googletagmanager.com www.google-analytics.com; script-src 'sha256-V5hZkFzoucOirIKdhwlWm41zVfqT+hzR9qFG3g+BppU=' 'sha256-+ckN+/8ywfuLqQE8xnD2kIYHwlOHhalXMkhBok5TPPE=' 'sha256-xpHN0VS2NfvY44VaAl+Kfy9U7UttnM50Rdxewtejaqo=' 'sha256-N3THlC1rSLGsq/MDIsNuDvkyL3LlrvX8IDDs6tp+GcM=' 'sha256-O6jJLUCEsllIjNGYsmifqU6GOYiaXNsnu/2/Z/+wEKM=' 'sha256-/u4Azgaugq82boCasxVsZXDhMKVjq7Y1nZeFS8qKU8Y=' 'sha256-OAaEdnKkkIJEoNh9lLPHr2f7AFKda4IJmPW3XFv3aK0=' 'sha256-wlHsEY1RyvIMpvGu6vQVDNxHH55C4AAO/nAjzYLEaIc=' 'sha256-vDRy7gDm2L2n2sq5eXu2Koxpzjd99FPmyRx/VAi0PNA=' 'sha256-5etRyYZ3VZMdkzIQqz52Pgh0LIm350MsNbGLtYkvIsU=' 'self' www.google-analytics.com www.googletagmanager.com static.hotjar.com connect.facebook.net www.youtube.com script.hotjar.com; style-src 'unsafe-inline' fonts.googleapis.com 'self'; 1 default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://publicapi.ladybug.com/report/csr?session=197598853 1 font-src maxcdn.bootstrapcdn.com *.photoslurp.com *.ternua.com *.on4u.com *.gstatic.com 'self' data: www.ternua.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.redsys.es www.facebook.com *.ternua.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.ternua.com 'self' 'unsafe-inline'; frame-ancestors www.ternua.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com *.google.com *.ternua.com *.on4u.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com www.ternua.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com validate.fishpig.co.uk stats.g.doubleclick.net cdn.cookielaw.org mc.us8.list-manage.com www.facebook.com connect.facebook.net developers.google.com www.google.es maps.gstatic.com fonts.gstatic.com maps.googleapis.com fonts.googleapis.com *.photoslurp.com mcusercontent.com *.connectif.cloud *.ternua.com *.on4u.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: *.gstatic.com www.ternua.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com sl.google-analytics.com cdn.cookielaw.org mc.us8.list-manage.com www.facebook.com connect.facebook.net *.google.com www.google.es developers.google.com *.gstatic.com *.googleapis.com *.googleoptimize.com *.photoslurp.com *.onetrust.com *.connectif.cloud *.ternua.com *.clarity.ms *.newrelic.com *.nr-data.net *.on4u.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com www.ternua.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com maxcdn.bootstrapcdn.com *.photoslurp.com *.mailchimp.com *.ternua.com *.on4u.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com tagmanager.google.com www.ternua.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.ternua.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.doubleclick.net *.paypal.com api.instagram.com developers.google.com sl.google-analytics.com cdn.cookielaw.org downloads.mailchimp.com mc.us8.list-manage.com www.facebook.com connect.facebook.net *.google.com *.google.es *.gstatic.com *.googleapis.com *.appspot.com *.photoslurp.com *.onetrust.com *.connectif.cloud *.ternua.com *.clarity.ms *.newrelic.com *.nr-data.net *.on4u.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com t.elasticsuite.io *.google-analytics.com https://www.google-analytics.com www.ternua.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.ternua.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com www.ternua.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com magento-cloudflare.jetrails.com www.youtube.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.ytimg.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://maps.gstatic.com 'self' data: *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://maps.googleapis.com *.google.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com unsafe-inline *.googleapis.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com t.elasticsuite.io *.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/translate_google 1 font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.facebook.com *.google.com *.google.com.vn https://stats.g.doubleclick.net 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.twitter.com *.facebook.com *.google.com *.google.com.vn https://stats.g.doubleclick.net https://connect.facebook.net https://googleads.g.doubleclick.net *.newrelic.com *.nr-data.net 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.twitter.com *.facebook.com *.google.com *.google.com.vn https://stats.g.doubleclick.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com 'self' data: *.lightemporium.com *.usercentrics.eu *.gstatic.com *.googleapis.com *.facebook.com *.google.com *.google.com.vn 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googletagmanager.com *.google.com *.googleapis.com *.facebook.com *.google.com.vn https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://connect.facebook.net *.nr-data.net *.newrelic.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.facebook.com *.google.com *.google.com.vn 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google-analytics.com *.ip-api.com *.facebook.com *.google.com *.google.com.vn https://stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://kit.fontawesome.com/ https://js.monitor.azure.com https://ajax.googleapis.com https://*.google.com https://www.gstatic.com https://*.kubra.com https://*.apogee.net https://js.braintreegateway.com https://*.paypal.com; style-src 'self' 'unsafe-inline' https://*.kubra.com https://fonts.googleapis.com; img-src * 'self' data:; font-src * 'self' data:; connect-src *; frame-src https://*.apogee.net https://*.google.com https://*.paypal.com; report-uri /csp/report 1 object-src 'none';base-uri 'self';script-src 'nonce-Ve0URq0prrNh2/r2bFB0' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'report-sample';report-uri https://csp.withgoogle.com/csp/scfe 1 font-src *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ account.fetchify.com maps.googleapis.com chart.googleapis.com https://www.googletagmanager.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ maps.googleapis.com chart.googleapis.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ s7.addthis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cc-cdn.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io api.craftyclicks.co.uk pcls1.craftyclicks.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ maps.googleapis.com chart.googleapis.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ ekr.zdassets.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-hnFE6ty0BIkMQ-jO-frXTw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-u4gFSZIilxRI1aI9d4GthA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' https://*.wistia.com https://*.wistia.net https://*.pusher.com; base-uri 'self'; connect-src 'self' https://*.intercom.io https://*.fontawesome.com https://noembed.com https://cdn.plyr.io https://*.pusher.com https://*.googleapis.com https://bugherd.com https://*.bugherd.com https://*.wistia.com https://*.bugsnag.com https://*.tiny.cloud https://vimeo.com https://*.vimeo.com https://*.googleusercontent.com https://*.intercomcdn.com https://*.tokbox.com https://*.opentok.com https://*.google.com https://google.com https://*.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://embedwistia-a.akamaihd.net https://*.litix.io https://api.glitch.com *.tinymce.com https://*.gstatic.com *.google.com https://uploads.intercomcdn.eu https://uploads.intercomusercontent.com data: blob: wss:; font-src 'self' https://*.fontawesome.com https://*.wistia.com https://*.slant.co https://*.alicdn.com https://*.wistia.net https://*.cloudfront.net https://*.bugherd.com https://fonts.intercomcdn.com https://js.intercomcdn.com https://*.megabonus.com https://*.cdnfonts.com https://*.bootstrapcdn.com https://*.gstatic.com *.tinymce.com *.tiny.cloud https://*.typekit.net data:; frame-ancestors 'self'; frame-src 'self' http: https:; img-src 'self' http: https: data: blob: file:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.nr-data.net https://bugherd.com https://*.bugherd.com https://*.intercom.io https://*.intercomcdn.com https://*.intercom.com https://stats.pusher.com https://*.pusher.com https://*.rawgit.com https://*.zencdn.net https://*.cloudflare.com https://*.tiny.cloud https://*.fontawesome.com https://*.google.com https://*.googleapis.com https://*.wistia.com https://*.wistia.net https://*.cloudfront.net https://addtocalendar.com https://*.addevent.com https://addevent.com https://www.youtube.com https://*.vimeocdn.com https://*.vimeo.com https://*.tokbox.com https://*.opentok.com https://*.jquery.com https://*.google-analytics.com https://google-analytics.com https://*.gstatic.com https://*.wistia.net https://src.litix.io https://button.glitch.me *.tinymce.com *.googleusercontent.com blob:; media-src 'self' https://*.wistia.com https://*.gstatic.com https://*.intercomcdn.com https://embedwistia-a.akamaihd.net https://*.wistia.net data: blob:; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.datatables.net https://*.bootstrapcdn.com https://*.licdn.com https://*.tiny.cloud https://*.wistia.com https://*.wistia.net https://bugherd.com https://*.bugherd.com https://*.cloudfront.net https://addtocalendar.com https://*.fontawesome.com https://*.googleapis.com https://button.glitch.me *.tinymce.com; worker-src 'self' blob:; child-src 'self' https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; report-uri /csp_reports 1 default-src 'self' https:; child-src 'self' https: data:; connect-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data:; object-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline' 1 default-src * data: ; script-src * 'unsafe-inline' 'unsafe-eval' cdn.matomo.cloud diateam.matomo.cloud; style-src * 'unsafe-inline' data: ; frame-ancestors 'self' ; frame-src 'self' www.google.com platform.twitter.com syndication.twitter.com www.youtube.com; block-all-mixed-content; report-uri https://www.diateam.net/.csp/report 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: bat.bing.com *.googleapis.com components.otstatic.com cdnjs.cloudflare.com cdn.cookielaw.org *.boydgaming.com *.facebook.com *.clarity.ms *.azureedge.net ads.robertsstream.com places.singleplatform.com *.doubleclick.net adservice.google.com oc-registry.opentable.com *.gstatic.com twin-iq.kickfire.com c.bing.com assets.adobedtm.com *.facebook.net www.google.com www.google-analytics.com www.opentable.com static.boydgaming.net ad.ipredictive.com www.googletagmanager.com *.cloudfront.net api-engage-us.sitecorecloud.io *.onetrust.com cdn.otstatic.com www.youtube.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 font-src *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.gstatic.com smct.co *.smct.co smct.io *.smct.io *.amazonaws.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.genteroma.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.iubenda.com *.google.com *.livechatinc.com *.online-metrix.net *.tracead.com tracead.com *.signifyd.com img.signifyd.com *.addthis.com *.jrs5.com pubxtag1.com amc.demdex.net *.facebook.com smct.co *.smct.co smct.io *.smct.io *.amazonaws.com *.salecycle.com *.salecycle.com:8080 *.disqus.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.payments-amazon.com *.linksynergy.com *.nxtck.com *.mediaforge.com *.jrs5.com *.dc-storm.com *.rd.linksynergy.com *.ra.linksynergy.com *.facebook.com *.google.it *.google.com www.google.com *.signifyd.com *.e.aa.online-metrix.net *.gstatic.com *.googleapis.com smct.co *.smct.co smct.io *.smct.io *.amazonaws.com *.demdex.net *.googletagmanager.com *.facebook.net *.disqus.com *.disquscdn.com *.viglink.com *.lystit.com *.iubenda.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.chimpstatic.com downloads.mailchimp.com *.list-manage.com *.iubenda.com *.googletagmanager.com chimpstatic.com *.doofinder.com *.gstatic.com *.google.com *.signifyd.com *.livechatinc.com *.facebook.net *.rmtag.com *.tracead.com tracead.com *.addthis.com *.amazon.com *.amazonaws.com *.googleapis.com *.jsdelivr.net *.moatads.com *.addthisedge.com widget.pinterest.com *.genteroma.com smct.co *.smct.co smct.io *.smct.io *.cloudfront.net *.salecycle.com *.salecycle.com:8080 *.disqus.com *.disquscdn.com *.rlcdn.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.cloudflare.com *.googleapis.com *.jsdelivr.net *.gstatic.com *.disquscdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.iubenda.com *.doofinder.com *.g.doubleclick.net *.doubleclick.net *.signifyd.com *.signifyd.com:11103 *.signifyd.com:11103/onload https://bt.signifyd.com:11103 https://bt.signifyd.com:11103/onload bt.signifyd.com *.facebook.com *.google-analytics.com *.livechatinc.com *.addthis.com smct.co *.smct.co smct.io *.smct.io *.amazonaws.com *.salecycle.com *.salecycle.com:8080 maps.googleapis.com geo.privacymanager.io *.disqus.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://skeeller.report-uri.com/r/d/csp/wizard; report-to report-endpoint; 1 report-uri https://xtm.cloud/contact/; font-src 'self' 'unsafe-inline' data: fonts.gstatic.com ka-p.fontawesome.com;; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com tracking.g2crowd.com https://cdn.cookielaw.org/ https://extend.vimeocdn.com https://f.vimeocdn.com https://js.hs-scripts.com js.hs-analytics.net js.hsadspixel.net js.hs-banner.com js.hscollectedforms.net www.googletagmanager.com forms.hscollectedforms.net api.hubapi.com static.hsappstatic.net https://cdn.jsdelivr.net embed.typeform.com extend.vimeocdn.com kit.fontawesome.com snap.licdn.com www.google-analytics.com connect.facebook.com connect.facebook.net googleads.g.doubleclick.net js.usemessages.com ws.zoominfo.com bat.bing.com static.hotjar.com www.gstatic.com www.google.com forms-na1.hsforms.com js.hsforms.net j.6sc.co;; style-src 'self' 'unsafe-inline' 'unsafe-eval' embed.typeform.com fonts.googleapis.com ka-p.fontawesome.com kit.fontawesome.com;; img-src 'self' 'unsafe-inline' data: cdn.cookielaw.org i.vimeocdn.com track.hubspot.com secure.gravatar.com images.typeform.com bat.bing.com forms.hsforms.com www.google.com www.google.pl px.ads.linkedin.com www.facebook.com forms-na1.hsforms.com b.6sc.co www.googletagmanager.com;; object-src 'unsafe-eval' 1 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /error/csp-report 1 default-src 'self'; base-uri 'self'; img-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://img.youtube.com https://i.bojoko.com https://bojoko.com/assets; script-src 'report-sample' 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://static.cloudflareinsights.com https://bojoko.com/assets 'sha256-DTbEkHFgvUtFQTfjMrYQg7Y5+V+TkrorUrIwyvfty7w='; style-src 'report-sample' 'self' 'unsafe-inline' https://bojoko.com/assets; object-src 'none'; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://plausible.bojoko.com; frame-src 'self' https://www.youtube-nocookie.com/embed/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; frame-ancestors 'none'; worker-src 'none'; report-uri https://bojoko.endpoint.csper.io; 1 default-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';block-all-mixed-content;report-uri https://www.facebook.com/csp/reporting/?minimize=0; 1 default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.gstatic.com *.cdn.userway.org; font-src 'self' fonts.gstatic.com; img-src 'self' cdn.userway.org data:; connect-src 'self' api.userway.org; script-src 'self' cdn.userway.org ajax.googleapis.com maxcdn.bootstrapcdn.com 'unsafe-eval' 'unsafe-inline' 'sha256-DA5u3f4yP+a9Q14vkm9t+LDdJOUnmWzlAHP81359zY0=' 'sha256-ccElp1F3PwWbFIK1pWZLQ+fAhCc777pDA16/ImcnLt4='; 1 frame-ancestors 'self' account.elama.global new.elama.ru elama.global *.elama.global *.elama.zone elama.ru *.elama.ru elama.com.br *.elama.com.br elama.kz *.elama.kz mc.yandex.ru mc.webvisor.com mc.webvisor.org yastatic.net webvisor.com http://webvisor.com metrika.yandex.ru yandex.com yandex.ru *.yandex.com *.yandex.net *.yandex.ru *.dev-morda.svc.elama-team.ru; report-uri https://sn.elama.global/api/26/security/?sentry_key=cf985e6d1e254161bef105622a6e28a4; 1 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com fonts.gstatic.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com sandbox.przelewy24.pl secure.przelewy24.pl *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.doubleclick.net *.facebook.com pay.google.com *.googlesyndication.com *.dpd.com.pl *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.meetanshi.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com static.przelewy24.pl www.gstatic.com gstatic.com *.google.pl *.salesmanago.pl *.salesmanago.es *.salesmanago.com https://meetanshi.com/media/logo.png *.meetanshi.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com *.sortext.com *.googlesyndication.com *.crazyegg.com mapa.ecommerce.poczta-polska.pl unpkg.com cdn.jsdelivr.net api.mapbox.com geowidget.easypack24.net *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.googleapis.com *.avada.io *.meetanshi.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com fonts.googleapis.com *.fontawesome.com cdn.dnky.co webchat.dotdigital.com *.google.com unsafe-inline *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.facebook.com *.facebook.net *.google.com sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com *.sortext.com *.crazyegg.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io *.meetanshi.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com platform.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * api.sodexo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.apptrian.com cdn.sodexo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ connect.facebook.net twitter.com platform.twitter.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.apptrian.com d1sb4d47som8z8.cloudfront.net checkout.sodexo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com www.apptrian.com personalization.analytics.shoptimize.in t.elasticsuite.io lumberjack.sodexo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net uc8.tv 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com uc8.tv *.google.com *.google.com.ua *.google.co.uk 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com cdn.myafterpay.com uc8.tv *.google.com *.google.com.ua *.google.co.uk *.gstatic.com *.doubleclick.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com uc8.tv *.google.com *.google.com.ua *.google.co.uk *.gstatic.com *.googletagmanager.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.googletagmanager.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com *.google.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.environmentallights.com *.typekit.net *.cloudflare.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.environmentallights.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.environmentallights.com *.google.com *.googleapis.com *.vimeo.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.environmentallights.com *.google.com *.googleapis.com *.gstatic.com *.linkedin.com *.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.environmentallights.com bam.nr-data.net *.cookielaw.org *.google.com *.googleapis.com *.gstatic.com js-agent.newrelic.com player.vimeo.com *.facebook.net api.wistia.com fast.wistia.com *.callrail.com *.crazyegg.com *.cookiepro.com *.pardot.com *.licdn.com *.d41.co js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.environmentallights.com *.typekit.net *.cloudflare.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src *.bolt.com 'self' 'unsafe-inline'; media-src *.adobe.com *.environmentallights.com embed.wistia.com embed-ssl.wistia.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.environmentallights.com bam.nr-data.net *.doubleclick.net *.facebook.com *.google.com *.googleapis.com api.wistia.com fast.wistia.com *.callrail.com *.cookiepro.com cookiepro.blob.core.windows.net *.d41.co *.onetrust.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.environmentallights.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.gstatic.com use.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com https://www.facebook.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadolibre.com https://vars.hotjar.com https://service.force.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com https://www.google.com https://www.google.co.cr https://infanti.cl www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com *.facebook.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com commerce.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mlstatic.com *.mercadopago.com https://service.force.com https://doreljuvenilechile.us-5.evergage.com https://cdn.evergage.com https://cdn.evgnet.com https://vars.hotjar.com https://www.google.com https://stats.g.doubleclick.net https://maps.googleapis.com https://cdn.impresee.com https://d.la4-c1-ia4.salesforceliveagent.com https://*.collect.igodigital.com https://static.hotjar.com https://cdnjs.cloudflare.com https://script.hotjar.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com analytics.google.com *.facebook.net *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com https://service.force.com https://cdn.impresee.com https://dorel.secure.force.com unsafe-inline tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com commerce.adobedtm.com commerce.adobedc.net api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadopago.com *.mercadolibre.com https://doreljuvenilechile.us-5.evergage.com https://maps.googleapis.com https://stats.g.doubleclick.net https://api.impresee.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google-analytics.com analytics.google.com *.facebook.net https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.cookieinformation.com *.swiipe.com *.paymentiq.io www.facebook.com *.trustpilot.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://d1pna5l3xsntoj.cloudfront.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.swiipe.com maps.gstatic.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://core.helloretail.com https://d1pna5l3xsntoj.cloudfront.net cdn.ampproject.org https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.sleeknote.com *.cookieinformation.com *.hotjar.com *.avada.io *.swiipe.com www.gstatic.com connect.facebook.net *.trustpilot.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://d1pna5l3xsntoj.cloudfront.net https://static.klaviyo.com *.fontawesome.com *.swiipe.com www.gstatic.com maxcdn.bootstrapcdn.com *.trustpilot.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.swiipe.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://core.helloretail.com cdn.ampproject.org https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.sleeknote.com https://get.geojs.io *.avada.io *.swiipe.com www.googleapis.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://plumrocket.com 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google.com/ https://plumrocket.com *.weltpixel.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; connect-src www.google-analytics.com stats.g.doubleclick.net/j/ dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://*.ingest.sentry.io http://dpm.demdex.net https://www.google.com https://www.gstatic.com www.gstatic.com maps.googleapis.com https://www.google-analytics.com 'self' 'unsafe-inline'; img-src data: www.google.bg/pagead/ www.google.com/pagead/ www.facebook.com/tr/ maps.googleapis.com www.google.bg/ads/ga-audiences www.google.com/ads/ga-audiences assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.magezon.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com flagpedia.net *.gstatic.com 'self' 'unsafe-inline'; font-src maxcdn.bootstrapcdn.com fonts.gstatic.com googleapis.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline'; style-src maxcdn.bootstrapcdn.com fonts.googleapis.com getfirebug.com downloads.mailchimp.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com https://fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; script-src connect.facebook.com connect.facebook.net facebook.com googleads.g.doubleclick.net www.google-analytics.com www.google.com/pagead/ www.google.bg/pagead/ www.facebook.com/tr/ maps.googleapis.com ajax.cloudflare.com/cdn-cgi/scripts/ ssets.adobedtm.com secure.authorize.net test.authorize.net js.braintreegateway.com assets.adobedtm.com www.googleadservices.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com www.apptrian.com www.facebook.com graph.facebook.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.googleapis.com *.google.com *.gstatic.com *.avada.io *.google.com/ https://www.googletagmanager.com tagmanager.google.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors sid-shop.com 'self' 'unsafe-inline'; 1 default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.pl ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com *.google-analytics.com *.analytics.google.com sanalytics.spreadshirt.pl *.spreadshirt.pl ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.google-analytics.com *.analytics.google.com *.spreadshirt.pl ; font-src 'self' https: data: *.spreadshirt.pl ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.pl ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.pl ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.facebook.net t.co *.googleapis.com imgsct.cookiebot.com s.yimg.com consentcdn.cookiebot.com *.doubleclick.net *.weborama.fr analytics.google.com www.googletagmanager.com *.clarity.ms region1.analytics.google.com www.google.es consent.cookiebot.com bat.bing.com www.aservice.cloud *.twitter.com adservice.google.com *.gstatic.com *.facebook.com *.licdn.com sp.analytics.yahoo.com *.linkedin.com www.youtube.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com *.googleapis.com *.zipmoney.com.au *.zopim.com preeziestaticcontent.blob.core.windows.net schots.zendesk.com *.static.zdassets.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.dotdigital-pages.com *.dotdigital.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.doubleclick.net *.facebook.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com *.pinterest.com *.schots.viewa.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://static.afterpay.com https://site-assets.afterpay.com/ d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://site-assets.afterpay.com https://static.secure-afterpay.com.au https://static.zipmoney.com.au *.yotpo.com t.zip.co static.zipmoney.com.au *.google.co.id *.cloudfront.net *.schots.com.au *.google.com.au *.zopim.io *.zopim.com *.pinterest.com *.hellobar.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com https://api.addressfinder.io https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net polyfill.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com cdn.dnky.co webchat.dotdigital.com *.googleapis.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://data.stats.tools https://static.zipmoney.com.au http://cdn.systema.ai api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com static.zipmoney.com.au zip.co *.azureedge.net *.hellobar.com *.cloudflareinsights.com *.zopim.com *.schots.zendesk.com *.zdassets.com *.newrelic.com *.nr-data.net *.pinimg.com *.zip.co *.cloudflare.com/cdn-cgi/scripts *.cloudflare.com *.preezie.io *.pinterest.com *.preezie.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://api.addressfinder.io static.afterpay.com/ *.squarecdn.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com cdn.dnky.co webchat.dotdigital.com *.google.com unsafe-inline *.yotpo.com *.hellobar.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com schots.zendesk.com static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://api.addressfinder.io static.afterpay.com static.sandbox.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.clearpay.co.uk *.algolia.net *.algolia.com *.algolianet.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.facebook.com *.facebook.net *.google.com webchat.dotdigital.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com http://api.tracker.systema.ai api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com *.demdex.net *.zipmoney.com.au *.zip.co *.amplitude.com *.nr-data.net *.newrelic.com *.zdassets.com *.zopim.com *.pinterest.com *.doubleclick.net *.googleadservices.com *.google.com.au *.azurewebsites.net *.systema.cloud *.analytics.google.com analytics.google.com *.googleapis.com *.widget-mediator.zopim.com wss://widget-mediator.zopim.com schots.zendesk.com https://www.cloudflare.com/cdn-cgi/trace *.ip-api.com *.googlesyndication.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com maps.googleapis.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com chimpstatic.com downloads.mailchimp.com *.list-manage.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com *.fonts.gstatic.com oct8necdneu.azureedge.net *.accelasearch.io *.accelasearch.net applepay.cdn-apple.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es *.twitter.com https://seo.mageplaza.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es *.iubenda.com *.twitter.com *.oct8ne.com *.nexi.it www.google.com *.youtube.com api.payplug.com secure.payplug.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com ebizmarts-website.s3.amazonaws.com *.iubenda.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com 'self' data: *.lightemporium.com *.usercentrics.eu *.camo.githubusercontent.com oct8necdneu.azureedge.net *.ecommerce.nexi.it *.amcglobal.sc.omtrdc.net action-wear.com maps.gstatic.com media.action-wear.com *.accelasearch.io *.accelasearch.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com cdn-scripts.signifyd.com www.youtube.com *.chimpstatic.com int-ecommerce.nexi.it ecommerce.nexi.it www.google.com www.gstatic.com ws10b.cvetta.io *.iubenda.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.nr-data.net *.newrelic.com *.trackedlink.net *.avada.io static-eu.oct8ne.com *.cdnjs.cloudflare.com unpkg.com maps.googleapis.com *.nexi.it cdn.jsdelivr.net www.googletagmanager.com chimpstatic.com *.accelasearch.io *.accelasearch.net api.payplug.com applepay.cdn-apple.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.fonts.googleapis.com unpkg.com *.iubenda.com cdn.jsdelivr.net media.action-wear.com *.accelasearch.io *.accelasearch.net 'self' 'unsafe-inline'; object-src *.youtube.com 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com int-ecommerce.nexi.it ecommerce.nexi.it *.ogone.com *.ingenico.com *.v-psp.com *.epdq.co.uk *.postfinance.ch *.paypage.be *.payengine.de *.eupayglobe.com *.tpvecommerce.es *.iubenda.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.googleadservices.com *.google-analytics.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.nr-data.net *.newrelic.com https://get.geojs.io *.avada.io *.oct8ne.com *.oct8neeufrontal3microservicescheckdomain.azurewebsites.net *.nexi.it maps.googleapis.com prezzi.crmcag.it prezzi.crmcag.it:8088 *.accelasearch.io *.accelasearch.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/camac/endpoint; report-to report-endpoint; 1 object-src 'none'; script-src 'self' https://cdnjs.cloudflare.com maps.googleapis.com; script-src-attr 'self'; style-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com 'unsafe-inline'; style-src-attr 'self'; frame-ancestors 'self' 1 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/searchplayground_google 1 default-src * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' data: https: blob: android-webview-video-poster: android-webview: chrome-extension: moz-extension: ms-browser-extension: about: 1 frame-src 'self' http://mapy.kr-plzensky.cz ; report-uri /log 1 default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-a831639f809146e5980c49cd61708e82' https://quartzmychart.com 'self';img-src https://* 'self' blob: data:;style-src https://quartzmychart.com 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action 'self';media-src https://* 'self' blob:; 1 object-src 'none';base-uri 'self';script-src 'nonce-NoChgf3hNnsKwAN9Wmb8Kw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src fonts.gstatic.com *.googleapis.com *.gstatic.com data: 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com https://v2.zopim.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com *.googlesyndication.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.google.com/ *.doubleclick.net *.facebook.com *.googlesyndication.com https://widget.trustpilot.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.googleapis.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.googlesyndication.com https://belco-prod.s3-eu-central-1.amazonaws.com https://static.buckaroo.nl https://cdn.clerk.io https://v2assets.zopim.io https://v2.zopim.com https://www.google.com https://www.google.rs https://www.google.nl https://www.google.pl https://www.google.uk https://www.google.de https://www.magezon.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com https://cdn.belco.io https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl https://api.clerk.io https://cdn.clerk.io https://devdocs.magento.com https://magento.com http://widget.trustpilot.com https://invitejs.trustpilot.com https://v2.zopim.com https://static.zdassets.com https://amcglobal.sc.omtrdc.net https://static.hotjar.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com https://*.googleapis.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://api.clerk.io https://cdn.clerk.io *.fontawesome.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com cdn.ampproject.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net https://stats.g.doubleclick.net *.googlesyndication.com wss://chat.belco.io https://cdn.belco.io https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://ekr.zendesk.com/ https://devdocs.magento.com wss://widget-mediator.zopim.com https://ekr.zdassets.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'report-sample' https: 'unsafe-eval' 'unsafe-inline'; img-src 'report-sample' https: data:; frame-src *; font-src 'report-sample' 'self' https://fonts.gstatic.com https://script.hotjar.com https://static.olark.com data:; connect-src 'report-sample' https: wss: 'unsafe-eval' 'unsafe-inline' *.hotjar.com; report-uri /report-csp-violation 1 font-src fonts.gstatic.com use.typekit.net data: blob: *.gemshopping.com releases.flowplayer.org *.yotpo.com v2.zopim.com script.hotjar.com *.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com data: blob: *.gemshopping.com *.cardinalcommerce.com *.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.splitit.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.getbread.com *.breadpayments.com *.rbcpayplan.com data: blob: *.gemshopping.com *.authorize.net *.cardinalcommerce.com *.googletagmanager.com *.paypal.com *.google.com *.googleapis.com *.gstatic.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.rumbletalk.net *.dotdigital.com *.dotdigital-pages.com webchat.dotdigital.com cdn.dnky.co hps.github.io *.heartlandportico.com *.yotpo.com *.doubleclick.net *.fls.doubleclick.net *.wistia.net *.hotjar.com *.facebook.com *.formstack.com https://www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com * *.splitit.com *.trustpilot.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.getbread.com *.breadpayments.com *.rbcpayplan.com blob: *.gemshopping.com *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de ebizmarts-website.s3.amazonaws.com *.magentocommerce.com *.paypal.com *.paypalobjects.com *.ytimg.com *.cloudfront.net *.sharethis.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.google.com *.google.bs *.google.ca *.google.cz *.google.de *.google.fr *.google.nl *.google.com.ag *.google.com.do *.google.com.mx *.google.com.sa *.google.co.il *.google.co.in *.google.co.nz *.google.co.th *.google.co.uk *.google.com.co hps.github.io *.heartlandportico.com *.yotpo.com *.zopim.com *.zopim.io *.doubleclick.net *.facebook.com *.audrte.com adadvisor.net *.nr-data.net *.bing.com *.cookielaw.org *.videohub.tv *.wistia.com *.akamaihd.net *.adnxs.com *.media6degrees.com *.reson8.com *.rlcdn.com *.dotomi.com *.adsrvr.org pippio.com *.everesttech.net *.analytics.yahoo.com *.bluekai.com *.mathtag.com *.snapchat.com forms.hsforms.com track.hubspot.com vcc-na17.8x8.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.splitit.com *.amazonaws.com *.pixriot.com *.storeimaging.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com beacon-qa.magento-datasolutions.com beacon-stage.magento-ds.com beacon.magento-ds.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com assets.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.getbread.com *.breadpayments.com *.rbcpayplan.com data: blob: *.gemshopping.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com api.comapi.com *.cardinalcommerce.com *.ccdc02.com js.braintreegateway.com *.signifyd.com *.chimpstatic.com chimpstatic.com *.adsrvr.org *.authorize.net *.braintreegateway.com *.ytimg.com *.paypal.com *.paypalobjects.com https://www.google.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com https://www.gstatic.com hps.github.io *.heartlandportico.com *.yotpo.com *.zopim.com *.zdassets.com *.cloudflare.com *.rumbletalk.com d1pfint8izqszg.cloudfront.net releases.flowplayer.org *.newrelic.com *.nr-data.net *.cookielaw.org *.adnxs.com *.hotjar.io *.hotjar.com *.bing.com *.doubleclick.net *.facebook.net *.dstillery.com *.media6degrees.com *.wistia.com *.wistia.net optanon.blob.core.windows.net *.yimg.com js.hs-scripts.com cdn.attn.tv jsa.jubaplus.com js.hscollectedforms.net js.usemessages.com js.hs-banner.com js.hs-analytics.net vcc-na17.8x8.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.splitit.com *.trustpilot.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com data: blob: *.gemshopping.com *.getfirebug.com releases.flowplayer.org cdn.dnky.co webchat.dotdigital.com *.yotpo.com *.googleapis.com *.cookielaw.org unsafe-inline assets.braintreegateway.com *.splitit.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com data: blob: *.gemshopping.com gemshopping.com *.rcncdn.com *.robertsstream.com *.wistia.com *.akamaihd.net *.zopim.com static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net p13n-mr.adobe.io *.adobedc.net *.demdex.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.getbread.com *.breadpayments.com *.rbcpayplan.com data: blob: ws: *.gemshopping.com *.magento.com *.cardinalcommerce.com *.dotdigital-pages.com webchat.dotdigital.com *.trackedlink.net *.trackedweb.net api.comapi.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google.com *.google-analytics.com *.yotpo.com *.zopim.com *.zdassets.com hls2.rcncdn.com *.nr-data.net *.robertsstream.com *.hotjar.io *.bing.com *.doubleclick.net *.facebook.com *.akamaihd.net *.wistia.com *.litix.io *.hotjar.com *.yimg.com *.cookielaw.org gemshopping.attn.tv events.attentivemobile.com forms.hscollectedforms.net api.hubspot.com gemshoppingnetwork.zendesk.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com google.com *.splitit.com *.amazonaws.com logs.browser-intake-datadoghq.com *.pixriot.com *.storeimaging.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.googleapis.com *.gstatic.com self https://fonts.gstatic.com 'self' data: *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com self *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com self 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com www.google.com *.getbread.com *.breadpayments.com *.rbcpayplan.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com self https://player.vimeo.com https://www.youtube-nocookie.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com blob: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleapis.com *.gstatic.com *.getbread.com *.breadpayments.com *.rbcpayplan.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ self *.evilcontrollers.com https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com store.paradoxlabs.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.getbread.com *.breadpayments.com *.rbcpayplan.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com self https://connect.facebook.net https://analytics.tiktok.com https://www.googletagmanager.com https://cdn.userway.org https://cdn.mouseflow.com s7.addthis.com https://player.vimeo.com https://www.youtube.com *.authorize.net *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline fonts.googleapis.com https://static.klaviyo.com cdn.dnky.co webchat.dotdigital.com self https://fonts.googleapis.com http://fonts.googleapis.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.googleapis.com *.getbread.com *.breadpayments.com *.rbcpayplan.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com self https://api.pp-prod-ads.ue2.breadgateway.net/ ekr.zdassets.com/ https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io *.authorize.net *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src self 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.google.com *.doubleclick.net *.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * landofcoder.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com *.magento-datasolutions.com *.magento-ds.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com widget.freshworks.com m2epro.freshdesk.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com cdn.scalapay.com b2c-cdn.scalapay.com landofcoder.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com api.magento.com performance.typekit.net *.magento-datasolutions.com *.magento-ds.com *.adobe.io *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com widget.freshworks.com m2epro.freshdesk.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com landofcoder.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.cdninstagram.com *.smarthint.co data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.twitter.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google.com *.addthis.com *.sharethis.com *.pinterest.com *.twitter.com *.cdninstagram.com *.smarthint.co *.hotjar.io *.hotjar.com *.sunset.systems *.doubleclick.net *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.pagaleve.io *.pagaleve.com.br https://pagseguro.uol.com.br https://sandbox.pagseguro.uol.com.br *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cloudflare.com *.klarna.com *.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.sharethis.com *.pinterest.com *.cdninstagram.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.lightemporium.com *.usercentrics.eu *.google.com *.mercadolibre.com *.mercadolivre.com *.facebook.com *.googletagmanager.com *.arrowhitech.net *.mercadopago.com *.mercadopago.com.br *.yourviews.com.br *.yviews.com.br *.jcdecor.com.br *.google.com.br *.googleusercontent.com *.amazonaws.com *.smarthint.co *.doubleclick.net *.conectiva.io https://conectiva.io *.jivosite.com *.clarity.ms *.bing.com *.imgur.com *.widde.io *.mercadolibre.com.br https://mercadopago.com.br *.mlstatic.com *.pagaleve.com.br https://pagseguro.uol.com.br https://sandbox.pagseguro.uol.com.br https://stc.pagseguro.uol.com.br https://sandbox.stc.pagseguro.uol.com.br data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.googleapis.com *.addthis.com *.sharethis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.instagram.com *.cloudflare.com *.twitter.com *.google-analytics.com *.googleadservices.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.vimeo.com *.paypal.com *.paypalobjects.com *.cdninstagram.com *.facebook.net *.google.com *.yourviews.com.br *.yviews.com.br *.hotjar.io *.hotjar.com *.google.com.br *.smarthint.co *.jivosite.com *.jquery.com *.cartstack.com.br *.conectiva.io https://conectiva.io *.doubleclick.net *.clarity.ms *.widde.io *.zdassets.com *.zopim.com *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.openpix.com.br *.openpix.dev *.sentry.io *.ingest.sentry.io https://plugin.openpix.dev/v1/openpix-dev.js https://api.openpix.dev https://graphql.openpix.dev/openpix/graphql https://graphql.openpix.dev/shopper/graphql https://plugin.openpix.com.br/v1/openpix.js https://api.openpix.com.br/openpix/graphql https://api.openpix.com.br/shopper/graphql *.pagaleve.com.br https://stc.pagseguro.uol.com.br https://stc.sandbox.pagseguro.uol.com.br https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.cloudflare.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.cdninstagram.com *.yourviews.com.br *.yviews.com.br *.smarthint.co *.googletagmanager.com *.jivosite.com *.jquery.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.jivosite.com *.widde.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.sharethis.com *.cardinalcommerce.com *.graph.instagram.com *.google-analytics.com *.twitter.com *.twimg.com *.cdninstagram.com *.facebook.net *.mercadolibre.com *.yourviews.com.br *.doubleclick.net *.hotjar.io wss://ws14.hotjar.com/* *.hotjar.com *.facebook.com *.openpix.com.br *.performa.ai *.conectiva.io *.zendesk.com *.zdassets.com *.zopim.com wss://widget-mediator.zopim.com https://conectiva.io *.jivosite.com wss://vi-ya-4.jivosite.com *.google.com *.cartstack.com.br *.clarity.ms *.smarthint.co *.googlesyndication.com https://x.clarity.ms/collect *.widde.io jcdecor-server.ue.r.appspot.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri *.jcdecor.com.br/; report-to report-endpoint; 1 script-src 'nonce-qgTicSkfE3dSv1oKu9azlUJSLEkyfjQ3xrHAj5nO' 'sha256-JZVJb+SN9vz5sbxXwpp0TBIetN0RVmRmvBPS5S5rvMg=' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:;style-src 'self' 'unsafe-inline';object-src 'none';base-uri 'none' 1 font-src *.klevu.com *.ksearchnet.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.klevu.com *.ksearchnet.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.klevu.com *.ksearchnet.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 script-src www.googleoptimize.com bisko.gjirafa.net 1gr.cz c.seznam.cz www.zbozi.cz cdn.cpex.cz sdk.privacy-center.org sgtm.signals.cz rec.smartlook.com cnc.daktela.com widget-v2.smartsuppcdn.com www.smartsuppchat.com *.smartsupp.com *.smartsuppcdn.com *.smartlook.com *.smartsuppchat.com spir.hit.gemius.pl a.opmnstr.com track.adform.net ssl.heureka.cz im9.cz c.imedia.cz api.mapy.cz www.heureka.cz *.mapy.cz script.hotjar.com www.google.com *.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com tagmanager.google.com googleads.g.doubleclick.net connect.facebook.net static.hotjar.com im9.cz 'self' 'unsafe-inline' 'unsafe-eval'; script-src-elem connect.facebook.net www.googleadservices.com c.seznam.cz static.hotjar.com bisko.gjirafa.net cdn.cpex.cz script.hotjar.com 'self' connect.facebook.net www.google-analytics.com api.mapy.cz 'unsafe-inline' cnc.daktela.com www.googleoptimize.com sdk.privacy-center.org s2.adform.net www.googletagmanager.com track.adform.net 1gr.cz; style-src translate.googleapis.com cdnjs.cloudflare.com fonts.googleapis.com tagmanager.google.com api.mapy.cz 'unsafe-inline' 'self'; style-src-elem 'self' maxcdn.bootstrapcdn.com 'unsafe-inline' fonts.googleapis.com; report-uri /csp 1 default-src 'self' *.google.com *.googleapis.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com data:; img-src 'self' s.w.org www.paypalobjects.com secure.gravatar.com www.google.ca sinew.progressionstudios.com data:; script-src 'self' *.google.com www.gstatic.com www.googletagmanager.com s.w.org 'unsafe-inline' data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com; frame-ancestors 'self' data:; report-uri https://n44tg3zs.uriports.com/reports/report; 1 font-src *.fontawesome.com *.gstatic.com 'self' data: *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.affirm.com *.affirm.ca c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.affirm.com *.affirm.ca www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: www.google.com.ua *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.affirm.com *.affirm.ca *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.google.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline *.googleapis.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.affirm.com *.affirm.ca https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com t.elasticsuite.io *.google-analytics.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 script-src 'nonce-520778df5c5e8d197a29f3a444a44e3243b17f7d17cad5211ac96f5493614c93' 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com *.googleapis.com *.bing.com *.pcapredict.com *.dwin1.com lantern.roeyecdn.com services.postcodeanywhere.co.uk; object-src 'none'; base-uri 'none'; report-uri /includes/csp_report.php 1 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.klevu.com *.ksearchnet.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com js.klevu.com *.ksearchnet.com *.googleapis.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.google.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com *.klevu.com *.ksearchnet.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-NUfcIngEryvRN4xC9pgbdQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' duncker-humblot.de www.duncker-humblot.de captcha.wirth-horn.de cookiemanager.wirth-horn.de https://www.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com *.g.doubleclick.net https://www.youtube.com https://www.youtube-nocookie.com 'unsafe-eval' 'unsafe-inline'; img-src data: *; media-src *; font-src data: 'self' https://fonts.gstatic.com https://fonts.googleapis.com; report-uri /csp-report.cfm 1 font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com secure.nmi.com secure.networkmerchants.com collectcheckout.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com secure.nmi.com secure.networkmerchants.com collectcheckout.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.weltpixel.com secure.nmi.com secure.networkmerchants.com collectcheckout.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.trackedlink.net *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com assets.adobedtm.com commerce.adobe.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.attn.tv events.attentivemobile.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.googletagmanager.com tagmanager.google.com *.facebook.net secure.nmi.com secure.networkmerchants.com collectcheckout.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://static.klaviyo.com tagmanager.google.com secure.nmi.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.attn.tv events.attentivemobile.com webchat.dotdigital.com webchat.staging.dotdigital.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google-analytics.com *.facebook.net secure.nmi.com secure.networkmerchants.com collectcheckout.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src https:; connect-src https: wss:; font-src https: data:; frame-src https:; frame-ancestors 'self'; img-src https: data:; media-src https:; object-src 'none'; base-uri 'self'; form-action 'self'; script-src 'unsafe-inline' https:; style-src 'unsafe-inline' https:; 1 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/passwords_google 1 font-src cdn.jsdelivr.net fonts.gstatic.com cdn.almapay.com *.dinhvan.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.getalma.eu www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.dinhvan.com *.doubleclick.net *.google.fr www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.jsdelivr.net *.dinhvan.com *.tiktok.com *.axept.io chimpstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com downloads.mailchimp.com *.list-manage.com s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.jsdelivr.net fonts.googleapis.com *.dinhvan.com downloads.mailchimp.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.getalma.eu *.axept.io *.google.fr *.dinhvan.com *.tiktok.com *.google-analytics.com *.doubleclick.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-6hKSeIwExRq6-oduhZgm9A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'self'; script-src 'self' https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com; script-src-attr 'self'; frame-ancestors 'self' 1 base-uri 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline' *.paypal.com assets.braintreegateway.com blob: c.paypal.com http: https:; connect-src 'self' 'unsafe-inline' *.braintree-api.com *.fullstory.com *.google.com *.googleapis.com *.googleusercontent.com *.instagram.com *.mmapiws.com *.onetrust.com *.paypal.com *.postcodeanywhere.co.uk *.visualwebsiteoptimizer.com 1eaf.cardinalcommerce.com 1eafstag.cardinalcommerce.com amazonwebservices.d2.sc.omtrdc.net amcglobal.sc.omtrdc.net analytics.google.com api.addressy.com api.braintreegateway.com api.sandbox.braintreegateway.com bam.nr-data.net cdn.cookielaw.org centinelapi.cardinalcommerce.com centinelapistag.cardinalcommerce.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com dpm.demdex.net esp.aptrinsic.com geo.cardinalcommerce.com geostag.cardinalcommerce.com https://a.klaviyo.com/ https://analytics.google.com https://bam.nr-data.net https://fast.a.klaviyo.com https://static-forms.klaviyo.com https://static-tracking.klaviyo.com/ https://static.klaviyo.com https://stats.g.doubleclick.net https://telemetrics.klaviyo.com/ https://www.google-analytics.com pilot-payflowlink.paypal.com region1.google-analytics.com vs.aws.amazon.com web-sdk.aptrinsic.com www.google-analytics.com www.paypal.com www.paypalobjects.com www.sandbox.paypal.com; default-src 'self' 'unsafe-eval' 'unsafe-inline'; font-src 'self' 'unsafe-inline' *.fontawesome.com data: fonts.gstatic.com resources.webscale.com static.klaviyo.com; frame-src 'self' 'unsafe-inline' *.adobe.com *.bdashops.com *.cardinalcommerce.com *.facebook.com *.google.com *.googleapis.com *.incontact.com *.labs.wesupply.xyz *.paypal.com *.punchout2go.com *.weltpixel.com *.youtube.com 1eaf.cardinalcommerce.com 1eafstag.cardinalcommerce.com 9174427.fls.doubleclick.net assets.braintreegateway.com auth.pingone.com aws.demdex.net bda.bdashops.com c.paypal.com centinelapi.cardinalcommerce.com centinelapistag.cardinalcommerce.com checkout.paypal.com fast.amc.demdex.net geo.cardinalcommerce.com geostag.cardinalcommerce.com home-c19.incontact.com https://app.smartsheet.com https://privacyportal.onetrust.com/ https://www.google.com/recaptcha/ labs.wesupply.xyz login.microsoftonline.com pay.google.com pennycake.labs.wesupply.xyz pilot-payflowlink.paypal.com player.vimeo.com privacyportal.onetrust.com secure.authorize.net service.force.com test.authorize.net wesupply.xyz wesupplylabs.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com; form-action 'self' 'unsafe-inline' *.cardinalcommerce.com *.facebook.com *.onetrust.com *.paypal.com *.pingone.com 1eaf.cardinalcommerce.com 1eafstag.cardinalcommerce.com auth.pingone.com centinelapi.cardinalcommerce.com centinelapistag.cardinalcommerce.com connect.tradecentric.com geo.cardinalcommerce.com geostag.cardinalcommerce.com pilot-payflowlink.paypal.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com; frame-ancestors 'self' https://portal.tradecentric.com; img-src 'self' 'unsafe-inline' *.adobe.com *.behance.net *.cdninstagram.com *.facebook.com *.fbcdn.net *.ftcdn.net *.google.com *.googleapis.com *.gstatic.com *.paypal.com *.postcodeanywhere.co.uk *.vimeocdn.com *.visualwebsiteoptimizer.com amazonwebservices.d2.sc.omtrdc.net amcglobal.sc.omtrdc.net analytics.google.com assets.adobedtm.com assets.braintreegateway.com b.stats.paypal.com c.paypal.com cdn.cookielaw.org checkout.paypal.com cm.everesttech.net connect.punchout2go.com d3k81ch9hvuctc.cloudfront.net data: dpm.demdex.net dub.stats.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com google.co.uk https://a.klaviyo.com/ https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://static.klaviyo.com https://telemetrics.klaviyo.com/ https://www.googletagmanager.com i.ytimg.com maps.googleapis.com resources.webscale.com ssl.gstatic.com t.paypal.com validator.swagger.io widgets.magentocommerce.com www.google-analytics.com www.googleadservices.com www.paypal.com www.paypalobjects.com www.sandbox.paypal.com; media-src 'self' 'unsafe-inline' *.adobe.com *.cdninstagram.com; object-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.adobe.com *.fullstory.com *.google.com *.googleapis.com *.instagram.com *.maxmind.com *.newrelic.com *.paypal.com *.pcapredict.com *.postcodeanywhere.co.uk *.vimeocdn.com *.visualwebsiteoptimizer.com 1eafapi.cardinalcommerce.com 1eafstag.cardinalcommerce.com a0.awsstatic.com/s_code/ ajax.cloudflare.com ajax.googleapis.com analytics.google.com api.braintreegateway.com api.sandbox.braintreegateway.com assets.adobedtm.com assets.braintreegateway.com bam.nr-data.net c.paypal.com cdn.cookielaw.org client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com connect.punchout2go.com geoapi.cardinalcommerce.com geostag.cardinalcommerce.com https://a.klaviyo.com/ https://connect.facebook.net/ https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://static.klaviyo.com https://telemetrics.klaviyo.com/ https://www.google.com/recaptcha/ https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ includestest.ccdc02.com js-agent.newrelic.com js.braintreegateway.com maps.googleapis.com pay.google.com prod.assets.shortbread.aws.dev prod.tools.shortbread.aws.dev s.ytimg.com secure.authorize.net service.force.com songbird.cardinalcommerce.com ssl.google-analytics.com stats.g.doubleclick.net t.paypal.com tagmanager.google.com test.authorize.net vimeo.com web-sdk.aptrinsic.com www.google-analytics.com www.googleadservices.com www.googleapis.com www.googletagmanager.com www.paypal.com www.paypalobjects.com www.sandbox.paypal.com www.vimeo.com; style-src 'self' 'unsafe-inline' *.adobe.com *.fontawesome.com *.google.com *.gstatic.com *.postcodeanywhere.co.uk connect.punchout2go.com fonts.googleapis.com https://connect.punchout2go.com/ https://static.klaviyo.com resources.webscale.com service.force.com static-tracking.klaviyo.com tagmanager.google.com web-sdk.aptrinsic.com; report-uri /.webscale/csp-report 1 font-src *.quilljs.com *.cdn.quilljs.com *.admin.expivi.net *.expivi.net *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.sandbox.paypal.com *.paypalobjects.com *.demdex.net *.dpm.demdex.net *.google.com *.cdn.hoodsly.com *.hoodsly.com *.va.tawk.to *.tawk.to *.mlcdn.com *.mailerlite.com *.vibe.co *.pinterest.com *.pinimg.com *.googleoptimize.com *.bing.com *.doubleclick.com *.fontawesome.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com *.youtube.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.quilljs.com *.cdn.quilljs.com *.admin.expivi.net *.expivi.net *.twitter.com *.google.com *.youtube.com maps.googleapis.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.quilljs.com *.cdn.quilljs.com *.admin.expivi.net *.expivi.net *.twitter.com *.vibe.co *.pinterest.com *.pinimg.com *.googleoptimize.com *.bing.com *.doubleclick.com *.doubleclick.net *.google.com.bd *.tiktok.com *.google.com *.google.com.ua *.google.co.uk c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.facebook.com maps.googleapis.com lightwidget.com *.maps.gstatic.com checkout.sezzle.com sandbox.checkout.sezzle.com checkout.eu.sezzle.com sandbox.checkout.eu.sezzle.com tracking.sezzle.com tracking.eu.sezzle.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.quilljs.com *.cdn.quilljs.com *.admin.expivi.net *.expivi.net *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.sandbox.paypal.com *.paypalobjects.com *.demdex.net *.dpm.demdex.net *.google.com *.cdn.hoodsly.com *.hoodsly.com *.va.tawk.to *.tawk.to *.mlcdn.com *.mailerlite.com *.vibe.co *.pinterest.com *.pinimg.com *.googleoptimize.com *.bing.com *.doubleclick.com *.doubleclick.net *.google.com.bd *.googletagmanager.com *.google.com.ua *.google.co.uk www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.youtube.com maps.googleapis.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.googleapis.com *.placeholder.com *.maps.gstatic.com media.sezzle.com maps.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.quilljs.com *.cdn.quilljs.com *.admin.expivi.net *.expivi.net *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.sandbox.paypal.com *.paypalobjects.com *.demdex.net *.dpm.demdex.net *.google.com *.cdn.hoodsly.com *.hoodsly.com *.va.tawk.to *.tawk.to *.mlcdn.com *.mailerlite.com *.calendly.com *.newrelic.com *.nr-data.net *.vibe.co *.pinterest.com *.pinimg.com *.googleoptimize.com *.bing.com *.doubleclick.com *.doubleclick.net *.google.com.bd *.jsdelivr.net *.tiktok.com *.google.com.ua *.google.co.uk *.googletagmanager.com *.googleapis.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.youtube.com maps.googleapis.com *.facebook.net cdn.lightwidget.com *.instagram.com *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.placeholder.com *.maps.gstatic.com checkout-sdk.sezzle.com sandbox.checkout-sdk.sezzle.com checkout-sdk.eu.sezzle.com sandbox.checkout-sdk.eu.sezzle.com widget.sezzle.com widget.eu.sezzle.com widget.sezzle.in *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com *.quilljs.com *.cdn.quilljs.com *.admin.expivi.net *.expivi.net *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.sandbox.paypal.com *.paypalobjects.com *.demdex.net *.dpm.demdex.net *.google.com *.cdn.hoodsly.com *.hoodsly.com *.va.tawk.to *.tawk.to *.mlcdn.com *.mailerlite.com *.calendly.com *.vibe.co *.pinterest.com *.pinimg.com *.googleoptimize.com *.bing.com *.doubleclick.com *.doubleclick.net *.google.com.bd maxcdn.bootstrapcdn.com unsafe-inline *.youtube.com maps.googleapis.com *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.placeholder.com *.maps.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.quilljs.com *.cdn.quilljs.com *.admin.expivi.net *.expivi.net *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.sandbox.paypal.com *.paypalobjects.com *.demdex.net *.dpm.demdex.net *.google.com *.cdn.hoodsly.com *.hoodsly.com *.va.tawk.to *.tawk.to *.mlcdn.com *.mailerlite.com expivi.net *.cloudfront.net *.nr-data.net *.vibe.co *.pinterest.com *.pinimg.com *.googleoptimize.com *.bing.com *.doubleclick.com *.doubleclick.net *.google.com.bd *.tiktok.com *.googlesyndication.com *.pangle-ads.com *.google-analytics.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.youtube.com maps.googleapis.com facebook.net *.maps.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 worker-src blob:; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com 'unsafe-inline' 'unsafe-eval' *.newrelic.com 'unsafe-inline' 'unsafe-eval' googletagmanager.com 'unsafe-inline' *.adyen.com 'unsafe-inline' *.google.com 'unsafe-inline' *.gstatic.com 'unsafe-inline' 'unsafe-eval' d2oh4tlt9mrke9.cloudfront.net 'unsafe-inline' 'unsafe-eval'; font-src data: 'self' 'unsafe-inline' fonts.smct.io 'unsafe-inline' fonts.smct.co; form-action 'self' 'unsafe-inline' premio.dolce-gusto.it 'unsafe-inline' www.facebook.com 'unsafe-inline'; frame-ancestors 'self'; frame-src *.force.com nestle-forms.cs.blip.ai *.fls.doubleclick.net aax-eu.amazon-adsystem.com c.neodatagroup.com www.youtube.com www.google.com ad4m.at ls.smct.co td.doubleclick.net fls.doubleclick.net smct.co www.facebook.com data: *.adyen.com 'self' 'unsafe-inline' 3ds.nexigroup.com; img-src * 'unsafe-inline' data: widgets.magentocommerce.com s.ytimg.com data: *.adyen.com *.google.com 'self' 'unsafe-inline'; script-src *.evgnet.com *.go-mpulse.net *.evidon.com *.fusepump.com *.salesforce.com *.doubleclick.net www.facebook.com connect.facebook.net *.force.com *.salesforceliveagent.com *.googletagmanager.com 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleadservices.com s.ytimg.com www.youtube.com *.adyen.com *.google.com google.com *.gstatic.com *.newrelic.com 'unsafe-inline' 'unsafe-eval' *.nr-data.net 'unsafe-inline' 'unsafe-eval' d2oh4tlt9mrke9.cloudfront.net img.en25.com/i/elqCfg.min.js c.neodatagroup.com/nessieNestle.js cdn.gbqofs.com/dolcegusto/p/detector-dom.min.js tra.neodatagroup.com www.dwin1.com/29385.js w.usabilla.com smct.co js.smct.io ad4m.at 'unsafe-inline' 'unsafe-eval' 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.force.com getfirebug.com fonts.smct.io 'self' 'unsafe-inline'; object-src 'none'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src 'self' 'unsafe-inline' *.adyen.com stats.g.doubleclick.net *.google-analytics.com *.nr-data.net c.go-mpulse.net region1.analytics.google.com report.nestle.gbqofs.io *.akstat.io ipb.smct.io smct.co firehose.eu-west-1.amazonaws.com *.force.com *.evidon.com cognito-identity.eu-west-1.amazonaws.com; child-src 'self' 'unsafe-inline'; base-uri 'self' 'unsafe-inline' d6tizftlrpuof.cloudfront.net ; report-uri /services/collector/; 1 font-src *.fontawesome.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.iubenda.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.iubenda.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.iubenda.com *.avada.io player.vimeo.com *.youtube.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.iubenda.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' static.zdassets.com js.stripe.com *.google.com *.gstatic.com gstatic.com connect.facebook.net *.zendesk.com ; script-src-elem 'self' 'unsafe-inline' *.google.com *.gstatic.com static.zdassets.com js.stripe.com ; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.datatables.net ; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com cdn.datatables.net ; style-src-attr 'unsafe-inline' ; img-src 'self' data: blob: wss://127.0.0.1:18623 https://127.0.0.1:18623 *.mapbox.com *.facebook.com *.google.com *.gstatic.com ; frame-src 'self' *.google.com *.google.ie js.stripe.com player.vimeo.com www.youtube.com; font-src 'self' data: gstatic.com *.gstatic.com *.alicdn.com ; connect-src 'self' ekr.zdassets.com *.zendesk.com wss://127.0.0.1:18623 https://127.0.0.1:18623 mlts.dynamsoft.com *.mapbox.com ; upgrade-insecure-requests ; report-uri https://9a1a6d99ab6aa4ac3290a60bae476ab7.report-uri.com/r/d/csp/enforce 1 child-src www.paypalobjects.com; connect-src 'self' 'report-sample' s3.amazonaws.com/cv3.customfiles mpcart.commercev3.com *.listrakbi.com *.listrak.com www.google-analytics.com ssl.google-analytics.com ui.powerreviews.com stats.g.doubleclick.net analytics.google.com bat.bing.com www.paypal.com *.smartystreets.com ct.pinterest.com/user/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.facebook.com *.klaviyo.com sandbox.affirm.com widget.sezzle.com media.sezzle.com tracker.affirm.com www.googletagmanager.com measurement-api.criteo.com www.google.com/pay *.pay.google.com; default-src 'self' s3.amazonaws.com/cdn.modernperformance.com/ cdn.commercev3.net/cdn.modernperformance.com/ cdn.modernperformance.com 'unsafe-eval' ajax.googleapis.com analytics.google.com bat.bing.com c.bing.com code.jquery.com connect.facebook.net fonts.googleapis.com fonts.gstatic.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.bootstrapcdn.com; font-src 'self' mpcart.commercev3.com s3.amazonaws.com/cdn.modernperformance.com/ cdn.commercev3.net/cdn.modernperformance.com/ cdn.modernperformance.com fonts.gstatic.com *.bootstrapcdn.com use.fontawesome.com data:; form-action 'self' www.facebook.com www.paypal.com checkout.sezzle.com; frame-src 'self' *.doubleclick.net www.paypalobjects.com www.paypal.com www.facebook.com www.pinterest.com www.google.com gum.criteo.com sandbox.affirm.com static.criteo.net player.vimeo.com www.youtube.com fledge.criteo.com pay.google.com; frame-ancestors 'self' ; img-src 'self' s3.amazonaws.com/cdn.modernperformance.com/ cdn.commercev3.net/cdn.modernperformance.com/ cdn.modernperformance.com ssl.google-analytics.com www.google.com/pagead/1p-user-list/ www.google.com/ads/ga-audiences ct.pinterest.com/v3/ stats.g.doubleclick.net bat.bing.com c.bing.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com *.listrakbi.com www.trustlogo.com data: code.jquery.com/ui/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.paypal.com www.paypalobjects.com secure.trust-provider.com gum.criteo.com eb2.3lift.com tapestry.tapad.com s.ad.smaato.net trends.revcontent.com jadserve.postrelease.com idsync.rlcdn.com ads.stickyadstv.com matching.ivitrack.com tg.socdm.com visitor.omnitagjs.com ad.yieldlab.net ups.analytics.yahoo.com criteo-sync.teads.tv sync-t1.taboola.com rtb-csync.smartadserver.com match.sharethrough.com pixel.rubiconproject.com simage2.pubmatic.com contextual.media.net sync.outbrain.com exchange.mediavine.com ad.360yield.com r.casalemedia.com ih.adscale.de googleads.g.doubleclick.net media.sezzle.com ib.adnxs.com cm.g.doubleclick.net partner.mediawallahscript.com x.bidswitch.net sync-criteo.ads.yieldmo.com ad.tpmn.co.kr ade.clmbtech.com criteo-partners.tremorhub.com cotads.adscale.de dis.criteo.com mvezin.modernperformance.com www.googleadservices.com www.gstatic.com/images/ i.vimeocdn.com/video; script-src 'self' 'report-sample' s3.amazonaws.com/cdn.modernperformance.com/ cdn.commercev3.net/cdn.modernperformance.com/ cdn.modernperformance.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com secure.trust-provider.com sslwidget.criteo.com static.criteo.net widget.sezzle.com cdn1-sandbox.affirm.com widget.us.criteo.com; script-src-elem 'self' 'report-sample' s3.amazonaws.com/cdn.modernperformance.com/ cdn.commercev3.net/cdn.modernperformance.com/ cdn.modernperformance.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com secure.trust-provider.com sslwidget.criteo.com static.criteo.net widget.sezzle.com cdn1-sandbox.affirm.com widget.us.criteo.com; style-src 'self' s3.amazonaws.com/cdn.modernperformance.com/ cdn.commercev3.net/cdn.modernperformance.com/ cdn.modernperformance.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net media.sezzle.com; style-src-elem 'self' s3.amazonaws.com/cdn.modernperformance.com/ cdn.commercev3.net/cdn.modernperformance.com/ cdn.modernperformance.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net media.sezzle.com; style-src-attr 'unsafe-inline'; media-src 'self' mpcart.commercev3.com s3.amazonaws.com/cdn.modernperformance.com/ cdn.commercev3.net/cdn.modernperformance.com/ cdn.modernperformance.com www.bing.com; 1 object-src 'none';base-uri 'self';script-src 'nonce-uG3zS_QCFveU5HE7bfNwdQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.fontawesome.com *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com checkout.airwallex.com checkout-demo.airwallex.com h.online-metrix.net/ pci-api-demo.airwallex.com demo-pacybsmock.airwallex.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.refersion.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.online-metrix.net/ *.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ checkout.airwallex.com h.online-metrix.net/ *.googletagmanager.com *.facebook.net *.fontawesome.com *.googleapis.com *.gstatic.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.refersion.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com checkout.airwallex.com h.online-metrix.net/ *.google-analytics.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.refersion.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src https://*.gstatic.com *.klevu.com *.ksearchnet.com *.fontawesome.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.nosto.com *.nos.to 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://www.googletagmanager.com/ *.nosto.com *.nos.to https://www.google.com *.wesupply.xyz *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://*.gstatic.com *.trackedlink.net *.klevu.com *.ksearchnet.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.nosto.com *.nos.to *.visualwebsiteoptimizer.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com js.klevu.com *.ksearchnet.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.nosto.com *.nos.to *.visualwebsiteoptimizer.com https://www.google.com https://www.gstatic.com *.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com/ cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klevu.com *.ksearchnet.com *.fontawesome.com *.nosto.com *.nos.to 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klevu.com *.ksearchnet.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.nosto.com *.nos.to 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-wFK3T-ZsvjW2sbHlgXygsg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'none'; base-uri 'none'; connect-src 'self' http://www.google-analytics.com/ https://ssl.google-analytics.com/; frame-ancestors 'none'; img-src http://www.google-analytics.com/ https://ca.cernercentral.com/resources/core/v2.17/ https://ca.cernercentral.com/resources/core/v2.27/ https://ssl.google-analytics.com/; script-src 'unsafe-inline' http://www.google-analytics.com/ https://ca.cernercentral.com/resources/core/v2.27/ https://ssl.google-analytics.com/; style-src 'unsafe-inline' https://ca.cernercentral.com/resources/core/v2.27/ https://ca.cernercentral.com/resources/home/v2.12/ 1 font-src *.cardinalcommerce.com *.cloudflare.com *.bootstrapcdn.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.cardinalcommerce.com *.cloudflare.com *.bootstrapcdn.com 'self' 'unsafe-inline'; frame-ancestors *.despegar.com/ 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.google.com *.siteblindado.com.br *.avis-verifies.com *.octadesk.services *.cloudflare.com *.facebook.com *.google.com *.hotjar.com *.despegar.com/ https://www.googletagmanager.com/ 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.compreconfie.com.br *.avis-verifies.com *.cloudflare.com *.facebook.com *.google.com.br *.tcdn.com *.despegar.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.croapp.net *.googletagmanager.com googleads.g.doubleclick.net *.avis-verifies.com *.siteblindado.com *.fontawesome.com *.octadesk.services *.cloudflare.com *.getfirebug.com *.twitter.com *.facebook.net *.dinamize.com *.gstatic.com *.goadopt.io *.usebeon.io *.hotjar.com *.google.com *.omguk.com *.despegar.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.googleapis.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com *.cloudflare.com *.facebook.net *.goadopt.io *.usebeon.io *.googleapis.com *.google.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.siteblindado.com.br *.avis-verifies.com *.cloudflare.com *.hotjar.com *.goadopt.io *.usebeon.io *.paypal.com *.despegar.com/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self'; frame-src 'self' player.vimeo.com secure.livechatinc.com; img-src 'self' data: maps.gstatic.com www.facebook.com mapbox.com www.google-analytics.com; script-src 'self' 'unsafe-inline' www.googleapis.com maps.googleapis.com api.tiles.mapbox.com secure.livechatinc.com cdn.livechatinc.com unpkg.com www.google-analytics.com www.googletagmanager.com connect.facebook.net; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com api.tiles.mapbox.com use.fontawesome.com fonts.googleapis.com; font-src fonts.googleapis.com fonts.gstatic.com use.fontawesome.com; media-src 'self' cdn.livechatinc.com; upgrade-insecure-requests 1 font-src *.fontawesome.com *.gstatic.com data: *.zopim.com *.jotform.com *.jotfor.ms 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net *.jotformeu.com *.jotform.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net player.vimeo.com www.googletagmanager.com *.packeta.com bid.g.doubleclick.net *.facebook.com *.jung.de *.cookiebot.com *.google.com *.jotformeu.com *.jotform.com form.jotform.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net *.vimeocdn.com s.ytimg.com *.google-analytics.com *.zopim.com *.seznam.cz *.facebook.com *.google.com fega.pl *.elektrobalt.lt *.elfetex.cz *.jotform.com *.jotfor.ms 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com www.google-analytics.com www.youtube.com jquery.sellxed.com *.avada.io *.packeta.com *.zopim.com *.amazonaws.com *.googleapis.com *.googleadservices.com *.facebook.net *.imedia.cz *.seznam.cz *.doubleclick.net *.pingdom.net *.newrelic.com *.gstatic.com *.google.com *.cookiebot.com *.elfsight.com *.zdassets.com *.nr-data.net *.jotform.com *.jotfor.ms cdnjs.cloudflare.com/ajax/libs/punycode/1.4.1/punycode.js 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com *.googleapis.com *.przelewy24.pl *.jotform.com *.jotfor.ms 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src https://get.geojs.io *.avada.io *.packeta.com *.google-analytics.com stats.g.doubleclick.net wss://widget-mediator.zopim.com *.zendesk.com *.pingdom.net *.nr-data.net *.zdassets.com *.cookiebot.com *.jotformeu.com *.jotform.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' https://*.mipulse.co https://*.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'nonce-/1BptKRzz9SpMa3Ih644tQ==' 'unsafe-eval' https://maps.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://connect.facebook.net https://*.krxd.net https://cstatic.weborama.fr https://cdn.livechatinc.com https://api.livechatinc.com https://pureinfluencer.idrove.it https://assets.adobedtm.com https://www.youtube.com/ 'sha256-IXwUgYQlz6whdqY9fAsuWm5tF3a/48gpSOx/RrJVM2M=' 'sha256-ZmOqvxu/SYXtKMZjkegWCZv0fNWqYPMIAbkDSAFd9HQ=' 'sha256-rwMOiOeVICH7/Cjy5SkreID3OOi5HTrit357k22hUDQ=' 'sha256-IgMQOOOedQeMPBl7lSreMVPmJvU62bc6l8HcsGXnbWc=' 'sha256-mIJsOQOBL5URHW6ppIPLOp054yHEgxgh+tumu3VW4uY=' 'sha256-L6GTuf9tzJT4M/eRPyT9q18L0UnaWdBIpW2kYl6Fkwk=' 'sha256-IdzrL+27mccklOzBWVvXNgfZ8D6HIFjn7Y46BiYZxTY=' 'sha256-5Cz4ZsI1P9g7z/hqtco8MVFsPeuN1kkADoDE9KE5Nzw=' 'sha256-gJR8nYIj9BIisULplpuG6AU6/3PMeA+ZN5sISuG7Roc=' 'sha256-73tOv4V0QRBLpWjCPRThujEhdW5bB4Hx1uA8jBszxUQ=' 'sha256-zCzIA5Bv5v0Y/u686kOREhia31pT64lCSWPLez72SsI=' 'sha256-2sDhctfJAd53/P/qWSTE71aWvnK2vYVrDmF3P2a5yC0=' 'sha256-g6+9PI/TlodFbDrCPHRXzigoOKGKtu3pJ7F2bPLWRQ0=' 'sha256-7PyrcA0NOMOO1UolfxOEr0a+ClC2NRZZopOV0aDnqTc=' 'sha256-7sUD0rKPq7QkPTkJQIxh29ga8KBXgV/+rXHtn0jzPRg=' 'sha256-ULRvWsXdAu0tZgP5Lm/YcdG09i5xDrD0FTeK0+8+LDY=' 'sha256-ykJUQ34Vs5aGtiZ8/Y/3jk7xHgXHFFdobPe/XpUPwbU=' 'sha256-z8P9D8SlqjFhTbJlsocGwGVQPS1kjtDPFseU75brggM=' 'sha256-V685dp7Jpv93B7VcKE2er/ZlyPI5HIRWk2E6qllmjeY=' 'sha256-U7/M8TKZhT8DWAhD2RL1hr60w7H1i+GRfNYe7iOJMfE=' 'sha256-nOc3LegX/8ADmYdGC1d7ig0o995pVq2rfz34uz28tTo=' 'sha256-/XghktC/jSbJ/rP3BqRv6WKIGjlfgmVSGsI6nJAo5qw=' 'sha256-ae9Y2uLK/1m5oiL4aIDKOSYBXCHA/9LjsjAQ5a+qjd4='; img-src 'self' data: https://*.krxd.net https://www.facebook.com https://*.adsrvr.org https://maps.googleapis.com https://www.google.com https://www.google.co.in https://www.google.ca https://ups.analytics.yahoo.com https://cm.g.doubleclick.net https://*.mipulse.co https://maps.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com http://report.mitsubishicars.com https://cdn.cookielaw.org; frame-src 'self' data: https://www.facebook.com https://8715429.fls.doubleclick.net https://bid.g.doubleclick.net https://aax-eu.amazon-adsystem.com https://mitsubishi1.solution.weborama.fr https://*.krxd.net https://td.doubleclick.net https://*.mipulse.co https://secure.livechatinc.com; connect-src 'self' https://cdn.cookielaw.org https://stats.g.doubleclick.net https://*.onetrust.com https://analytics.google.com https://pagead2.googlesyndication.com https://*.mipulse.co https://maps.googleapis.com/ https://www.google-analytics.com https://api.livechatinc.com https://pureinfluencer-api.idrove.it https://pro.ip-api.com https://rts-api.idrove.it; media-src 'self' data: https://*.mipulse.co https://cdn.livechatinc.com; 1 object-src 'none';base-uri 'self';script-src 'nonce-XejzpIl_UhNxEoW3qAc9PQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.youtube.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-17054f155409406fb25a23b01ad5ae09' https://Health-Hub.org.au 'self';img-src https://* 'self' blob: data:;style-src https://Health-Hub.org.au 'self' 'unsafe-inline';form-action 'self';media-src https://* 'self'; 1 default-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: unpkg.com github.com *.googleapis.com *.gstatic.com *.google.com *.ggpht.com *.googleusercontent.com *.fontawesome.com *.google-analytics.com *.cloudflare.com *.facebook.net browser-update.org *.adnsxs.com *.googletagmanager.com *.doubleclick.net *.licdn.com *.adnxs.com *.clearbitjs.com *.bootstrapcdn.com *.googleadservices.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.youtube.com *.cookielaw.org; style-src 'self' 'unsafe-inline' *.google-analytics.com *.fontawesome.com *.cloudflare.com *.jsdelivr.net; img-src 'self' data: *.linkedin.com *.clearbitjs.com *.facebook.com *.adnxs.com *.googleadservices.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.cookielaw.org *.googletagmanager.com; frame-src 'self' data: *.doubleclick.net *.google.com *.youtube.com *.youtube-nocookie.com; font-src 'self' data: *.fontawesome.com; connect-src 'self' *.fontawesome.com *.google-analytics.com *.doubleclick.net *.oribi.io *.cookielaw.org *.onetrust.com *.linkedin.com *.google.com; report-uri /report-csp-violation; upgrade-insecure-requests 1 object-src 'none';base-uri 'self';script-src 'nonce-OK7aycDI29bsPmcQW1P14w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.genesismotorsusa.com fast.fonts.com *.2o7.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 font-src *.stripe.com *.google.com *.opayo.eu.elavon.com https://use.fontawesome.com https://stackpath.bootstrapcdn.com https://fonts.gstatic.com 'self' data: *.klarnacdn.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.stripe.com *.google.com *.opayo.eu.elavon.com https://www.facebook.com/ 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://www.youtube.com *.youtube-nocookie.com *.stripe.com *.google.com/ *.opayo.eu.elavon.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.cardinalcommerce.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw https://player.vimeo.com https://widget.trustpilot.com https://vars.hotjar.com https://www.facebook.com https://www.google.com https://secure.livechatinc.com *.klarna.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.stripe.com *.google.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.paypal.com *.opayo.eu.elavon.com https://www.google.com https://www.google.co.uk https://stats.g.doubleclick.net https://www.facebook.com https://bat.bing.com https://cdn.livechatinc.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://www.magezon.com maps.gstatic.com *.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.stripe.com *.google.com/ chimpstatic.com downloads.mailchimp.com *.list-manage.com *.opayo.eu.elavon.com https://www.googletagmanager.com https://chimpstatic.com http://widget.trustpilot.com https://widget.trustpilot.com https://invitejs.trustpilot.com https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://www.google.com https://www.gstatic.com http://bat.bing.com https://cdn.livechatinc.com https://secure.livechatinc.com https://js-agent.newrelic.com https://bam-cell.nr-data.net *.klarna.com *.klarnacdn.net *.klarnaservices.com s7.addthis.com player.vimeo.com maps.googleapis.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.stripe.com *.google.com downloads.mailchimp.com *.opayo.eu.elavon.com https://use.fontawesome.com https://stackpath.bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com *.klarnacdn.net *.fontawesome.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src https://cdn.livechatinc.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com *.stripe.com *.google.com *.paypal.com *.opayo.eu.elavon.com https://use.fontawesome.com https://vc.hotjar.io https://in.hotjar.com https://api.craftyclicks.co.uk https://bat.bing.com https://www.google-analytics.com https://stats.g.doubleclick.net *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com ekr.zdassets.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://envisagedigital.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1 base-uri 'self';connect-src 'self' google.com *.google.com maps.googleapis.com metrics.hotjar.io analytics.google.com www.googletagmanager.com www.google-analytics.com www.google.com.br *.holofy.io *.outbrain.com *.oribi.io *.pinterest.com *.doubleclick.net *.tiktok.com *.facebook.com;default-src 'self' fonts.gstatic.com *.bootstrapcdn.com cdnjs.cloudflare.com *.youtube.com *.ffid.io *.pinterest.com *.facebook.com;form-action 'self' *.facebook.com;img-src 'self' cury.net homolog.cury.net app.cury.net www.google.com www.google.com.br data: *.linkedin.com *.pinterest.com *.facebook.com;media-src 'self';object-src 'none';script-src 'self' 'unsafe-eval' www.googletagmanager.com;script-src-elem 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com *.facebook.net *.tiktok.com *.outbrain.com *.pinimg.com *.doubleclick.net static.hotjar.com *.googleapis.com code.jquery.com cdn.jsdelivr.net cdnjs.cloudflare.com cdn.datatables.net *.ffid.io *.onesignal.com onesignal.com *.cloudfront.net *.gaconnector.com *.ubembed.com *.snap.licdn.com *.fulfilling.io snap.licdn.com *.theskill.store 'nonce-C6D4SyolCtmo3TOWL1RG8OvMIeH0UD0j';script-src-attr 'unsafe-inline';style-src 'self';style-src-elem 'self' 'unsafe-inline' cdn.jsdelivr.net fonts.googleapis.com stackpath.bootstrapcdn.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com *.bootstrapcdn.com cdn.datatables.net *.theskill.store 'nonce-C6D4SyolCtmo3TOWL1RG8OvMIeH0UD0j';style-src-attr 'unsafe-inline';frame-ancestors 'self';upgrade-insecure-requests 1 worker-src blob:; font-src fonts.gstatic.com *.kxcdn.com *.fontawesome.com data: https://cloudflare.com https://twitter.com *.google.com *.google.co.in *.facebook.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com https://*.googleapis.com *.googletagmanager.com https://www.bootstrapcdn.com *.yotpo.com https://mobicred.co.za https://app.mobicredwidget.co.za https://static.hotjar.com https://script.hotjar.com https://online.fliphtml5.com/ data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://secure.paygate.co.za/payweb3/process.trans *.cardinalcommerce.com *.paypal.com https://twitter.com *.facebook.com https://*.googleapis.com *.googletagmanager.com https://mobicred.co.za https://app.mobicredwidget.co.za https://static.hotjar.com https://script.hotjar.com https://online.fliphtml5.com/ 'self' 'unsafe-inline'; frame-ancestors https://*.gelmar.co.za https://mobicred.co.za https://app.mobicredwidget.co.za https://static.hotjar.com https://script.hotjar.com https://online.fliphtml5.com/ 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.google.com *.addthis.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.weltpixel.com https://twitter.com https://www.google.com https://www.google.co.in https://*.googleapis.com *.googletagmanager.com https://www.facebook.com https://bid.g.doubleclick.net https://vars.hotjar.com https://mobicred.co.za https://app.mobicredwidget.co.za https://gelmra.everlytic.net https://static.hotjar.com https://script.hotjar.com https://online.fliphtml5.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.cdninstagram.com *.kxcdn.com *.twitter.com *.googleapis.com *.google.com *.gstatic.com *.fbcdn.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com maps.googleapis.com *.cloudflare.com https://www.google.com https://www.google.co.za https://google.co.in https://www.facebook.com *.klarna.com https://googleadservices.com https://www.google-analytics.com https://*.googleapis.com *.googletagmanager.com https://paypal.com https://twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net *.youtube.com https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com https://static.hotjar.com https://script.hotjar.com https://googleads.g.doubleclick.net https://mobicred.co.za https://app.mobicredwidget.co.za https://widgets.payflex.co.za https://online.fliphtml5.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.google.com *.gstatic.com cdn.ampproject.org connect.facebook.net www.googletagmanager.com googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com *.youtube.com s7.addthis.com *.avada.io www.facebook.com graph.facebook.com business.facebook.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com maps.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.what3words.com *.cloudflare.com https://twitter.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.googleoptimize.com https://*.googleapis.com *.twimg.com https://gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://connect.facebook.net https://paypalobjects.com https://paypal.com https://chimpstatic.com *.googletagmanager.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.bootstrapcdn.com https://static.hotjar.com https://script.hotjar.com https://googleads.g.doubleclick.net https://mobicred.co.za https://app.mobicredwidget.co.za https://widgets.payflex.co.za https://online.fliphtml5.com/ https://partpayassets.blob.core.windows.net/widgets/ppQuery-3.2.1.js 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.google.com *.kxcdn.com *.gstatic.com *.fontawesome.com unsafe-inline tagmanager.google.com fonts.googleapis.com *.cloudflare.com https://*.googleapis.com https://twitter.com *.google.co.in *.googletagmanager.com *.facebook.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.youtube.com https://www.bootstrapcdn.com https://mobicred.co.za https://app.mobicredwidget.co.za https://static.hotjar.com https://script.hotjar.com https://online.fliphtml5.com/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com ekr.zdassets.com/ https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com https://www.google-analytics.com *.what3words.com *.cloudflare.com https://twitter.com https://paypal.com *.twimg.com https://google.com https://google.co.in https://*.googleapis.com *.googletagmanager.com https://facebook.com https://stats.g.doubleclick.net https://mobicred.co.za https://app.mobicredwidget.co.za https://analytics.google.com https://static.hotjar.com https://script.hotjar.com https://online.fliphtml5.com/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1 font-src *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com data: *.retailcrm.tech https://geowidget.easypack24.net *.yotpo.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.twitter.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de magento-cloudflare.jetrails.com www.youtube.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com secure.payu.com merch-prod.snd.payu.com *.twitter.com *.googletagmanager.com *.facebook.com *.aquamonkey.pl.local *.aquamonkey.pl *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com 'unsafe-inline' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.ytimg.com quickchart.io img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com static.payu.com aquapolis.ua aquapolis.ru *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.google.com *.google.com.ua *.paypal.com *.twitter.com *.twimg.com *.lightemporium.com *.usercentrics.eu *.fontawesome.com *.retailcrm.tech *.facebook.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://cdn.polyfill.io https://browser.sentry-cdn.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com secure.payu.com secure.snd.payu.com *.cloudflare.com *.twitter.com *.google-analytics.com *.google.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.unpkg.com *.retailcrm.tech *.googletagmanager.com *.facebook.net *.facebook.com *.newrelic.com *.nr-data.net https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org https://static.payu.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com unsafe-inline *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu data: *.retailcrm.tech *.easypack24.net https://geowidget.easypack24.net *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src aquapolis.ua aquapolis.ru https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://*.ingest.sentry.io www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com secure.payu.com merch-prod.snd.payu.com *.cloudflare.com *.google-analytics.com *.doubleclick.net *.google.com *.twitter.com *.paypal.com *.twimg.com *.retailcrm.tech *.googletagmanager.com *.facebook.com *.newrelic.com *.nr-data.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.efpa.es api.locize.app maxcdn.bootstrapcdn.com ka-f.fontawesome.com; img-src efpa.es *.efpa.es 'self' data: 'self'; font-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.gstatic.com *.fontawesome.com fonts.googleapis.com data: 'self'; style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com maxcdn.bootstrapcdn.com *.fontawesome.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.fontawesome.com; object-src 'self'; 1 font-src fonts.gstatic.com use.typekit.net *.fontawesome.com *.gstatic.com 'self' data: fonts.gstatic.com/ data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com *.dotdigital.com *.klarna.com *.doubleclick.net www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.ftcdn.net *.behance.net *.adyen.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ maps.gstatic.com 'self' data: *.mailchimp.com tracking.qa.paypal.com seal-seflorida.bbb.org x.klarnacdn.net *.playground.klarnaevt.com bat.bing.com *.google.com *.google.de *.gstatic.com *.googleusercontent.com *.doubleclick.net tags.w55c.net *.cookielaw.org www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com unpkg.com commerce.adobedtm.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.adyen.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ maps.googleapis.com www.google.com *.gstatic.com *.cookielaw.org *.onetrust.com *.mailchimp.com *.paypal.com *.paypalobjects.com mc.us10.list-manage.com seal-seflorida.bbb.org tagmanager.google.com gstatic.com x.klarnacdn.net js.playground.klarna.com js.klarna.com bat.bing.com *.trackedlink.net www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com *.fontawesome.com *.googleapis.com *.gstatic.com *.mailchimp.com seal-seflorida.bbb.org *.google.com *.google.de fast.fonts.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com commerce.adobedtm.com commerce.adobedc.net *.snplow.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io *.adyen.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ t.elasticsuite.io *.google-analytics.com *.cookielaw.org *.onetrust.com *.klarnaevt.com bat.bing.com *.doubleclick.net maps.googleapis.com *.analytics.google.com *.googlesyndication.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com *.klarna.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.fixando.com/ https://cdn.fixando.com/ https://pics.fixando.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.googletagservices.com/ https://www.googleadservices.com/ https://tpc.googlesyndication.com/ https://pagead2.googlesyndication.com/ https://adservice.google.com.pk/ https://adservice.google.com.br/ https://adservice.google.com.py/ https://adservice.google.com.do/ https://adservice.google.com/ https://adservice.google.pt/ https://adservice.google.nl/ https://adservice.google.cl/ https://adservice.google.it/ https://adservice.google.pl/ https://adservice.google.no/ https://adservice.google.fr/ https://adservice.google.bg/ https://adservice.google.es/ https://adservice.google.se/ https://adservice.google.be/ https://adservice.google.de/ https://adservice.google.ch/ https://adservice.google.hu/ https://adservice.google.ie/ https://adservice.google.lu/ https://adservice.google.ru/ https://adservice.google.be/ https://adservice.google.co.uk/ https://adservice.google.co.ao/ https://adservice.google.co.in/ https://partner.googleadservices.com/ https://maps.googleapis.com/ https://optimize.google.com/ https://www.googleoptimize.com/ https://www.gstatic.com/ https://googleads.g.doubleclick.net/ https://pubads.g.doubleclick.net/ https://static.zdassets.com/ https://widget-mediator.zopim.com/ https://www.facebook.com/ https://connect.facebook.net/ https://static.hotjar.com/ https://script.hotjar.com/ https://cdn.jsdelivr.net/ https://static.zdassets.com/ https://d2wy8f7a9ursnm.cloudfront.net/ https://apis.google.com/ https://tagmanager.google.com/ https://accounts.google.com/ https://www.paypal.com/ https://cdn.socket.io/ https://widget.trustpilot.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://bucket.cdnwebcloud.com https://bat.bing.com https://www.clarity.ms https://www.google.com https://*.outbrain.com 1 font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com www.xtento.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://*.addthis.com http://*.addthis.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.ftcdn.net *.behance.net https://static.afterpay.com https://site-assets.afterpay.com/ 'self' data: https://www.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com www.xtento.com cdn.xtento.com *.trackedlink.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com https://eb2.3lift.com https://ib.adnxs.com https://*.adroll.com http://*.adroll.com https://*.bidswitch.net https://dsum-sec.casalemedia.com https://www.google.com.au https://www.google.com.vn https://idsync.rlcdn.com https://pixel.rubiconproject.com https://us-u.openx.net https://sync.outbrain.com https://image2.pubmatic.com https://sync.taboola.com https://ups.analytics.yahoo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net polyfill.io *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com www.xtento.com cdn.xtento.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://*.addthis.com http://*.addthis.com https://v1.addthisedge.com https://*.adroll.com http://*.adroll.com https://t.cfjump.com https://static.hotjar.com http://static.hotjar.com https://script.hotjar.com https://*.newrelic.com https://z.moatads.com https://widgets.pinterest.com http://widgets.pinterest.com https://analytics.tiktok.com https://cfjump.windsorsmith.com.au https://static.zdassets.com https://v2.zopim.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com static.afterpay.com/ *.squarecdn.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com downloads.mailchimp.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com https://s.adroll.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.adobe.io performance.typekit.net *.sentry.io static.afterpay.com static.sandbox.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.clearpay.co.uk *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.google-analytics.com *.facebook.com *.facebook.net *.google.com https://stats.g.doubleclick.net *.googlesyndication.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com https://*.addthis.com http://*.addthis.com https://*.adroll.com http://*.adroll.com https://static.hotjar.com http://static.hotjar.com https://analytics.tiktok.com https://*.zdassets.com https://windsorsmith.zendesk.com https://bam.nr-data.net https://vc.hotjar.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com fonts.gstatic.com maxcdn.bootstrapcdn.com *.typekit.net *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com sandbox.przelewy24.pl secure.przelewy24.pl *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://www.facebook.com/ *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ pay.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com https://vars.hotjar.com/ https://www.facebook.com/ https://ct.pinterest.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com static.przelewy24.pl www.gstatic.com gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://www.google.pl/ https://www.google.com/ https://www.facebook.com/ https://ct.pinterest.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://cdn.polyfill.io https://browser.sentry-cdn.com s7.addthis.com *.avada.io https://www.googletagmanager.com/ https://googleads.g.doubleclick.net/ https://static.cloudflareinsights.com/ https://connect.facebook.net/ https://static.hotjar.com/ https://script.hotjar.com/ https://s.pinimg.com/ assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.google.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com fonts.googleapis.com maxcdn.bootstrapcdn.com unsafe-inline *.typekit.net *.googleapis.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://*.ingest.sentry.io ekr.zdassets.com/ https://get.geojs.io *.avada.io https://region1.analytics.google.com/ https://stats.g.doubleclick.net/ https://www.facebook.com/ https://vc.hotjar.io/ https://in.hotjar.com/ https://content.hotjar.io/ https://ct.pinterest.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com ws: t.elasticsuite.io *.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.google.com *.doubleclick.net *.facebook.com js.mollie.com niko-prd-ssm-front.azurewebsites.net *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://www.mollie.com *.koongo.com *.google.pt *.google.be *.google.com.tr *.bing.com maps.googleapis.com ts.tradetracker.net www.magmodules.eu data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com maps.googleapis.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://cdn.polyfill.io https://browser.sentry-cdn.com s7.addthis.com js.mollie.com static.hotjar.com *.bing.com gtmadapter-node-cbjg5cz5hq-ew.a.run.app *.trustpilot.com tm.tradetracker.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com downloads.mailchimp.com *.fontawesome.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com/ajax/libs/highlight.js/9.3.0/styles/darkula.min.css *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com https://*.ingest.sentry.io ekr.zdassets.com/ *.koongo.com stats.g.doubleclick.net maps.googleapis.com gtmadapter-node-cbjg5cz5hq-ew.a.run.app 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com www.eldorado.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.eldorado.net 'self' 'unsafe-inline'; frame-ancestors www.eldorado.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.eldorado.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io validate.fishpig.co.uk http://new.eldorado.net https://new.eldorado.net http://www.googleadservices.com http://www.google-analytics.com http://www.paypal.com http://www.paypalobjects.com www.eldorado.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.google.com https://www.gstatic.com https://maxcdn.bootstrapcdn.com https://tag.getdrip.com https://api.getdrip.com https://www.googletagmanager.com https://ajax.cloudflare.com https://www.google-analytics.com *.eldorado.net *.avada.io www.eldorado.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com www.eldorado.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.eldorado.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.google-analytics.com/ www.eldorado.net 'self' 'unsafe-inline'; child-src www.eldorado.net http: https: blob: 'self' 'unsafe-inline'; default-src www.eldorado.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.stripe.com *.google.com *.opayo.eu.elavon.com *.klarnacdn.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.stripe.com *.google.com *.opayo.eu.elavon.com *.cardinalcommerce.com *.paypal.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com *.google.com *.opayo.eu.elavon.com account.fetchify.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://plumrocket.com landofcoder.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com *.stripe.com *.google.com ebizmarts-website.s3.amazonaws.com *.paypal.com *.opayo.eu.elavon.com *.klarna.com *.klarnaevt.com *.klarnacdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com *.google.com *.opayo.eu.elavon.com *.klarna.com *.klarnacdn.net *.klarnaservices.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com landofcoder.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com *.google.com *.opayo.eu.elavon.com cc-cdn.com *.klarnacdn.net maxcdn.bootstrapcdn.com unsafe-inline tagmanager.google.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com *.google.com *.paypal.com *.opayo.eu.elavon.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com landofcoder.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' https://az416426.vo.msecnd.net/scripts/a/ai.0.js https://buttons-config.sharethis.com/js/5c8fc42e1c07550011f24f4d.js https://cdn.mouseflow.com/projects/d085fd17-28ad-4907-af37-b6a3b9b66963.js https://connect.facebook.net/en_US/fbevents.js https://consent.trustarc.com/v2/notice/5eaplw https://count-server.sharethis.com/v2.0/get_counts https://dl.episerver.net/13.5.7/epi-util/find.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/656808352/ https://js.hs-analytics.net/analytics/ https://js.hs-banner.com/v2/5177788/banner.js https://js.hs-scripts.com/5177788.js https://js.hsadspixel.net/fb.js https://js.hsforms.net/forms/v2.js https://js.hsleadflows.net/leadflows.js https://platform-api.sharethis.com/js/sharethis.js https://pregiseu.mpeasylink.com/mpel/mpel.js https://s3.amazonaws.com/beacon.pmmimediagroup.com/prod/script.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.cloudflareinsights.com/beacon.min.js https://t.sharethis.com/1/d/t.dhj https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/enterprise.js https://www.googletagmanager.com/gtm.js https://www.gstatic.com/recaptcha/releases/iRvKkcsnpNcOYYwhqaQxPITz/recaptcha__en.js https://www.webtraxs.com/wt.php https://www.youtube.com/s/player/ https://www.googletagmanager.com/gtag/js https://secure.leadforensics.com/js/63143.js http://platform-api.sharethis.com/js/sharethis.js https://secure.leadforensics.com/js/63143.js http://pregiseu.mpeasylink.com/mpel/ https://connect.facebook.net/signals/ https://ssl.google-analytics.com/ga.js https://www.youtube.com/iframe_api http://www.pagespeed-mod.com/v1/ https://static.cloudflareinsights.com/beacon.min.js/v8b253dfea2ab4077af8c6f58422dfbfd1689876627854; style-src 'report-sample' 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://pregiseu.mpeasylink.com https://use.fontawesome.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://analytics.google.com https://api.hubapi.com https://consent-reporting.trustarc.com https://consent.trustarc.com https://dc.services.visualstudio.com https://forms.hsforms.com https://forms.hubspot.com https://l.sharethis.com https://prospector.pmmimediagroup.com https://stats.g.doubleclick.net https://www.facebook.com https://www.google-analytics.com https://cdn.linkedin.oribi.io/partner/; font-src 'self' data: https://cdnjs.cloudflare.com https://consent.trustarc.com https://fonts.gstatic.com https://use.fontawesome.com; frame-src 'self' https://massinteract.com https://pregiseu.mpeasylink.com https://t.sharethis.com https://www.google.com https://www.youtube.com https://www.facebook.com; img-src 'self' data: https://analytics.convertlanguage.com https://consent-pref.trustarc.com https://consent.trustarc.com https://forms-na1.hsforms.com https://forms.hsforms.com https://l.sharethis.com https://platform-cdn.sharethis.com https://www.linkedin.com/px/ https://px.ads.linkedin.com https://track.hubspot.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.webtraxs.com https://connect.facebook.net https://5177788.fs1.hubspotusercontent-na1.net/hubfs/5177788/; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1 font-src *.googleapis.com *.gstatic.com 'self' data: *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.zopim.com cdn.checkout.com *.global-e.com *.bglobale.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.twitter.com *.google.com *.trustpilot.com *.checkout.com *.bglobale.com *.global-e.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.google.com *.google.co.uk *.zopim.com *.doubleclick.net d23yuld0pofhhw.cloudfront.net *.googletagmanager.com *.global-e.com *.newrelic.com *.bglobale.com https://a.klaviyo.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.com *.googletagmanager.com *.googlecommerce.com *.doubleclick.net *.trustpilot.com *.zopim.com *.zdassets.com *.payments-amazon.com *.amazon.com *.local.com maps.googleapis.com *.checkout.com *.paypal.com *.bglobale.com *.global-e.com *.newrelic.com *.nr-data.net https://unpkg.com https://static.klaviyo.com https://fast.a.klaviyo.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.fontawesome.com *.checkout.com *.bglobale.com *.global-e.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.zdassets.com *.zopim.com *.amazon.com 'self' wss: *.checkout.com *.google-analytics.com *.doubleclick.net *.paypalobjects.com *.nr-data.net *.newrelic.com https://static.klaviyo.com https://fast.a.klaviyo.com *.facebook.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src https://cdn.doofinder.com/ *.fontawesome.com https://leaderplant.localhost preprod-www.leaderplant.com www.leaderplant.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com https://www.facebook.com/ 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://sibautomation.com/ *.criteo.net *.criteo.com *.youtube-nocookie.com https://leaderplant.localhost https://www.googletagmanager.com/ www.facebook.com platform.twitter.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://www.leaderplant.com https://c.clarity.ms/ https://exchange.mediavine.com/ https://id5-sync.com/ https://matching.ivitrack.com/ https://beacon.krxd.net/ https://s.thebrighttag.com/ log.pinterest.com *.adnxs.com eb2.3lift.com contextual.media.net sync.outbrain.com sync-t1.taboola.com r.casalemedia.com cm.g.doubleclick.net us-u.openx.net pixel.rubiconproject.com *.yahoo.com s.ad.smaato.net criteo-sync.teads.tv *.criteo.com ad.yieldlab.net *.adscale.de ad.360yield.com cm.adform.net match.sharethrough.com rtb-csync.smartadserver.com x.bidswitch.net idsync.rlcdn.com ums.acuityplatform.com visitor.omnitagjs.com simage2.pubmatic.com pixel.advertising.com *.stickyadstv.com *.yieldmo.com *.impact-ad.jp *.lemmatechnologies.com *.mathtag.com *.brightmountainmedia.com *.postrelease.com *.e-planning.net *.liadm.com *.bing.com *.tremorhub.com *.smartclip.net *.clmbtech.com *.ipredictive.com *.fwmrm.net *.sundaysky.com *.admedo.com *.tribalfusion.com *.google.fr *.ad-stir.com leaderplant.localhost preprod-www.leaderplant.com www.leaderplant.com *.bird.eu maps.googleapis.com maps.gstatic.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com https://js-agent.newrelic.com/ https://sdk.privacy-center.org/ https://bam.eu01.nr-data.net/ https://bat.bing.com/ https://sibautomation.com/ https://cdn.doofinder.com/ https://www.clarity.ms/ https://m.addthis.com https://assets.pinterest.com https://kit.fontawesome.com *.criteo.net *.criteo.com maps.googleapis.com leaderplant.localhost preprod-www.leaderplant.com www.leaderplant.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ connect.facebook.net twitter.com platform.twitter.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com https://cdn.doofinder.com/ *.fontawesome.com https://leaderplant.localhost preprod-www.leaderplant.com www.leaderplant.com *.bootstrapcdn.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://eu1-layer.doofinder.com/ https://in-automate.sendinblue.com/ https://j.clarity.ms/ https://bam.eu01.nr-data.net/ *.addthis.com maps.googleapis.com leaderplant.localhost preprod-www.leaderplant.com www.leaderplant.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.leaderplant.com/; report-to report-endpoint; 1 report-uri /-/csp_report?report_only=true; script-src 'self' 'unsafe-inline' 'report-sample' https://ssl.gstatic.com https://apis.google.com https://accounts.google.com/gsi/client https://d3ki9tyy5l5ruj.cloudfront.net https://d1gwm4cf8hecp4.cloudfront.net https://d1a3usp4brejtz.cloudfront.net https://d3u0af8znnrzzj.cloudfront.net https://d2y3xhxlqzgfzh.cloudfront.net https://oauth.googleusercontent.com https://app.box.com https://platform.twitter.com https://connect.facebook.net https://platform.harvestapp.com https://www.google.com https://docs.google.com https://www.gstatic.com https://www.dropbox.com https://www.paypal.com/sdk/js https://js.stripe.com https://recordwidget.vimeocdn.com https://prod-eu1.app.asana.com https://prod-au1.app.asana.com https://prod-jp1.app.asana.com https://cdn.cookielaw.org https://861-iiv-735.mktoweb.com https://resources.asana.com https://ccwizard.vertexsmb.com; frame-src 'self' blob: https://www.figma.com https://*.invisionapp.com https://invis.io https://miro.com https://whimsical.com https://www.loom.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.com https://www.canva.com https://xd.adobe.com https://*.looker.com https://lucid.app https://*.okta.com https://*.sharepoint.com https://accounts.google.com https://accounts.google.com/gsi/ https://content.googleapis.com https://www.google.com https://docs.google.com https://fast.wistia.net https://www.dropbox.com https://platform.harvestapp.com https://forms.asana.plus https://forms-server.asana.plus https://local.asana.com https://asana.com https://apisandbox.zuora.com https://test.zuora.com https://www.zuora.com https://www.sandbox.paypal.com https://www.paypal.com https://js.stripe.com https://recordwidget.vimeocdn.com https://pixel.asana.com https://d3ki9tyy5l5ruj.cloudfront.net https://prod-eu1.app.asana.com https://prod-au1.app.asana.com https://prod-jp1.app.asana.com https://cdn.cookielaw.org https://form.asana.com https://form-beta.asana.com https://form-stag.luna-s.org https://localhost.asana.com:3000 https://861-iiv-735.mktoweb.com https://resources.asana.com https://ccwizard.vertexsmb.com; worker-src 'self' blob: https://d3ki9tyy5l5ruj.cloudfront.net; child-src 'self' blob: https://d3ki9tyy5l5ruj.cloudfront.net; object-src 'self'; plugin-types application/pdf; base-uri 'none', report-uri /-/csp_report?report_only=true; script-src https: 'unsafe-inline' 'strict-dynamic' 'report-sample' 'nonce-gwlzvm891zu9xhmcuau2p39or' 1 object-src 'none';base-uri 'self';script-src 'nonce-WchMs7Ut4GPqQOaryH5IlQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample' blob: data: https://*.google.com https://*.geetest.com https://*.geevisit.com https://www.googletagmanager.com https://appleid.cdn-apple.com https://vk.com https://*.prdredir.com https://analytics.tiktok.com https://connect.facebook.net https://*.appsflyer.com https://*.google-analytics.com https://telegram.org https://*.ada.support https://widget-mediator.zopim.com https://*.coincatch.com https://*.coincatch.cc https://*.bgbstatic.com https://*.gdrichem.com https://gateway.test.95516.com https://*.checkout.com https://gateway.95516.com https://www.facebook.com https://*.youtube.com https://dn-staticdown.qbox.me https://megacheck.vip https://*.megacheck.vip https://*.saintpay.com https://*.skypay.space https://*.noxiaohao.com https://*.megacheck.net https://megacheck.net https://*.7b7x.com https://7b7x.com https://*.onfido.com https://cdn.builder.io https://www.fedstable.com https://applepay.cdn-apple.com https://*.apple.com https://*.gstatic.com https://*.googleapis.com https://static.zdassets.com https://bat.bing.com https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://*.hotjar.com https://partner.googleadservices.com https://*.adsrvr.org https://static.ads-twitter.com https://*.glassgs.com https://wcs.naver.net https://*.zendesk.com; connect-src 'self' 'report-sample' data: blob: https://www.googletagmanager.com https://*.google.com https://*.coincatch.com wss://*.coincatch.com https://*.coincatch.cc wss://*.coincatch.cc https://*.google-analytics.com https://analytics.tiktok.com https://*.appsflyer.com https://www.facebook.com https://*.analytics.google.com https://*.ada.support wss://*.ada.support https://wa.onelink.me https://widget-mediator.zopim.com wss://widget-mediator.zopim.com https://*.bgbstatic.com https://*.gdrichem.com https://gateway.test.95516.com https://*.checkout.com wss://*.checkout.com https://gateway.95516.com https://telegram.org https://*.youtube.com https://www.tradingview.com https://api.tronstack.io wss://*.gdrichem.com https://megacheck.vip https://*.megacheck.vip wss://megacheck.vip wss://*.megacheck.vip https://*.megacheck.net wss://*.megacheck.net https://megacheck.net wss://megacheck.net https://*.saintpay.com wss://*.saintpay.com https://*.skypay.space wss://*.skypay.space https://*.noxiaohao.com wss://*.noxiaohao.com https://*.gdrichem.com:8443 https://*.omkbic.com:8443 https://dn-staticdown.qbox.me https://*.7b7x.com https://7b7x.com wss://*.7b7x.com wss://7b7x.com https://*.onfido.com wss://*.onfido.com https://cdn.builder.io https://www.fedstable.com wss://www.fedstable.com wss://stream.fedstable.com https://*.coincatch.com https://*.geetest.com https://*.geevisit.com https://*.zendesk.com wss://*.zendesk.com https://ekr.zdassets.com https://static.zdassets.com https://bat.bing.com https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://*.hotjar.com wss://*.hotjar.com https://connect.facebook.net https://analytics.pangle-ads.com https://partner.googleadservices.com https://*.gstatic.com https://*.gurenla.com https://*.glassgs.com wss://*.glassgs.com https://*.adsrvr.org https://wcs.naver.net https://wcs.naver.com https://static.ads-twitter.com; frame-src 'self' 'report-sample' blob: data: https://*.coincatch.com https://*.coincatch.cc https://*.google.com https://*.bgbstatic.com https://www.facebook.com https://oauth.telegram.org https://telegram.org https://*.checkout.com https://*.ada.support https://*.youtube.com https://www.googletagmanager.com https://gateway.95516.com https://widget-mediator.zopim.com https://*.gdrichem.com https://gateway.test.95516.com https://*.google-analytics.com https://megacheck.vip https://*.megacheck.vip https://*.saintpay.com https://*.skypay.space https://*.noxiaohao.com https://*.megacheck.net https://megacheck.net https://*.7b7x.com https://7b7x.com https://*.onfido.com https://tpc.googlesyndication.com https://*.glassgs.com https://*.adsrvr.org https://*.adsrvr.cn; frame-ancestors 'self'; report-uri https://65266bb9a5a15fa1ff36a6b6.endpoint.csper.io?v=8; 1 default-src *.irideos.it *.clouditalia.com 'self' cdnjs.cloudflare.com 'unsafe-inline' cdn.datatables.net www.googletagmanager.com *.cookiebot.com *.google-analytics.com fonts.gstatic.com code.ionicframework.com *.googleapis.com www.google.com www.gstatic.com maxcdn.bootstrapcdn.com *.kolst.com code.jquery.com netdna.bootstrapcdn.com *.matomo.cloud; report-to csp~www.kolst.com 1 object-src 'none';base-uri 'self';script-src 'nonce-QLKWhIWQkwYUP_Y99rXzhQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-kI5Z61C_de3D20cLFBPWHw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce--m4qEcAU5Sf4Wg-Hk_g6TQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src https://www.gstatic.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com fonts.gstatic.com https://maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self' *.maksekeskus.ee *.test.maksekeskus.ee 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com https://www.google.com/recaptcha/ https://www.google.com 'self' *.maksekeskus.ee *.test.maksekeskus.ee c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://accounts.google.com https://*.google.com https://*.hotjar.com https://vars.hotjar.com https://www.facebook.com https://*.criteo.com https://gum.criteo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.maksekeskus.ee *.test.maksekeskus.ee public.montonio.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://www.facebook.com https://www.google.com https://www.google.ee https://www.google-analytics.com rx.apotheka.ee data: http: https: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.polyfill.io https://browser.sentry-cdn.com https://www.google.com https://www.gstatic.com 'self' *.maksekeskus.ee *.test.maksekeskus.ee data: public.montonio.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net rx.apotheka.ee http: https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com rx.apotheka.ee http: https: 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://*.ingest.sentry.io 'self' *.maksekeskus.ee *.test.maksekeskus.ee api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com https://stats.g.doubleclick.net rx.apotheka.ee http: https: 'self' 'unsafe-inline'; child-src 'self' *.maksekeskus.ee *.test.maksekeskus.ee assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 worker-src blob:; font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com fonts.gstatic.com *.kxcdn.com *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.google.com *.addthis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com checkout.tabby.ai www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.cdninstagram.com *.kxcdn.com *.twitter.com *.googleapis.com *.google.com *.fbcdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ tagmanager.google.com https://www.googletagmanager.com *.googleapis.com *.google.com *.gstatic.com cdn.ampproject.org connect.facebook.net googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com s7.addthis.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com checkout.tabby.ai widgets.tabby.ai cdn.segment.com www.google.com cdn.sift.com score.jcsc.online seondf.com deviceinf.com getdeviceinf.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.google.com *.kxcdn.com *.gstatic.com *.fontawesome.com unsafe-inline assets.braintreegateway.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.google-analytics.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com checkout.tabby.ai widgets.tabby.ai cdn.segment.com api.segment.com api.segment.io api.amplitude.com *.seondfresolver.com *.deviceinfresolver.com *.getdeviceinfresolver.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.seondnsresolve.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1 default-src 'self'; script-src 'self' 'unsafe-inline' https://ajax.googleapis.com https://ssl.ingersoll-imc.com https://www.google-analytics.com https://platform.twitter.com https://www.googletagmanager.com https://wpcc.io; style-src 'self' 'unsafe-inline' http://ssl.ingersoll-imc.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://wpcc.io https://cdn.websitepolicies.io; img-src 'self' https://ssl.ingersoll-imc.com https://www.google-analytics.com https://syndication.twitter.com https://stats.g.doubleclick.net; connect-src 'self' https://syndication.twitter.com https://www.google-analytics.com https://stats.g.doubleclick.net; font-src 'self' https://ssl.ingersoll-imc.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com; form-action 'self' https://syndication.twitter.com https://platform.twitter.com; frame-src https://platform.twitter.com https://syndication.twitter.com; report-uri https://report.ingersoll-imc.com 1 report-uri /-/csp_report?report_only=true; script-src 'self' 'unsafe-inline' 'report-sample' https://ssl.gstatic.com https://apis.google.com https://accounts.google.com/gsi/client https://d3ki9tyy5l5ruj.cloudfront.net https://d1gwm4cf8hecp4.cloudfront.net https://d1a3usp4brejtz.cloudfront.net https://d3u0af8znnrzzj.cloudfront.net https://d2y3xhxlqzgfzh.cloudfront.net https://oauth.googleusercontent.com https://app.box.com https://platform.twitter.com https://connect.facebook.net https://platform.harvestapp.com https://www.google.com https://docs.google.com https://www.gstatic.com https://www.dropbox.com https://www.paypal.com/sdk/js https://js.stripe.com https://recordwidget.vimeocdn.com https://prod-eu1.app.asana.com https://prod-au1.app.asana.com https://prod-jp1.app.asana.com https://cdn.cookielaw.org https://861-iiv-735.mktoweb.com https://resources.asana.com https://ccwizard.vertexsmb.com; frame-src 'self' blob: https://www.figma.com https://*.invisionapp.com https://invis.io https://miro.com https://whimsical.com https://www.loom.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.com https://www.canva.com https://xd.adobe.com https://*.looker.com https://lucid.app https://*.okta.com https://*.sharepoint.com https://accounts.google.com https://accounts.google.com/gsi/ https://content.googleapis.com https://www.google.com https://docs.google.com https://fast.wistia.net https://www.dropbox.com https://platform.harvestapp.com https://forms.asana.plus https://forms-server.asana.plus https://local.asana.com https://asana.com https://apisandbox.zuora.com https://test.zuora.com https://www.zuora.com https://www.sandbox.paypal.com https://www.paypal.com https://js.stripe.com https://recordwidget.vimeocdn.com https://pixel.asana.com https://d3ki9tyy5l5ruj.cloudfront.net https://prod-eu1.app.asana.com https://prod-au1.app.asana.com https://prod-jp1.app.asana.com https://cdn.cookielaw.org https://form.asana.com https://form-beta.asana.com https://form-stag.luna-s.org https://localhost.asana.com:3000 https://861-iiv-735.mktoweb.com https://resources.asana.com https://ccwizard.vertexsmb.com; worker-src 'self' blob: https://d3ki9tyy5l5ruj.cloudfront.net; child-src 'self' blob: https://d3ki9tyy5l5ruj.cloudfront.net; object-src 'self'; plugin-types application/pdf; base-uri 'none', report-uri /-/csp_report?report_only=true; script-src https: 'unsafe-inline' 'strict-dynamic' 'report-sample' 'nonce-ny8lgommyi4xjza5oe7uwizv3' 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.zendesk.com cdnjs.cloudflare.com cdn.cookielaw.org netdna.bootstrapcdn.com *.facebook.net static.addtoany.com media.dtc-icp.io cdn.jsdelivr.net static.zdassets.com ekr.zdassets.com www.googletagmanager.com cdn.appsflyer.com js-agent.newrelic.com bam.nr-data.net *.onetrust.com get.geojs.io ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.addthis.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.sooqr.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://cdn.polyfill.io https://browser.sentry-cdn.com s7.addthis.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net *.sooqr.com js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com https://cdn.jsdelivr.net *.sooqr.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.ingest.sentry.io ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 worker-src blob:; font-src *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com fonts.gstatic.com *.kxcdn.com *.fontawesome.com applepay.cdn-apple.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com www.google.com facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.google.com *.addthis.com api.payplug.com secure.payplug.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com *.cdninstagram.com *.kxcdn.com *.twitter.com *.google.com *.fbcdn.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com cdn.ampproject.org connect.facebook.net googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com chimpstatic.com downloads.mailchimp.com *.list-manage.com s7.addthis.com *.avada.io api.payplug.com applepay.cdn-apple.com https://cdn.payplug.com/js/integrated-payment/ https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com fonts.googleapis.com *.google.com *.kxcdn.com https://cs.iubenda.com/ https://cdnjs.cloudflare.com/ downloads.mailchimp.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com https://hits-i.iubenda.com/ ekr.zdassets.com/ https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1 font-src *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com https://token.tuna-demo.uy https://token.tunagateway.com https://engine.tunagateway.com/ https://sandbox.tuna-demo.uy *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://token.tuna-demo.uy https://token.tunagateway.com https://engine.tunagateway.com/ https://sandbox.tuna-demo.uy *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://token.tuna-demo.uy https://token.tunagateway.com https://engine.tunagateway.com/ https://sandbox.tuna-demo.uy *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com https://token.tuna-demo.uy https://token.tunagateway.com https://engine.tunagateway.com/ https://sandbox.tuna-demo.uy *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.fontawesome.com *.googleapis.com *.gstatic.com fonts.googleapis.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com www.facebook.com www.youtube.com www.youtube-nocookie.com ssl.ditonlinebetalingssystem.dk *.trustpilot.com *.cookieinformation.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://d1pna5l3xsntoj.cloudfront.net *.facebook.com *.sleeknote.com https://cdn.clerk.io maps.googleapis.com *.googleapis.com maps.gstatic.com *.klarna.com *.klarnaevt.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.magezon.com quickchart.io img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://core.helloretail.com https://d1pna5l3xsntoj.cloudfront.net *.sleeknote.com *.clerk.io *.tryggehandel.net *.facebook.net *.trustpilot.com *.emaerket.dk *.cookieinformation.com https://api.clerk.io https://cdn.clerk.io maps.googleapis.com *.klarna.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.fontawesome.com *.googleapis.com *.gstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://d1pna5l3xsntoj.cloudfront.net fonts.googleapis.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com https://api.clerk.io https://cdn.clerk.io https://static.klaviyo.com *.fontawesome.com fonts.gstatic.com unsafe-inline *.googleapis.com *.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://core.helloretail.com *.obsidian.dk *.facebook.net *.facebook.com *.cookieinformation.com *.doubleclick.net *.google.com *.googlesyndication.com *.klarnaevt.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src cdn.jsdelivr.net fonts.gstatic.com cdn.almapay.com fonts.googleapis.com *.googleapis.com *.gstatic.com data: https://*.dnafactory.it https://*.dnalab.online https://*.cloudflare.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://*.dnafactory.it https://*.dnalab.online https://*.cloudflare.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.getalma.eu www.google.com https://www.googletagmanager.com/ https://*.dnafactory.it https://*.dnalab.online https://*.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com https://images.unsplash.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://*.dnafactory.it https://*.dnalab.online https://*.cloudflare.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.jsdelivr.net maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ chimpstatic.com downloads.mailchimp.com *.list-manage.com https://*.dnafactory.it https://*.dnalab.online https://*.cloudflare.com https://*.gestpay.net *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.jsdelivr.net fonts.googleapis.com downloads.mailchimp.com https://*.dnafactory.it https://*.dnalab.online https://*.cloudflare.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://*.dnafactory.it https://*.dnalab.online https://*.cloudflare.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.getalma.eu maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://*.dnafactory.it https://*.dnalab.online https://*.google.com https://google.com https://*.google-analytics.com https://*.cloudflare.com https://*.trustpilot.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src https://click.dracherie.com.br https://static.sizebay.technology *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://www.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://static.omni.chat/ https://bid.g.doubleclick.net/ https://forms.office.com/ https://sdk.mimo.com.br/ https://click.dracherie.com.br https://www.facebook.com https://www.google.com/ https://pagseguro.uol.com.br https://sandbox.pagseguro.uol.com.br *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com camo.githubusercontent.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://www.google.com https://www.google.com.br https://www.facebook.com https://click.dracherie.com.br https://pagseguro.uol.com.br https://sandbox.pagseguro.uol.com.br https://stc.pagseguro.uol.com.br https://sandbox.stc.pagseguro.uol.com.br *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com https://static.omni.chat/ https://nowlink.it/ https://connect.facebook.net https://googleads.g.doubleclick.net https://static.sizebay.technology https://vfr-v3-production.sizebay.technology https://click.dracherie.com.br https://js-agent.newrelic.com https://bam.nr-data.net https://stc.pagseguro.uol.com.br https://stc.sandbox.pagseguro.uol.com.br *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com https://click.dracherie.com.br https://static.sizebay.technology https://vfr-v3-production.sizebay.technology *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src https://click.dracherie.com.br 'self' 'unsafe-inline'; media-src https://click.dracherie.com.br 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com https://www.paypal.com/xoplatform/logger/api/logger https://analytics.google.com/ https://stats.g.doubleclick.net https://www.google-analytics.com https://vfr-v3-production.sizebay.technology https://bam.nr-data.net *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://plumrocket.com *.cardinalcommerce.com *.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://plumrocket.com *.weltpixel.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.klarna.com *.klarnaevt.com *.klarnacdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline https://fonts.googleapis.com releva.ai *.googleapis.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; connect-src assets.adobedtm.com adobe.com googleads.g.doubleclick.net analytics.google.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com t.paypal.com s.ytimg.com vimeo.com vimeocdn.com youtube.com facebook.com connect.facebook.net graph.facebook.com avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com paypal.com releva.ai google.com gstatic.com tagmanager.google.com https://v2.zopim.com/?5jrbNgL7Q4MFVkTN5xFdeRBR3iV8JmSM www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com www.googleapis.com www.vimeo.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com www.facebook.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.google.com *.gstatic.com https://www.googletagmanager.com https://static.zdassets.com/ekr/asset_composer.js https://*.ingest.sentry.io https://get.geojs.io ekr.zdassets.com https://zdassets.com/ zdassets.com https://stats.g.doubleclick.net/j/collect stats.g.doubleclick.net/j/collect stats.g.doubleclick.net widget-mediator.zopim.com zopim.com dpm.demdex.net amcglobal.sc.omtrdc.net geo.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.klarnaevt.com *.avada.io *.braintree-api.com *.paypal.com localhost t.elasticsuite.io *.google-analytics.com *.facebook.net https://www.google-analytics.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com adobe.com googleads.g.doubleclick.net analytics.google.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com t.paypal.com s.ytimg.com vimeo.com vimeocdn.com youtube.com facebook.com connect.facebook.net graph.facebook.com avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com paypal.com releva.ai google.com gstatic.com tagmanager.google.com https://v2.zopim.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com www.googleapis.com www.vimeo.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com www.facebook.com https://cdn.polyfill.io https://browser.sentry-cdn.com .avada.io *.google.com *.gstatic.com https://www.googletagmanager.com https://ekr.zdassets.com/compose/zopim_chat/5jrbNgL7Q4MFVkTN5xFdeRBR3iV8JmSM https://static.zdassets.com/ekr/asset_composer.js https://*.ingest.sentry.io https://get.geojs.io ekr.zdassets.com/compose/zopim_chat/5jrbNgL7Q4MFVkTN5xFdeRBR3iV8JmSM ekr.zdassets.com *ekr.zdassets.com* https://zdassets.com/ zdassets.com wss://widget-mediator.zopim.com *.adobe.com *.vimeocdn.com *.youtube.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js *.klarna.com *.klarnacdn.net *.avada.io *.paypal.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; 1 object-src 'none';base-uri 'self';script-src 'nonce-01-PlsSoJw2NEg_GvzwuWQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.cloudflare.com *.bootstrapcdn.com data: maxcdn.bootstrapcdn.com fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.facebook.com platform.twitter.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.cloudflare.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com amcglobal.sc.omtrdc.net yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.cloudflare.com *.twitter.com *.fontawesome.com *.avada.io connect.facebook.net twitter.com platform.twitter.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com maxcdn.bootstrapcdn.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es https://www.sandbox.paypal.com https://www.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.cloudflare.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.facebook.net assets.adobedtm.com *.doubleclick.net *.everesttech.net *.googleadservices.com adservice.google.com *.googleapis.com *.facebook.com cdnjs.cloudflare.com *.gstatic.com *.omtrdc.net www.google.com *.cloudfront.net www.googletagmanager.com *.demdex.net static.addtoany.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com cdn1.stamped.io stamped.io *.fontawesome.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.nosto.com *.nos.to *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.klarna.com *.nosto.com *.nos.to js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.klarna.com *.klarnaevt.com *.nosto.com *.nos.to https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ cdn1.stamped.io stamped.io https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.klarna.com *.nosto.com *.nos.to https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ player.vimeo.com cdn1.stamped.io stamped.io js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.nosto.com *.nos.to https://static.klaviyo.com cdn1.stamped.io stamped.io *.fontawesome.com unsafe-inline assets.braintreegateway.com *.yotpo.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src cdn1.stamped.io stamped.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.klarnaevt.com *.nosto.com *.nos.to https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ cdn1.stamped.io stamped.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com t.elasticsuite.io *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.bootstrapcdn.com *.cloudflare.com *.gstatic.com data: maxcdn.bootstrapcdn.com 'self' data: data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.realexpayments.com www.facebook.com *.adyen.com 'self' connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.vimeo.com *.hotjar.com www.facebook.com mention-me.com coals2u.mention-me.com *.coals2u.co.uk *.adyen.com www.google.com *.dotdigital-pages.com *.dotdigital.com optimize.google.com *.weltpixel.com www.xtento.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.cloudflare.com *.google-analytics.com *.google.com *.google.co.uk *.klarna.com *.paypal.com *.adnxs.com *.bing.com *.clarity.ms www.facebook.com *.adyen.com *.gstatic.com *.googleapis.com *.trackedlink.net www.xtento.com cdn.xtento.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.cloudflare.com *.fontawesome.com *.google.com *.google.co.uk *.google-analytics.com *.gstatic.com www.facebook.com *.feefo.com *.hotjar.com *.moatads.com *.adnxs.com *.webgains.io *.addthisedge.com *.bing.com *.facebook.net *.clarity.ms static.mention-me.com tag.mention-me.com *.coals2u.co.uk *.newrelic.com *.adyen.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal googleoptimize.com *.getflowbox.com www.xtento.com cdn.xtento.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com connect.facebook.net graph.facebook.com business.facebook.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.bootstrapcdn.com *.cloudflare.com *.fontawesome.com *.googleapis.com *.gstatic.com optimize.google.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bootstrapcdn.com *.cloudflare.com *.google-analytics.com *.paypal.com *.paypalobjects.com *.pcapredict.com *.sandbox.paypal.com *.feefo.com *.hotjar.com www.facebook.com *.mention-me.com *.bronto.com *.brontops.com *.clarity.ms *.adyen.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.getflowbox.com webchat.dotdigital.com webchat.staging.dotdigital.com *.ideal-postcodes.co.uk connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: client.crisp.chat *.googleapis.com edge.fullstory.com *.facebook.net *.doubleclick.net *.facebook.com maxcdn.bootstrapcdn.com www.googletagmanager.com rs.fullstory.com *.gstatic.com www.google.com www.google-analytics.com ssl.google-analytics.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 script-elem-src addwish.com *.hotjar.com; font-src *.cloudflare.com *.bootstrapcdn.com *.flixfacts.com *.flixcar.com *.bricks.plus *.vimeo.com core.helloretail.com *.addwish.com cloud.misterbricks.nl *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.flixcar.com *.bricks.plus *.vimeo.com *.cloudfront.net *.google.com core.helloretail.com *.hotjar.com www.facebook.com cloud.misterbricks.nl *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com connect.facebook.net graph.facebook.com business.facebook.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.cloudflare.com *.cloudfront.net *.flixcar.com *.flixfacts.com *.flix360.com *.bricks.plus *.vimeo.com *.google.com *.google.nl core.helloretail.com *.addwish.com www.facebook.com *.facebook.net *.hipex.cloud cloud.misterbricks.nl connect.facebook.net graph.facebook.com business.facebook.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: maps.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.cloudflare.com *.twitter.com *.fontawesome.com *.flixfacts.com *.flixcar.com *.flix360.com *.flix360.io *.bricks.plus *.googletagmanager.com *.newrelic.com *.nr-data.net *.google.com *.gstatic.com *.addwish.com addwish.com *.cloudfront.net core.helloretail.com *.doubleclick.net *.hotjar.com *.hotjar.io www.facebook.com *.facebook.net cloud.misterbricks.nl *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com connect.facebook.net graph.facebook.com business.facebook.com *.avada.io js.mollie.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com maps.googleapis.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.cloudfront.net *.fontawesome.com *.bootstrapcdn.com *.flixcar.com *.bricks.plus *.vimeo.com core.helloretail.com *.addwish.com addwish.com cloud.misterbricks.nl cdn.dnky.co webchat.dotdigital.com maxcdn.bootstrapcdn.com unsafe-inline *.googleapis.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.bricks.plus *.vimeo.com *.akamaized.net core.helloretail.com *.addwish.com cloud.misterbricks.nl 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.cloudflare.com *.cloudfront.net *.amazonaws.com *.plyr.io *.analytics.google.com *.google-analytics.com *.doubleclick.net *.nr-data.net *.addwish.com core.helloretail.com *.hotjar.com *.flix360.io cloud.misterbricks.nl *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.misterbricks.nl/; report-to report-endpoint; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.gstatic.com analytics.google.com *.facebook.net *.googleapis.com *.facebook.com www.google.co.id *.doubleclick.net www.googletagmanager.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudfront.net 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com www.google.com consentcdn.cookiebot.com consentcdn.cookiebot.eu https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.criteo.com *.criteo.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.io https://*.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com *.gstatic.com *.googleapis.com *.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.criteo.com *.criteo.net *.packoplock.se *.packoplock.no *.napakka.fi *.husted-emballage.dk *.nordahl.se *.bing.com *.cloudfront.net 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ consent.cookiebot.com consent.cookiebot.eu *.facebook.net http://www.googletagmanager.com/ https://www.googletagmanager.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://popedapi.packoplock.se *.criteo.com *.criteo.net *.packoplock.se *.packoplock.no *.napakka.fi *.husted-emballage.dk *.nordahl.se *.cloudfront.net *.clarity.ms *.bing.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.io *.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.packoplock.se *.packoplock.no *.napakka.fi *.husted-emballage.dk *.nordahl.se *.cloudfront.net *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.googleapis.com consentcdn.cookiebot.com consentcdn.cookiebot.eu *.facebook.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://popedapi.packoplock.se *.criteo.com *.criteo.net *.packoplock.se *.packoplock.no *.napakka.fi *.husted-emballage.dk *.nordahl.se *.cloudfront.net *.clarity.ms *.bing.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.io https://*.facebook.com t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src hyper2pay.com *.criteo.com *.criteo.net *.packoplock.se *.packoplock.no *.napakka.fi *.husted-emballage.dk *.nordahl.se *.cloudfront.net *.clarity.ms *.bing.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.io https://*.facebook.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://8613cf7b5aa49eb161c6c41823830d87.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1 font-src https://*.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: https://belco-prod.s3-eu-central-1.amazonaws.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com https://cdn.belco.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://*.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com wss://chat.belco.io https://cdn.belco.io 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google.com/ *.weltpixel.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; frame-ancestors unsafe-inline 'self' 'unsafe-inline'; connect-src www.google-analytics.com stats.g.doubleclick.net/j/ dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://*.ingest.sentry.io https://get.geojs.io *.avada.io https://www.google-analytics.com 'self' 'unsafe-inline'; img-src data: www.google.bg/pagead/ www.google.com/pagead/ www.facebook.com/tr/ maps.googleapis.com www.google.bg/ads/ga-audiences www.google.com/ads/ga-audiences assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.magezon.com *.gstatic.com 'self' 'unsafe-inline'; style-src maxcdn.bootstrapcdn.com fonts.googleapis.com getfirebug.com *.fontawesome.com tagmanager.google.com 'self' 'unsafe-inline'; script-src connect.facebook.com connect.facebook.net facebook.com googleads.g.doubleclick.net www.google-analytics.com www.google.com/pagead/ www.google.bg/pagead/ www.facebook.com/tr/ maps.googleapis.com ajax.cloudflare.com/cdn-cgi/scripts/ ssets.adobedtm.com secure.authorize.net test.authorize.net js.braintreegateway.com assets.adobedtm.com www.googleadservices.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com www.apptrian.com www.facebook.com graph.facebook.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.avada.io *.google.com/ https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; font-src youtube.com maxcdn.bootstrapcdn.com fonts.gstatic.com googleapis.com *.fontawesome.com 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com https://fonts.gstatic.com https://cdnjs.cloudflare.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com api.payplug.com secure.payplug.com https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ s7.addthis.com https://cdnjs.cloudflare.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com api.payplug.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.googleapis.com *.addtoany.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com ekr.zdassets.com/ http://dpm.demdex.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com t.elasticsuite.io *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com maxcdn.bootstrapcdn.com *.tawk.to fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.tawk.to 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.instagram.com *.google.com/ *.doubleclick.net *.facebook.com *.tawk.to *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com *.cdninstagram.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com https://www.magezon.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com * *.tawk.to cdn.jsdelivr.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.googleapis.com *.gstatic.com *.instagram.com *.google.com/ *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com chimpstatic.com downloads.mailchimp.com *.list-manage.com * *.tawk.to cdn.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com downloads.mailchimp.com *.fontawesome.com maxcdn.bootstrapcdn.com *.tawk.to cdn.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.tawk.to wss://*.tawk.to 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 script-src-elem *.omtrdc.net embed.sendcloud.sc *.gstatic.com chimpstatic.com *.google.com vapo.indvp.com *.google-analytics.com apis.google.com widget.trustpilot.com invitejs.trustpilot.com assets.adobedtm.com paypal.com web-sdk.aptrinsic.com *.demdex.net *.zdassets.com *.redsys.es *.sequracdn.com; font-src *.fontawesome.com maxcdn.bootstrapcdn.com cdn.vapo.es *.omtrdc.net *.redsys.es 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.vivapayments.com *.redsys.es *.sequracdn.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.sharethis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com *.sendcloud.sc widget.trustpilot.com embed.sendcloud.sc *.redsys.es *.sequracdn.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.sharethis.com data: d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es cdn.vapo.es sis.redsys.es amasty.com cdn.klarna.com *.aptrinsic.com *.sequracdn.com *.demdex.net *.omtrdc.net *.redsys.es *.googletagmanager.com *.google-analytics.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.sharethis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.vivapayments.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.sendcloud.sc google.com googleadservices.com google-analytics.com paypal.com sandbox.paypal.com paypalobjects.com youtube.com gstatic.com apis.google.com static.zdassets.com ekr.zdassets.com widget.trustpilot.com invitejs.trustpilot.com vapo.zendesk.com ajax.cloudflare.com cdn.vapo.es https://*.googletagmanager.com js-agent.newrelic.com chimpstatic.com embed.sendcloud.sc *.aptrinsic.com *.sequracdn.com *.redsys.es 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.sharethis.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com maxcdn.bootstrapcdn.com cdn.vapo.es fonts.googleapis.com *.aptrinsic.com *.sequracdn.com *.demdex.net *.omtrdc.net *.redsys.es 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.sharethis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com static.zdassets.com ekr.zdassets.com vapo.zendesk.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net bam.nr-data.net embed.sendcloud.sc *.aptrinsic.com *.sequracdn.com *.demdex.net *.omtrdc.net *.redsys.es 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-33nr6Zuo1juV_3bUVDx_sQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src fonts.gstatic.com use.typekit.net googleapis.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.sharethis.com vimeo.com *.hotjar.com http://insight.adsrvr.org/ *.google.com *.googletagmanager.com https://d1eoo1tco6rr5e.cloudfront.net/ https://adservices.brandcdn.com/ *.paypal.com *.sandbox.paypal.com *.apsclicktopay.com *.dotdigital-pages.com *.dotdigital.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net *.sharethis.com *.googleadservices.com *.googleapis.com *.paypal.com *.paypalobjects.com http://insight.adsrvr.org/ *.google.com *.googletagmanager.com *.facebook.com https://match.adsrvr.org/ https://cm.g.doubleclick.net/ https://pixel.rubiconproject.com/ https://hb.yahoo.net/ https://tags.bluekai.com/ https://secure-gl.imrworldwide.com/ https://loadm.exelator.com/ https://mid.rkdms.com/ https://load77.exelator.com/ https://uipglob.semasio.net/ https://eb2.3lift.com/ https://ads.scorecardresearch.com/ https://i.liadm.com/ https://i6.liadm.com/ https://tags.rd.linksynergy.com/ https://match.sharethrough.com/ https://idpix.media6degrees.com/ https://dsum-sec.casalemedia.com/ https://x.bidswitch.net/ https://dmp.truoptik.com/ https://secure.insightexpressai.com/ https://simage2.pubmatic.com/ https://bidagent.xad.com/ *.google.co.in/ *.trackedlink.net addevent.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.sharethis.com https://connect.facebook.net https://*.hotjar.com 'unsafe-inline' *.googleadservices.com googleapis.com *.paypal.com *.sandbox.paypal.com *.googletagmanager.com *.paypalobjects.com *.googleapis.com *.google.com *.gstatic.com https://p.typekit.net/ https://use.typekit.net https://*.hotjar.com http://adservices.brandcdn.com/ http://tag.brandcdn.com/ https://kadromm.atlassian.net/ addevent.com https://cdn.addevent.com/ https://*.addevent.com/ *.apsclicktopay.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal 'self' data: maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.sharethis.com https://*.hotjar.com https://p.typekit.net/ https://use.typekit.net/ *.apsclicktopay.com getfirebug.com googleapis.com addevent.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.adobe.io performance.typekit.net *.sentry.io *.sharethis.com *.paypal.com *.sandbox.paypal.com *.paypalobjects.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com https://stats.g.doubleclick.net/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com maps.googleapis.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src https://*.gstatic.com https://*.googleapis.com https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://www.facebook.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://www.facebook.com https://ct.pinterest.com https://*.cookiebot.com *.multisafepay.com https://pay.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.sendcloud.sc *.jsdelivr.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://d1pna5l3xsntoj.cloudfront.net https://dailystyle.nl https://*.bing.com https://facebook.com https://www.facebook.com https://ct.pinterest.com https://*.googletagmanager.com https://*.clarity.ms https://at19.net https:/at19.net https://www.google.nl https://www.google.com https://*.googleapis.com https://*.gstatic.com https://*.cookiebot.com https://bdt9.net https://ds1.nl https://dt51.net https://dt61.net https://fr135.net https://glp8.net https://jdt8.net https://jf79.net https://hs82.net https://lt45.net https://mt74.net https://ndt5.net https://rkn3.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.multisafepay.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://redchamps.com *.amazonaws.com https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://core.helloretail.com https://d1pna5l3xsntoj.cloudfront.net https://jdt8.net https://www.googletagmanager.com https://tdep.dailystyle.nl chimpstatic.com https://diffuser-cdn.app-us1.com https://js-agent.newrelic.com https://bat.bing.com https://s.pinimg.com https://connect.facebook.net https://prism.app-us1.com https://www.clarity.ms https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.nr-data.net https://trackcmp.net https://*.cookiebot.com downloads.mailchimp.com *.list-manage.com *.multisafepay.com https://pay.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.sendcloud.sc *.jsdelivr.net https://widgets.trustedshops.com https://integrations.etrusted.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://d1pna5l3xsntoj.cloudfront.net *.gstatic.com https://*.googleapis.com downloads.mailchimp.com *.multisafepay.com unsafe-inline *.sendcloud.sc *.jsdelivr.net https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://core.helloretail.com https://www.googletagmanager.com https://tdep.dailystyle.nl https://ct.pinterest.com https://*.clarity.ms https://*.google-analytics.com https://*.nr-data.net https://*.googleapis.com https://*.cookiebot.com *.multisafepay.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com *.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://resources.usersnap.com https://*.usercentrics.eu https://*.jquery.com https://*.google.com https://*.gstatic.com https://www.googleadservices.com https://sgtm.bti.de https://*.kameleoon.eu https://*.kameleoon.io https://*.epoq.de https://bat.bing.com https://connect.facebook.net https://googleads.g.doubleclick.net https://*.clarity.ms https://*.cloudfront.net https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://*.iadvize.com https://*.clarity.ms https://*.polyfill.io https://targetemsecure.blob.core.windows.net https://snap.licdn.com https://maps.googleapis.com; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' https://sgtm.bti.de https://*.usercentrics.eu https://*.bing.com https://*.epoq.de https://code.jquery.com https://connect.facebook.net https://*.cloudfront.net https://googleads.g.doubleclick.net https://*.kameleoon.eu https://privacy-proxy.usercentrics.eu https://userlike-cdn-*.s3-eu-west-1.amazonaws.com https://*.clarity.ms https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://*.usersnap.com https://maps.googleapis.com; font-src 'self' https://fonts.gstatic.com https://userlike-cdn-umm.b-cdn.net https://d3dc1lgancj6l0.cloudfront.net; frame-src 'self' https://www.facebook.com https://www.google.com https://consentcdn.cookiebot.com https://*.iadvize.com https://maps.googleapis.com; media-src 'self' https://maps.googleapis.com https://mediaserver.bti.de; style-src-elem 'self' 'unsafe-inline' https://*.googleapis.com; img-src 'self' https://*.usercentrics.eu https://bat.bing.com https://cdn4.bti.de https://dc.ads.linkedin.com https://mediaserver.bti.de https://sgtm.bti.de https://*.dc.bgcloudservice.com https://www.facebook.com https://www.google.com https://www.google.de https://maps.googleapis.com; connect-src 'self' https://sgtm.bti.de https://*.kameleoon.eu/ip.gif https://*.usercentrics.eu https://*.doubleclick.net https://*.iadvize.com https://*.slgnt.eu https://*.clarity.ms https://maps.googleapis.com https://widget.usersnap.com 1 default-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.playblueprotocol.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://sentry.amazongames.com https://d183t35nnwbpjm.cloudfront.net; script-src 'nonce-014f8b19eb5a486d857b023c2fec43d9' https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.playblueprotocol.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://sentry.amazongames.com https://d183t35nnwbpjm.cloudfront.net; style-src 'self' 'nonce-014f8b19eb5a486d857b023c2fec43d9' https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.playblueprotocol.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://sentry.amazongames.com https://d183t35nnwbpjm.cloudfront.net; img-src 'self' data: https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.playblueprotocol.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://sentry.amazongames.com https://d183t35nnwbpjm.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://*.ytimg.com; media-src 'self' data: https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.playblueprotocol.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://sentry.amazongames.com https://d183t35nnwbpjm.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://www.youtube.com https://youtube.com https://*.googlevideo.com; frame-src https://www.youtube.com https://youtube.com https://*.googlevideo.com https://*.twimg.com https://player.twitch.tv/ https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.playblueprotocol.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://sentry.amazongames.com https://d183t35nnwbpjm.cloudfront.net; report-uri https://www.amazon.com/1/batch/2/OE/mid=ATVPDKIKX0DER:sid=146-3748975-3459804:rid=B37A83D0E5C048AE98CE:sn=www.playblueprotocol.com 1 object-src 'none';base-uri 'self';script-src 'nonce-9refWlgGpf3dIqyGdMslqg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://hb.wpmucdn.com/k-ecommerce.com/ https://www.bugherd.com/ https://snap.licdn.com/ https://www.googletagmanager.com/ https://cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/ https://www.google.com/recaptcha/ https://www.gstatic.com/ https://www.google-analytics.com/ https://js.hsforms.net/forms/ https://static.hotjar.com/ https://bat.bing.com/ https://connect.facebook.net/ https://js.hs-scripts.com/ https://secure.lack4skip.com/js/ https://script.crazyegg.com/pages/scripts/ https://js.usemessages.com/ https://js.hs-analytics.net/analytics/ https://js.hs-banner.com/ https://js.hsadspixel.net/ https://app.hubspot.com/ https://googleads.g.doubleclick.net/ https://www.youtube.com/ https://cdnjs.cloudflare.com/ http://maps.googleapis.com/ https://checkout.freemius.com/ https://platform.twitter.com/ https://fast.wistia.com/; style-src 'self' 'unsafe-inline' https://hb.wpmucdn.com/k-ecommerce.com/ https://fonts.googleapis.com/ https://cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/ https://ajax.googleapis.com/ https://fonts.bunny.net/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://www.gstatic.com/; img-src 'self' data: https://track.hubspot.com/ https://b3000714.smushcdn.com/3000714/wp-content/ https://forms.hsforms.com/ https://forms-na1.hsforms.com/ https://www.googletagmanager.com/ https://secure.gravatar.com/avatar/ https://www.google.ca/ads/ https://assets.elementor.com/ https://twemoji.maxcdn.com/ https://library.wphtmega.com/wp-content/uploads/ https://ps.w.org/woolentor-addons/assets/ https://checkout.freemius.com/assets/ https://wpmudev.com/ https://d1lsub6zbh43gv.cloudfront.net/production/logos/ https://ps.w.org/advanced-custom-fields/assets/; font-src 'self' data: https://fonts.gstatic.com/ https://fonts.bunny.net/; connect-src 'self' https://forms.hsforms.com/ https://api.hubspot.com/livechat-public/ https://analytics.google.com/ https://www.google-analytics.com/ https://wpmudev.com/ https://distillery.wistia.com/; frame-src 'self' https://www.google.com/ https://td.doubleclick.net/ https://app.hubspot.com/ https://www.youtube.com/ https://www.youtube-nocookie.com/; worker-src 'self' https://k-ecommerce.com/ https://k-ecommerce.com/eeb71b98-a906-49b1-aaf7-df908b188362 https://k-ecommerce.com/140ffc0c-97d1-4501-9595-e2d24a59d68b; frame-ancestors 'self' https://k-ecommerce.com/; form-action 'self'; upgrade-insecure-requests; base-uri 'self' https://k-ecommerce.com/wp-admin/ 1 default-src 'self' https: 1 font-src *.typekit.net fonts.gstatic.com use.typekit.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net p.typekit.net validator.swagger.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com *.cdninstagram.com *.fbcdn.net maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com *.fontawesome.com unsafe-inline tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com *.adobe.io performance.typekit.net *.sentry.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com https://www.google-analytics.com *.instagram.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.googleapis.com fonts.gstatic.com *.googleapis.com *.gstatic.com data: *.yotpo.com *.fontawesome.com static.olark.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.yotpo.com www.facebook.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.getbread.com *.breadpayments.com *.rbcpayplan.com *.yotpo.com static.olark.com *.facebook.com *.pinterest.com *.addthis.com *.doubleclick.net *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com *.getbread.com *.breadpayments.com *.rbcpayplan.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.yotpo.com store.paradoxlabs.com *.pinterest.com *.olark.com *.facebook.com *.googleadservices.com *.google.com *.google.com.vn *.doubleclick.net *.bing.com *.clarity.ms cdn.innovolifestyles.com cdn.logfurnitureplace.com cdn.woodlandcreekfurniture.com innovolifestyles.com logfurnitureplace.com woodlandcreekfurniture.com *.facebook.net *.googletagmanager.com img.youtube.com *.breadfinancial.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.getbread.com *.breadpayments.com *.rbcpayplan.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.yotpo.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.avada.io player.vimeo.com *.authorize.net js.braintreegateway.com *.googletagmanager.com *.dotdigital-pages.com *.facebook.net *.klaviyo.com s.pinimg.com *.olark.com *.addthis.com z.moatads.com v1.addthisedge.com *.bing.com www.gstatic.com *.clarity.ms *.doubleclick.net https://www.googletagmanager.com tagmanager.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com https://static.klaviyo.com *.yotpo.com *.fontawesome.com static.olark.com *.klaviyo.com s.pinimg.com *.doubleclick.net tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com static.olark.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.getbread.com *.breadpayments.com *.rbcpayplan.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.yotpo.com https://*.ingest.sentry.io https://get.geojs.io *.avada.io *.authorize.net *.dotdigital-pages.com webchat.dotdigital.com ct.pinterest.com *.klaviyo.com knrpc.olark.com *.googleadservices.com *.google.com *.doubleclick.net *.clarity.ms *.addthis.com *.googletagmanager.com *.facebook.com *.breadgateway.net *.googlesyndication.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.getbread.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: staticw2.yotpo.com cdn11.bigcommerce.com www.gsmoutdoors.com cdn.userway.org *.online-metrix.net tasks.gsmoutdoors.com imgs.signifyd.com cdn-scripts.signifyd.com ad.ipredictive.com www.google-analytics.com *.doubleclick.net ka-p.fontawesome.com media-cdn.ipredictive.com bes.gcp.data.bigcommerce.com *.facebook.com *.gstatic.com stackpath.bootstrapcdn.com use.typekit.net *.facebook.net kit.fontawesome.com ga2.getresponse.com cdn77.api.userway.org www.google.com bc.truglo.com api.userway.org analytics.google.com p.yotpo.com www.googletagmanager.com ga.getresponse.com p.typekit.net us-an.gr-cdn.com www.gsmblasts.com cdn.jsdelivr.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 font-src googleapis.com *.gstatic.com data: https://www.googletagmanager.com *.googleapis.com n1ed.com cloud.n1ed.com o.n1ed.com fm.n1ed.com stackpath.bootstrapcdn.com localhost code.jquery.com noembed.com fonts.googleapis.com suggestqueries.google.com translate.yandex.net flmngr.com cloud.flmngr.com fm.flmngr.com fonts.gstatic.com cdn.jsdelivr.net *.fontawesome.com maxcdn.bootstrapcdn.com 'self' data: *.yotpo.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com www.google.com cdn.dnky.co webchat.dotdigital.com youtube.com www.youtube.com www.book2look.com static.addtoany.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.gstatic.com *.googleapis.com i.ytimg.com https://www.magezon.com 'self' data: *.tile.openstreetmap.org connect.ekomi.de data: google.com google.at www.google.com www.google.at www.book2look.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com googleapis.com *.gstatic.com tagmanager.google.com https://www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ jquery.sellxed.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com n1ed.com cloud.n1ed.com o.n1ed.com fm.n1ed.com stackpath.bootstrapcdn.com localhost code.jquery.com noembed.com fonts.googleapis.com suggestqueries.google.com translate.yandex.net flmngr.com cloud.flmngr.com fm.flmngr.com fonts.gstatic.com cdn.jsdelivr.net *.google.com www.google.com www.gstatic.com www.googletagmanager.com static.addtoany.com connect.ekomi.de cdn.public.n1ed.com appjs.blickinsbuch.de www.blickinsbuch.de *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com cdn.dnky.co webchat.dotdigital.com n1ed.com cloud.n1ed.com o.n1ed.com fm.n1ed.com stackpath.bootstrapcdn.com localhost code.jquery.com noembed.com googleapis.com suggestqueries.google.com translate.yandex.net flmngr.com cloud.flmngr.com fm.flmngr.com fonts.gstatic.com cdn.jsdelivr.net *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com www.book2look.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com googleapis.com https://www.google-analytics.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com www.googleapis.com n1ed.com cloud.n1ed.com o.n1ed.com fm.n1ed.com stackpath.bootstrapcdn.com localhost code.jquery.com noembed.com fonts.googleapis.com suggestqueries.google.com translate.yandex.net flmngr.com cloud.flmngr.com fm.flmngr.com fonts.gstatic.com cdn.jsdelivr.net t.elasticsuite.io *.google-analytics.com google-analytics.com doubleclick.net stats.g.doubleclick.net www.book2look.com *.yotpo.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 fonts-src https://fonts.gstatic.com; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.adyen.com *.weltpixel.com *.hotjar.com *.oct8ne.com *.pinterest.com *.doofinder.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.storyblok.com *.zdassets.com *.doofinder.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.adyen.com *.oct8ne.com *.zendesk.com *.zopim.com *.doubleclick.net *.hotjar.com *.clarity.ms *.smartsuppcdn.com maps.googleapis.com maps.gstatic.com *.connectif.cloud *.klaviyo.com *.photoslurp.com *.zdassets.com *.pinterest.com *.google-analytics.com *.nosto.com *.doofinder.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; script-src code.jquery.com cdnjs.cloudflare.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googletagmanager.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.adyen.com https://www.googletagmanager.com tagmanager.google.com widgets.trustedshops.com static-eu.oct8ne.com static.zdassets.com *.facebook.net *.tradedoubler.com *.doubleclick.net *.hotjar.com *.ads-twitter.com smct.co *.bsmartdata.com *.retargeted.co *.bing.com *.clarity.ms *.smartsuppcdn.com *.connectif.cloud *.klaviyo.com *.photoslurp.com *.youtube.com *.pinimg.com *.nosto.com *.doofinder.com 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com camo.githubusercontent.com *.adyen.com *.gstatic.com *.facebook.com *.google.com *.google.es widgets.trustedshops.com *.twitter.com t.co *.azureedge.net *.pinterest.com *.doofinder.com data: 'self' 'unsafe-inline'; font-src fonts.gstatic.com data: maxcdn.bootstrapcdn.com *.azureedge.net *.doofinder.com data: 'self' 'unsafe-inline'; style-src fonts.googleapis.com maxcdn.bootstrapcdn.com *.adobe.com tagmanager.google.com *.photoslurp.com *.nosto.com *.doofinder.com *.klaviyo.com 'self' 'unsafe-inline'; 1 font-src fonts.gstatic.com use.typekit.net *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com *.highcharts.com *.braintreegateway.com *.cardinalcommerce.com *.tawk.to *.zopim.com *.usersnap.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.twitter.com *.banorte.com *.tawk.to *.zopim.com *.usersnap.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.twitter.com *.consensu.org *.sharethis.com *.banorte.com *.highcharts.com *.braintreegateway.com *.tawk.to *.zopim.com *.usersnap.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.sharethis.com *.highcharts.com *.braintreegateway.com *.adobetm.com *.cardinalcommerce.com *.gstatic.com *.googleapis.com *.google.com *.tawk.to cdn.jsdelivr.net *.zopim.com *.usersnap.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.nr-data.net *.newrelic.com *.google.com *.sharethis.com s7.addthis.com *.banorte.com *.highcharts.com *.braintreegateway.com *.adobetm.com *.cardinalcommerce.com *.googleapis.com *.tawk.to cdn.jsdelivr.net *.zopim.com *.usersnap.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com maxcdn.bootstrapcdn.com *.banorte.com *.highcharts.com *.braintreegateway.com *.adobetm.com *.cardinalcommerce.com *.tawk.to cdn.jsdelivr.net *.zopim.com *.usersnap.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net www.google-analytics.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com commerce.adobe.net qa-api.magedevteam.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.googleadservices.com *.google-analytics.com *.sandbox.paypal.com *.paypalobjects.com *.nr-data.net *.newrelic.com *.ampproject.org *.sharethis.com ekr.zdassets.com/ *.banorte.com *.highcharts.com *.braintreegateway.com *.adobe.com *.adobetm.com *.cardinalcommerce.com *.googleapis.com *.tawk.to wss://*.tawk.to *.zopim.com *.usersnap.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 script-src https://heinztohome.co.uk https://m.heinztohome.co.uk 'unsafe-inline' 'unsafe-eval' data: https://s1.thcdn.com https://s2.thcdn.com https://s3.thcdn.com https://s4.thcdn.com https://static.thcdn.com https://static.thgcdn.cn https://tagging.thehut.net https://tag.hut.withcubed.com https://userexperience.thehut.net https://prf.audiencemanager.de https://bat.bing.com https://p.cpx.to https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://static.doubleclick.net https://www.dwin1.com https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagservices.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://*.lpsnmedia.net https://rum-static.pingdom.net https://*.tvsquared.com https://analytics.twitter.com https://platform.twitter.com https://static.ads-twitter.com https://fp.zenaps.com https://seal.digicert.com https://*.liveperson.net https://server.lon.liveperson.net https://lo.v.liveperson.net https://s.pinimg.com https://load.sumome.com https://*.kxcdn.com https://*.trustpilot.com https://www.youtube.com https://s.ytimg.com https://pay.google.com https://googleads.g.doubleclick.net/ https://www.google.co.uk/ https://widget.trustpilot.com/; report-uri https://heinztohome.co.uk/cspReport.txt; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.userway.org a.klaviyo.com bat.bing.com js.klarna.com static.klaviyo.com *.bazaarvoice.com www.gsmoutdoors.com *.doubleclick.net ka-p.fontawesome.com static-tracking.klaviyo.com *.facebook.com *.online-metrix.net *.googleapis.com x.klarnacdn.net region1.analytics.google.com maxcdn.bootstrapcdn.com api.userway.org *.clarity.ms cdn.acsbapp.com www.googletagmanager.com a85w3ux0ar-dsn.algolia.net cdn-scripts.signifyd.com www.google.ca secure.nmi.com imgs.signifyd.com cdn77.api.userway.org fast.a.klaviyo.com www.google.com pixel.wp.com tasks.gsmoutdoors.com *.cloudfront.net analytics.google.com *.facebook.net *.googlesyndication.com *.gstatic.com storage.elfsight.com cdn.jsdelivr.net osm.klarnaservices.com stats.wp.com static-forms.klaviyo.com core.service.elfsight.com kit.fontawesome.com adservice.google.com na.klarnaevt.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 default-src 'none'; script-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' https://*.benidorm.org https://insuit.net https://benidorm--org.insuit.net https://*.insuit.net https://www.googletagmanager.com *.google-analytics.com *.google.com *.gstatic.com *.googleapis.com *.jquery.com tracker.metricool.com unpkg.com static.codepen.io codepen.io cdnjs.cloudflare.com code.highcharts.com cdn.anychart.com stuk.github.io cdn.jsdelivr.net https://js-agent.newrelic.com https://bam.nr-data.net https://polyfill.io; object-src 'self'; style-src 'self' 'unsafe-hashes' 'unsafe-inline' *.gstatics.com *.fontawesome.com *.googleapis.com allfont.net allfont.es unpkg.com *.cloudflare.com https://benidorm--org.insuit.net https://cdn.insuit.net; img-src 'self' *.benidorm.org unpkg.com *.osm.org *.cdninstagram.com instagram.com www.instagram.com contenidos-pro-d10.benidorm.org:8443 tracker.metricool.com data: *.google-analytics.com; media-src 'self' *.benidorm.org benidormtv.s3.eu-west-1.amazonaws.com; frame-src 'self' *.google.com *.youtube.com iframe.dacast.com *.vimeo.com https://benidorm--org.insuit.net insuit.net https://*.insuit.net; frame-ancestors 'self'; child-src 'self' *.google.com *.youtube.com data:; font-src 'self' *.gstatic.com *.fontawesome.com *.googleapis.com https://*.insuit.net data:; connect-src 'self' *.google-analytics.com *.benidorm.org https://stats.g.doubleclick.net *.deltanetsi.es *.googleusercontent.com instagram.com *.instagram.com https://bam.nr-data.net https://stats.insuit.net https://benidorm--org.insuit.net https://www.googleapis.com; report-uri /report-csp-violation 1 default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src pagead2.googlesyndication.com stats.g.doubleclick.net kraken.rambler.ru counter.yadro.ru mc.yandex.ru stats.g.doubleclick.net ssl.google-analytics.com favicon.yandex.net yastatic.net avatars-fast.yandex.net avatars.mds.yandex.net an.yandex.ru vk.com hron-prostatit.ru data: blob:; font-src fonts.gstatic.com https: data:; report-uri /csp-report 1 object-src 'none'; script-src 'self' https://cdn.jsdelivr.net https://cdn.neverbounce.com https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com https://www.google.com 'unsafe-inline'; script-src-attr 'self'; style-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.nrg.gr 'unsafe-inline'; style-src-attr 'self'; frame-ancestors 'self' 1 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com maxcdn.bootstrapcdn.com *.intercomcdn.com *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com *.mobilpay.ro 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.google.com *.doubleclick.net *.facebook.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.addthis.com *.twitter.com *.creativecdn.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com dacia-ro.os.tc *.cookiebot.com *.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.addthisedge.com *.twitter.com *.smartsuppcdn.com *.linkedin.com *.docomo.ne.jp *.e-planning.net *.media.net *.smaato.net *.rakuten.com *.gumgum.com *.opera.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.google.ro *.ibb.co contactrenaultgroup.secure.force.com *.salesforceliveagent.com *.intercomcdn.com trusted.ro *.analytics.yahoo.com *.pinterest.com *.kafune.ro data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.addthis.com *.moatads.com *.addthisedge.com *.twitter.com *.smartlook.com *.licdn.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com s7.addthis.com *.avada.io maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.googleoptimize.com onesignal.com *.onesignal.com *.intercom.io *.intercomcdn.com *.salesforceliveagent.com *.googleapis.com *.yimg.com *.retargeting.biz *.retargeting.app *.cookiebot.com *.mczbf.com *.pinimg.com *.smartsuppchat.com *.smartsuppcdn.com *.smartsupp.com *.creativecdn.com *.pinterest.com *.tiktok.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com *.smartsuppcdn.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com maxcdn.bootstrapcdn.com unsafe-inline *.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.intercomcdn.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google.ro *.smartlook.cloud *.cookiebot.com *.tiktok.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com ekr.zdassets.com/ https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com t.elasticsuite.io *.doubleclick.net *.intercom.io wss://nexus-websocket-a.intercom.io wss://ah-pusher.gd.ro *.webrci.ro *.yimg.com cdn.cookielaw.org *.retargeting.app *.smartsuppchat.com *.pinterest.com *.googleapis.com *.smartsuppcdn.com *.smartsupp.com wss://websocket-visitors.smartsupp.com *.creativecdn.com *.sjwoe.com *.mczbf.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 img-src https://higherlogicdownload.s3.amazonaws.com/BETAGAMMASIGMA/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/BETAGAMMASIGMA/ https://img.youtube.com/vi/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/BETAGAMMASIGMA/ https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ fonts.googleapis.com https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/BETAGAMMASIGMA/ https://higherlogicdownload.s3.amazonaws.com/BETAGAMMASIGMA/ https://higherlogiclongterm.s3.amazonaws.com/BETAGAMMASIGMA/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ higherlogiccloudfront.s3.amazonaws.com fonts.googleapis.com https://higherlogicdownload.s3.amazonaws.com/BETAGAMMASIGMA/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/BETAGAMMASIGMA/ 'self' https://higherlogiclongterm.s3.amazonaws.com/BETAGAMMASIGMA/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; media-src https://higherlogiclongterm.s3.amazonaws.com/BETAGAMMASIGMA/ https://higherlogicdownload.s3.amazonaws.com/BETAGAMMASIGMA/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/BETAGAMMASIGMA/ https://higherlogicstream.s3.amazonaws.com/BETAGAMMASIGMA/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/BETAGAMMASIGMA/ https://higherlogicdownload.s3.amazonaws.com/BETAGAMMASIGMA/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d132x6oi8ychic.cloudfront.net cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/BETAGAMMASIGMA/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; script-src-elem https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d3uf7shreuzboy.cloudfront.net/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; worker-src 'self'; frame-src https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; default-src 'self'; base-uri 'self'; connect-src 'self' hl-managedservices.informz.net; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 1 img-src https: data:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-y-S5Fr4UmISDEUy3qda2bg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src fonts.gstatic.com use.typekit.net *.gstatic.com data: *.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.sharethis.com www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.sharethis.com *.gstatic.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.sharethis.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.sharethis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sharethis.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.googletagmanager.com *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googletagmanager.com *.google-analytics.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.googletagmanager.com *.google-analytics.com *.stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 base-uri 'self';child-src 'self' * data:;connect-src 'self' * data:;default-src 'self';font-src * data:;form-action 'self' https://pictspace.net;frame-src * data:;media-src * data:;img-src * data: blob:;object-src 'none';script-src 'self' 'strict-dynamic' https://static.zdassets.com https://pagead2.googlesyndication.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://token.ccps.jp https://widget.univapay.com https://securepubads.g.doubleclick.net https://kit.fontawesome.com https://tpc.googlesyndication.com https://platform.twitter.com 'nonce-DwsVi7FAo4PayJuCYTLg9w==';script-src-elem 'self' 'strict-dynamic' https://static.zdassets.com https://pagead2.googlesyndication.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://token.ccps.jp https://widget.univapay.com https://securepubads.g.doubleclick.net https://kit.fontawesome.com https://tpc.googlesyndication.com https://platform.twitter.com 'nonce-DwsVi7FAo4PayJuCYTLg9w==';script-src-attr 'unsafe-inline';style-src 'self' * data: 'unsafe-inline';report-uri /csp_reports/report; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.clarity.ms cdn.cookielaw.org *.onetrust.com *.doubleclick.net www.google.com.mx t.co icongr.am *.linkedin.com *.twitter.com cdn.jsdelivr.net *.gstatic.com www.googletagmanager.com static.addtoany.com analytics.google.com *.facebook.com unpkg.com cdnjs.cloudflare.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 frame-ancestors *.stripe.com stripe.com 'self'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; form-action *.facebook.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://seo.mageplaza.com *.yotpo.com 'self' 'unsafe-inline'; img-src *.hubspot.com *.facebook.com *.bing.com *.googletagmanager.com *.google.com *.gstatic.com *.google.ca *.google-analytics.com *.googleapis.com *.hsforms.net googleadservices.com google-analytics.com paypalobjects.com *.braintreegateway.com www.paypal.com *.cardinalcommerce.com *.paypal.com *.vimeo.com *.youtube.com *.hsforms.com google-analytics.com cdn-cookieyes.com *.doubleclick.net assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.bird.eu *.yotpo.com 'self' 'unsafe-inline'; connect-src *.hubapi.com *.hubspot.com *.hscollectedforms.net *.googletagmanager.com *.google.com *.gstatic.com *.google.ca *.google-analytics.com *.googleapis.com *.hsforms.net googleadservices.com google-analytics.com paypalobjects.com *.braintreegateway.com www.paypal.com *.cardinalcommerce.com *.paypal.com *.vimeo.com *.youtube.com *.hsforms.com google-analytics.com *.doubleclick.net *.cookieyes.com cdn-cookieyes.com google.com dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com canadapost.ca ct.soa-gw.canadapost.ca soa-gw.canadapost.ca *.yotpo.com 'self' 'unsafe-inline'; style-src *.zencdn.net getfirebug.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; font-src data: fonts.googleapis.com fonts.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; script-src *.facebook.net *.clickcease.com *.bing.com *.doubleclick.net googletagmanager.com *.googletagmanager.com *.hs-analytics.net *.hscollectedforms.net *.hsadspixel.net *.hsleadflows.net *.hs-banner.com *.hs-scripts.com *.googletagmanager.com *.google.com *.gstatic.com *.google.ca *.google-analytics.com *.googleapis.com *.hsforms.net googleadservices.com google-analytics.com paypalobjects.com *.braintreegateway.com www.paypal.com *.cardinalcommerce.com *.paypal.com *.vimeo.com *.youtube.com *.hsforms.com google-analytics.com cdn-cookieyes.com assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.avada.io *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; frame-src *.facebook.com *.fls.doubleclick.net *.googletagmanager.com *.google.com *.gstatic.com *.google.ca *.google-analytics.com *.googleapis.com *.hsforms.net googleadservices.com google-analytics.com paypalobjects.com *.braintreegateway.com www.paypal.com *.cardinalcommerce.com *.paypal.com *.vimeo.com *.youtube.com *.hsforms.com google-analytics.com youtube.com *.doubleclick.net fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com canadapost.ca ct.soa-gw.canadapost.ca soa-gw.canadapost.ca *.yotpo.com 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' fitmoda.com.br *.fitmoda.com.br fitmoda.fbitsstatic.net fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br dzpxyxks1bfmb.cloudfront.net *.gstatic.com *.paypalobjects.com *.paypal.com *.smarthint.co *.g.doubleclick.net *.googleadservices.com *.google.com.br d335luupugsy2.cloudfront.net google.com.br *.rdstation.com.br *.facebook.net *.google-analytics.com *.google.cl *.google.com *.com.au *.com.pe *.google.sr *.com.bo *.google.ie *.fbits.net *.tawk.to *.soclminer.com.br *.co.jp google.co.jp googleadservices.com googleads.g.doubleclick.net tpc.googlesyndication.com *.fitmoda.com.br google-analytics.com *.googletagmanager.com *.google.pt *.google.fr *.google.it *.uc.r.appspot.com stats.g.doubleclick.net googletagmanager.com connect.facebook.net *.btg360.com.br *.socialminer.com signalrcore.fbits.net wss://signalrcore.fbits.net clarity.ms *.clarity.ms checkout.fitmoda.com.br *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com secure.lomadee.com *.lomadee.com 44.219.78.226 35.168.146.240 44.217.13.28 *.fbits.store *.adyen.com ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.fitmoda.com.br fitmoda.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' liderdamatilha.com.br *.liderdamatilha.com.br LiderdaMatilha.fbitsstatic.net fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com googleadservices.com cloudflare.com alphassl.com doubleclick.net hertzen.com moip.com.br ebit.com.br *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com *.alphassl.com *.cloudflare.com *.googleadservices.com *.doubleclick.net *.ebit.com.br *.hertzen.com *.moip.com.br wss://signalr.fbits.net *.gstatic.com *.hotjar.com k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br *.hotjar.io vc.hotjar.io secure.mlstatic.com *.mercadopago.com mercadopago.com wss://ws4.hotjar.com *.hotjar hotjar.com hotjar script.hotjar.com wss://ws14.hotjar.com wss://ws2.hotjar.com *.bootstrapcdn.com wss://*.hotjar.com dzpxyxks1bfmb.cloudfront.net *.mercadolibre.com *.gstatic.com *.soclminer.com.br *.btg360.com.br *.socialminer.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net samuraiexpertsstorage.blob.core.windows.net *.azurewebsites.net *.analytics.tiktok.com *.liderdamatilha.com.br *.tiktok.com *.pinimg.com *.avis-verifies.com *.bing.com cl.avis-verifies.com s.pinimg.com bat.bing.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.clarity.ms *.pinterest.com *.blob.core.windows.net analytics.tiktok.com *.fbits.store *.adyen.com ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.liderdamatilha.com.br liderdamatilha.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho 1 font-src cl.avis-verifies.com *.criteo.net *.criteo.com *.adsrvr.org *.googlesyndication.com *.petitceller.com *.payments-amazon.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.redsys.es *.facebook.com *.amazon.es *.petitceller.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.de *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.amazon.es *.petitceller.com *.opiniones-verificadas.com *.avis-verifies.com *.googlesyndication.com c.avis-verifies.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.redsys.es *.facebook.com consentcdn.cookiebot.com *.amazon.com *.amazon.es *.criteo.com *.criteo.net *.opiniones-verificadas.com *.avis-verifies.com c.avis-verifies.com *.adsrvr.org *.googlesyndication.com *.petitceller.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.collect.igodigital.com *.cloudfront.net cl.avis-verifies.com *.google.com *.google.es *.facebook.com *.adsrvr.org *.clarity.ms *.rfihub.com *.doubleclick.net *.casalemedia.com *.adnxs.com *.bidswitch.net *.tremorhub.com *.netreviews.eu *.agkn.com *.rubiconproject.com *.yahoo.com *.bing.com *.taboola.com *.spotxchange.com *.gstatic.com *.advertising.com *.liadm.com *.smaato.net *.criteo.com *.criteo.net *.outbrain.com *.kargo.com *.addthis.com *.tapad.com *.smartadserver.com *.360yield.com *.pubmatic.com *.postrelease.com *.3lift.com *.adform.net *.media.net *.teads.tv *.rambler.ru *.aralego.com *.mail.ru *.yieldmo.com *.sharethrough.com *.yieldlab.net *.omnitagjs.com *.stickyadstv.com *.ivitrack.com *.mgid.com *.mediavine.com *.adotmob.com *.e-planning.net *.openx.net *.adscale.de *.rlcdn.com *.avis-verifies.com/ *.opiniones-verificadas.com *.magentocommerce.com/ *.googlesyndication.com *.dmxleo.com *.petitceller.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com https://images.unsplash.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.collect.igodigital.com consent.cookiebot.com consentcdn.cookiebot.com *.googletagmanager.com cl.avis-verifies.com *.svn.avis-verifies.com *.avis-verifies.com *.bucket.cdnwebcloud.com *.facebook.com *.facebook.net *.google-analytics.com *.webgains.io *.clarity.ms *.googleapis.com *.googleadservices.com *.cdnwebcloud.com *.taboola.com *.criteo.com *.criteo.net *.adsrvr.org *.googlesyndication.com *.petitceller.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de s7.addthis.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.collect.igodigital.com *.taboola.com *.google-analytics.com *.google.com *.doubleclick.net *.clarity.ms *.netreviews.eu *.cdnwebcloud.com *.opiniones-verificadas.com *.avis-verifies.com c.avis-verifies.com *.cookiebot.com *.paypal.com *.webgains.io *.facebook.com *.youtube.com *.adsrvr.org *.googlesyndication.com *.petitceller.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-xikvIiZ_Ry6I7Gk07yV6HA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' https://*.vercel.app/; script-src 'unsafe-inline' 'unsafe-eval' 'report-sample' 'self' https://www.youtube.com/ https://unpkg.com https://cdn.matomo.cloud/ https://cdn.matomo.cloud https://promedica.tfaforms.net https://cdn.cookielaw.org/ https://cdn.mouseflow.com/ https://googleads.g.doubleclick.net/ https://kit.fontawesome.com/ https://maps.googleapis.com/ https://*.vercel.app/ https://siteintercept.qualtrics.com/ https://www.google-analytics.com/analytics.js https://www.gstatic.com/ https://www.google.com/recaptcha/ https://www.googletagmanager.com/ https://zn86cv25rplysllsr-promedica.siteintercept.qualtrics.com/SIE/; style-src 'report-sample' 'unsafe-inline' 'self' https://fonts.googleapis.com/ https://promedica.tfaforms.net/ https://*.vercel.app/ ; object-src 'none'; base-uri 'self'; connect-src 'self' https://pagead2.googlesyndication.com https://analytics.google.com https://www.google-analytics.com https://cdn.cookielaw.org https://*.fontawesome.com https://maps.googleapis.com https://pcl.promedica.org https://pcl-staging.promedica.org https://mc-3f4459e6-26cc-45d7-95b4-1637-cd.azurewebsites.net https://*.vercel.app https://promedica.matomo.cloud https://siteintercept.qualtrics.com/ https://stats.g.doubleclick.net/ https://www.google-analytics.com/; font-src 'self' data: https://*.fontawesome.com https://fonts.gstatic.com https://*.vercel.app https://use.typekit.net; frame-src 'self' https://www.youtube.com/ https://www.google.com/; img-src 'self' data: https://www.google.com.ec https://cdn.cookielaw.org/ https://pcl.promedica.org/ https://pcl-staging.promedica.org https://mc-3f4459e6-26cc-45d7-95b4-1637-cd.azurewebsites.net https://*.vercel.app https://www.google.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ http://dummyimage.com/ https://*.qualtrics.com/ https://maps.googleapis.com/ https://maps.gstatic.com/; manifest-src 'self'; media-src 'self' data: https://pcl.promedica.org https://pcl-staging.promedica.org; report-uri https://6480f3f9bf4bdd8c5cde6f2b.endpoint.csper.io/?v=1; worker-src 'none'; 1 child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://*.zenaps.com https://*.criteo.com https://static.criteo.net https://ln-rules.rewardstyle.com https://www.shoplooks.com https://recaptcha.net https://vars.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://tr.snapchat.com https://dekopay.preprod.k8s.dekopay.org https://pay.deko.finance https://www.pinterest.com blob: https://*.awin1.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.googleapis.com https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.baidu.com https://vc.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://ct.pinterest.com https://tr.snapchat.com https://*.contentsquare.net https://*.criteo.com https://analytics.tiktok.com https://horizon-api.www.whitestuff.de https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://www.whitestuff.de/e2/ds/relay https://horizon-api.www.whitestuff.de/graphql https://*.ingest.sentry.io https://s1.thcdn.com; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://fonts.smct.co https://fonts.smct.io https://fonts.gstatic.com; form-action 'self' https://www.facebook.com https://m.whitestuff.de https://checkout.whitestuff.de https://www.whitestuff.de https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://*.criteo.com https://static.criteo.net https://*.baidu.com https://remote.captcha.com https://ssl.bing.com https://*.akamaihd.net https://ln-rules.rewardstyle.com https://recaptcha.net https://*.sciencebehindecommerce.com https://*.shoplooks.com https://slooks.top https://slooks.me https://static.hotjar.com https://script.hotjar.com https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://s.pinimg.com https://*.contentsquare.net https://app.contentsquare.com https://assets.dekopay.com https://analytics.tiktok.com https://*.ibytedtos.com https://*.awin1.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://s1.thcdn.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.shoplooks.com https://static.shoplooks.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://s1.thcdn.com; upgrade-insecure-requests; report-to report-endpoint; 1 font-src http://maxcdn.bootstrapcdn.com/font-awesome/ https://widgets.trustedshops.com/ https://fonts.gstatic.com *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://widgets.trustedshops.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://www.facebook.com/ *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://www.google.com/recaptcha/ https://www.facebook.com/ https://bid.g.doubleclick.net/ https://www.youtube.com/ https://gum.criteo.com/ https://static.criteo.net/ https://config1.veinteractive.com/ *.google.com/ https://www.youtube.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://widgets.trustedshops.com/ https://www.facebook.com/ https://connect.facebook.net/ https://www.google.com/pagead/ https://www.google.de/pagead/ https://www.google.com/ads/ https://www.google.de/ads/ https://googleads.g.doubleclick.net/ https://stats.g.doubleclick.net/ https://www.gstatic.com/ https://ssl.gstatic.com/ https://www.google-analytics.com/ https://www.google.com/ https://bat.bing.com/ https://files.newsletter2go.com/ https://ad.mail.ru/ https://ads.yieldmo.com/ https://sync-criteo.ads.yieldmo.com/ https://ad.sxp.smartclip.net/ https://pixel.rubiconproject.com/ https://gum.criteo.com/ https://sp.analytics.yahoo.com/ https://s.ad.smaato.net/ https://i.liadm.com/ https://i6.liadm.com/ https://sync.outbrain.com/ https://sync.e-planning.net/ https://sync-t1.taboola.com/ https://ib.adnxs.com/ https://simage2.pubmatic.com/ https://visitor.omnitagjs.com/ https://cm.adform.net/ https://beacon.krxd.net/ https://dis.criteo.com/ https://cm.g.doubleclick.net/ https://criteo-sync.teads.tv/ https://secure.adnxs.com/ https://ad.360yield.com/ https://match.sharethrough.com/ https://rtb-csync.smartadserver.com/ https://r.casalemedia.com/ https://ads.yahoo.com/ https://ups.analytics.yahoo.com/ https://pixel.advertising.com/ https://us-u.openx.net/ https://eb2.3lift.com/ https://contextual.media.net/ https://cotads.adscale.de/ https://ih.adscale.de/ https://tg.socdm.com/ https://x.bidswitch.net/ https://ad.yieldlab.net https://ads.stickyadstv.com/ https://cdn.stickyadstv.com/ https://idsync.rlcdn.com/ https://jadserve.postrelease.com/ https://criteo-partners.tremorhub.com/ https://pixel.tapad.com/ https://s.thebrighttag.com/ https://www.magezon.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.google.com/ https://www.gstatic.com/recaptcha/ https://connect.facebook.net https://www.googletagmanager.com/ https://tagmanager.google.com/ http://widgets.trustedshops.com/ https://googleads.g.doubleclick.net/ https://www.google-analytics.com/ https://ssl.google-analytics.com/ https://www.google.com/ https://www.googleadservices.com/ https://bat.bing.com/ https://secure.pay1.de/ https://static.newsletter2go.com/ https://sslwidget.criteo.com/ https://top-fwz1.mail.ru/ https://static.criteo.net/ https://config1.veinteractive.com/ https://autocomplete2.postdirekt.de/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com http://maxcdn.bootstrapcdn.com/font-awesome/ https://tagmanager.google.com/ https://fonts.googleapis.com/ *.fontawesome.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://api.newsletter2go.com/ https://top-fwz1.mail.ru/ https://www.paypal.com/ https://www.facebook.com/ https://autocomplete2.postdirekt.de/ autocomplete2.postdirekt.de *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 script-src http: https: *.phoebephilo.com https://abd3-38d62d1bc3ff-prod.phoebephilo.com/ 'nonce-5vk6BoU2fKnN6hqDsn9RgJjaHuyKEe8wPo1lT3QwONdXO'; style-src 'self' *.phoebephilo.com blob: https: 'unsafe-inline' https://abd3-38d62d1bc3ff-prod.phoebephilo.com/; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com data:; frame-src assets.braintreegateway.com *.google.com *.youtube.com *.youtu.be *.vimeo.com *.adyen.com *.paypal.com *.inside-graph.com *.phoebephilo.com 1 script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://*.gemini.yahoo.com https://s.yimg.com/av/gemini/ga/gemini-iframe.js https://s.yimg.com/av/curveball/ 'unsafe-eval' 'nonce-bFpCvWVcQw9Tkcfc2lhq05z3D0' https://www.google.com/recaptcha/api.js https://www.gstatic.com; object-src 'none'; worker-src blob:; base-uri 'self'; 1 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data: ; report-uri https://csp.rcahms.gov.uk/bfa-live; 1 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.fontawesome.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com *.cloudflare.com *.bootstrapcdn.com *.twitter.com *.typekit.net *.googleapis.com *.easypack24.net *.ekomiapps.de data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.facebook.com *.googlesyndication.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com secure.payu.com merch-prod.snd.payu.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com static.payu.com *.tile.osm.org *.cloudflare.com *.githubusercontent.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.magentocommerce.com *.imgur.com *.ekomiapss.de *.ekomiapps.de *.pixabay.com *.amazonaws.com *.placeholder.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.google.com *.google.bg *.googletagmanager.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.avada.io https://cdnjs.cloudflare.com *.payu.com secure.snd.payu.com www.googletagmanager.com *.magentocommerce.com *.braintreegateway.com *.githubusercontent.com *.paypall.com *.cardinalcommerce.com *.authorize.net *.facebook.com *.cloudflare.com *.twitter.com *.fontawesome.com *.trustedshops.com *.addthis.com s7.addthis.com m.addthis.com z.moatads.com *.addthisedge.com apis.google.com graph.facebook.com *.ekomiapss.de *.ekomiapps.de *.easypack24.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.cloudflare.com *.bootstrapcdn.com *.ekomiapss.de *.ekomiapps.de *.easypack24.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com https://get.geojs.io *.avada.io secure.payu.com merch-prod.snd.payu.com *.cloudflare.com *.tile.osm.org *.openstreetmap.org *.twitter.com *.paypal.com *.ekomiapps.de 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.openstreetmap.org *.paypal.com *.facebook.com *.ekomiapps.de 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /zsteam_csp; report-to report-endpoint; 1 default-src 'self' 'unsafe-inline' *; script-src 'self' 'unsafe-eval' 'unsafe-inline' * data: *; style-src 'self' 'unsafe-inline' *; img-src 'self' 'unsafe-inline' * data: *; frame-src 'self' * data: *; font-src 'self' 'unsafe-inline' * data: *; connect-src 'self' 'unsafe-inline' *; report-uri /admin/config/system/seckit/csp-report 1 font-src *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://www.sandbox.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://www.googletagmanager.com/ *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://www.paypalobjects.com 'self' 'unsafe-inline'; 1 font-src *.googleapis.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.restorio.cz *.restorio.sk *.vegadesign.cz *.vegadesign.local 'self' data: *.twitter.com *.twimg.com *.zopim.com data: 'self' 'unsafe-inline'; form-action *.restorio.cz *.restorio.sk *.vegadesign.cz *.vegadesign.local *.twitter.com *.facebook.com yaby.eu 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com www.facebook.com platform.twitter.com *.restorio.cz *.restorio.sk *.vegadesign.cz *.vegadesign.local *.google.com *.googletagmanager.com *.twitter.com *.facebook.com *.hotjar.com *.packeta.com *.doubleclick.net *.ladesk.com *.gopay.cz *.gopay.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com data: *.facebook.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com *.restorio.cz *.restorio.sk *.vegadesign.cz *.vegadesign.local *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.googlesyndication.com *.google.com *.google.cz *.google.sk *.twitter.com *.twimg.com *.facebook.net *.ytimg.com *.imedia.cz *.zopim.com *.heureka.cz *.heureka.sk yaby.eu im9.cz *.doubleclick.net www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://cdn.polyfill.io https://browser.sentry-cdn.com *.googletagmanager.com *.facebook.net connect.facebook.net twitter.com platform.twitter.com *.restorio.cz *.restorio.sk *.vegadesign.cz *.vegadesign.local *.google.com *.google.cz *.google-analytics.com *.googleadservices.com *.googlesyndication.com *.twitter.com *.twimg.com *.facebook.com *.fontawesome.com *.hotjar.com *.doubleclick.net *.imedia.cz *.doofinder.com *.packeta.com *.cookiehub.com cookiehub.net *.cookiehub.eu *.zdassets.com *.zopim.com *.sentry-cdn.com *.ladesk.com *.im9.cz *.dognet.sk login.dognet.sk *.gopay.cz *.cloudflareinsights.com *.cloudflare.com' www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com *.restorio.cz *.restorio.sk *.vegadesign.cz *.vegadesign.local *.googleapis.com *.gstatic.com *.twitter.com *.twimg.com *.cookiehub.com *.cookiehub.eu cookiehub.net *.zopim.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com data: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com *.googleapis.com *.sentry.io *.google-analytics.com *.restorio.cz *.restorio.sk *.vegadesign.cz *.vegadesign.local *.google.com *.google.cz *.google.sk *.doubleclick.net *.twitter.com *.twimg.com *.doofinder.com *.googlesyndication.com *.zdassets.com wss://widget-mediator.zopim.com *.packeta.com *.cookiehub.net *.facebook.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.restorio.cz *.restorio.sk *.vegadesign.cz *.vegadesign.local yaby.eu 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://sentry.vegadesign.cz/api/4/security/?sentry_key=aabf49608cca46b2bf8fb3c0ad2a8eba; report-to report-endpoint; 1 object-src 'none';base-uri 'self';script-src 'nonce-t8_9EByLsXyTbe-hTL7poA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.klarnacdn.net *.fontawesome.com data: *.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com https://www.sandbox.paypal.com https://seo.mageplaza.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.neuhaus-group.de *.paul-neuhaus.de 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.doubleclick.net *.facebook.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.cookiefirst.com snapwidget.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.trustedshops.com *.instagram.com *.fbcdn.net *.via.placeholder.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudfront.net *.google.de *.cookiefirst.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com widget.freshworks.com m2epro.freshdesk.com *.klarna.com *.klarnacdn.net *.klarnaservices.com https://consent.cookiefirst.com https://app.cookiefirst.com https://static.cookiefirst.com https://edge.cookiefirst.com *.trustedshops.com *.cdn.jsdelivr.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com static-eu.payments-amazon.com *.cookiefirst.com snapwidget.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com widget.freshworks.com m2epro.freshdesk.com *.klarnacdn.net https://consent.cookiefirst.com https://app.cookiefirst.com https://static.cookiefirst.com https://edge.cookiefirst.com *.fontawesome.com unsafe-inline *.cookiefirst.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.facebook.com *.facebook.net *.google.com widget.freshworks.com m2epro.freshdesk.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://consent.cookiefirst.com https://app.cookiefirst.com https://static.cookiefirst.com https://edge.cookiefirst.com *.instagram.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com static-eu.payments-amazon.com payments-de-sandbox.amazon.com *.cookiefirst.com *.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://www.paypalobjects.com 'self' 'unsafe-inline'; 1 default-src *; script-src * 'unsafe-inline'; style-src * 'unsafe-inline'; img-src * data:; font-src * data:; report-to https://mercedesforum.report-uri.com/r/d/csp/enforce 1 font-src fonts.gstatic.com portal.bulkgate.com *.gstatic.com *.mysport.lv *.fontawesome.com maxcdn.bootstrapcdn.com 'self' data: *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de portal.bulkgate.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.addthis.com *.addthisedge.com *.facebook.com *.facebook.net *.sumo.com sumo.com *.sumome.com *.pinterest.com *.moatads.com *.google.lv *.google.com *.gstatic.com *.windows.net 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de portal.bulkgate.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.google.com *.addthis.com *.google.lv *.gstatic.com *.windows.net *.facebook.com *.wesupply.xyz *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de portal.bulkgate.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com validate.fishpig.co.uk *.mysport.lv *.facebook.com *.google.lv *.google.com *.gstatic.com *.windows.net https://maps.omnivasiunta.lt 'self' data: *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com cdn.ampproject.org raw.githubusercontent.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de portal.bulkgate.com *.gstatic.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.google.com *.mysport.lv *.addthis.com *.addthisedge.com *.facebook.com *.facebook.net *.sumo.com sumo.com *.sumome.com *.pinterest.com *.moatads.com *.google.lv *.windows.net https://unpkg.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com portal.bulkgate.com *.gstatic.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com *.mysport.lv *.fontawesome.com maxcdn.bootstrapcdn.com *.googleapis.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com cdn.ampproject.org *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de portal.bulkgate.com *.gstatic.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.mysport.lv *.addthis.com *.doubleclick.net sumo.com *.google.lv *.google.com *.windows.net *.facebook.com https://geocode.arcgis.com *.google-analytics.com https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src maxcdn.bootstrapcdn.com *.googleapis.com *.zopim.com *.hotjar.com *.hotjar.io *.gstatic.com data: *.fontawesome.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.hotjar.com *.issuu.com *.vimeo.com *.facebook.com *.demdex.net *.openpay.mx *.openpay.co *.opencontrol.mx *.kaptcha.com *.paynet.com.mx 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.googleapis.com *.facebook.com *.youtube.com *.zopim.io *.zopim.com *.gstatic.com *.doubleclick.net *.omtrdc.net https://landofcoder.com data: *.googletagmanager.com *.googleusercontent.com *.google.com *.ggpht.com *.never8.com *.unitam.com eadn-wc04-10468518.nxedge.io ce2f80375c.nxcli.io *.postimg.cc 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com *.vimeocdn.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.hotjar.com *.zopim.com *.bootstrapcdn.com *.zdassets.com *.issuu.com *.googleapis.com *.facebook.net *.googletagmanager.com *.google.com vimeo.com *.magento.com *.s3.amazonaws.com *.openpay.co *.google-analytics.com *.google.com/recaptcha/ *.gstatic.com/recaptcha/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com maxcdn.bootstrapcdn.com *.googleapis.com *.google.com *.fontawesome.com *.magento.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com vimeo.com wss://*.zopim.com wss://*.hotjar.com *.zdassets.com *.hotjar.com *.hotjar.io *.demdex.net *.zopim.com *.omtrdc.net *.google-analytics.com *.doubleclick.net *.magento.com *.googleapis.com *.openpay.mx *.openpay.co 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com http://nullpoint.owox.com *.intexpool.ua *.google.com *.googleadservices.com *.googleapis.com *.gstatic.com *.addthis.com *.addthisedge.com *.doubleclick.net *.google.com.ua *.facebook.net *.binotel.com *.trackjs.com *.hotjar.com *.onesignal.com *.moatads.com *.onesignal.com onesignal.com web.facebook.com static.cloudflareinsights.com in.hotjar.com translate.googleapis.com *.pool.ua youtu.be *.youtu.be; default-src 'self' *.gstatic.com *.pool.ua; frame-src vkontakte.ru www.facebook.com vk.com *.intexpool.ua *.youtube.com *.google.com *.doubleclick.net *.google.com.ua *.googleapis.com *.gstatic.com *.addthis.com *.hotjar.com web.facebook.com *.youtu.be *.pool.ua youtu.be; img-src *.multichannel.demo.owox.com data: yastatic.net www.google-analytics.com stats.g.doubleclick.net api-maps.yandex.ru *.maps.yandex.net google-analytics.bi.owox.com 130.211.91.193 nullpoint.owox.com *.intexpool.ua ssl.gstatic.com *.yandex.ru *.doubleclick.net *.google.com *.google.com.ua *.yandex.ua *.googleapis.com *.gstatic.com *.facebook.com *.trackjs.com www.googletagmanager.com *.pool.ua; style-src 'unsafe-inline' 'self' *.intexpool.ua *.googleapis.com *.gstatic.com onesignal.com *.pool.ua; connect-src 'self' *.yandex.ru www.youtube.com *.googlevideo.com www.google-analytics.com google-analytics.bi.owox.com 130.211.91.193 *.intime.ua *.addthis.com *.google.com *.google.com.ua *.doubleclick.net in.hotjar.com translate.googleapis.com *.facebook.com *.facebook.net pagead2.googlesyndication.com; object-src 'self' www.youtube.com *.googleapis.com *.gstatic.com; 1 font-src *.fontawesome.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com/ js.mollie.com vars.hotjar.com app.usercentrics.eu cdn.lightwidget.com www.xtento.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://www.magezon.com https://www.mollie.com www.google.de *.cdninstagram.com app.usercentrics.eu bat.bing.com lt45.net www.xtento.com cdn.xtento.com maps.gstatic.com *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://unpkg.com *.google.com/ js.mollie.com static.hotjar.com script.hotjar.com bat.bing.com app.usercentrics.eu cdn.lightwidget.com *.clarity.ms cq.reellworld.com www.xtento.com cdn.xtento.com https://cdnjs.cloudflare.com maps.googleapis.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com graph.instagram.com in.hotjar.com bat.bing.com graphql.usercentrics.eu api.usercentrics.eu aggregator.service.usercentrics.eu *.clarity.ms cq.reellworld.com www.google.de *.analytics.google.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.gstatic.com data: *.klarnacdn.net *.klevu.com *.ksearchnet.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.klarna.com https://www.googletagmanager.com/ *.trustpilot.com *.yotpo.com *.ingrid.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.klevu.com *.ksearchnet.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.klarna.com *.klarnacdn.net *.klarnaservices.com js.klevu.com *.ksearchnet.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.trustpilot.com *.yotpo.com *.ingrid.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.klarnacdn.net *.klevu.com *.ksearchnet.com *.trustpilot.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com *.klevu.com *.ksearchnet.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-CWSklEl1HqU3lAR83QRmrQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' data:; img-src 'self' https://*.laposte.fr; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com data:; script-src 'self'; style-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com 'unsafe-inline'; style-src-attr 'self' https://fonts.googleapis.com https://fonts.gstatic.com; frame-ancestors 'self'; report-uri https://apostello.uriports.com/reports/report; report-to default 1 font-src wbot.chat *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://plumrocket.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.mz-css.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ wbot.chat *.k-analytix.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com wbot.chat megazap.chat *.konduto.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.gstatic.com use.typekit.net *.fontawesome.com www.google.com *.iadvize.com maxcdn.bootstrapcdn.com use.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com *.addtoany.com *.twitter.com *.zdassets.com *.leasestation.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * checkout.sezzle.com sandbox.checkout.sezzle.com checkout.eu.sezzle.com sandbox.checkout.eu.sezzle.com tracking.sezzle.com tracking.eu.sezzle.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://static.afterpay.com https://site-assets.afterpay.com/ d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com www.google.co.in bat.bing.com *.amazonaws.com *.afterpay.com *.paypal.com mcprod.tentandtable.net *.loggly.com *.iadvize.com *.payments-amazon.com *.bolt.com *.kaltura.com *.quickspark.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://img.youtube.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com media.sezzle.com *.yotpo.com swellrewards.com *.swellrewards.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com assets.adobedtm.com commerce.adobe.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com cdn.ampproject.org raw.githubusercontent.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com www.google.com www.xtento.com cdn.xtento.com *.hotjar.com *.impactcdn.com *.iadvize.com *.zdassets.com *.searchspring.io *.bing.com *.callrail.com www.cbvisittracker.com track.cbdatatracker.com *.loggly.com stats.g.doubleclick.net *.iesnare.com *.twitter.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ s7.addthis.com *.avada.io *.gstatic.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com checkout-sdk.sezzle.com sandbox.checkout-sdk.sezzle.com checkout-sdk.eu.sezzle.com sandbox.checkout-sdk.eu.sezzle.com widget.sezzle.com widget.eu.sezzle.com widget.sezzle.in *.yotpo.com swellrewards.com *.swellrewards.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com *.fontawesome.com www.google.com *.iadvize.com *.quickspark.com *.twitter.com https://static.klaviyo.com maxcdn.bootstrapcdn.com *.gstatic.com unsafe-inline assets.braintreegateway.com *.yotpo.com swellrewards.com *.swellrewards.com *.googleapis.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.iesnare.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.net *.bolt.com qa-api.magedevteam.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com cdn.ampproject.org *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de connect.bolt.com connect-sandbox.bolt.com account.bolt.com account-sandbox.bolt.com sessions.bugsnag.com www.google.com *.iadvize.com *.googlesyndication.com *.zendesk.com *.callrail.com *.zopim.com *.clicklease.com *.cbvisittracker.com track.cbdatatracker.com *.loggly.com stats.g.doubleclick.net wss://mpsnare.iesnare.com/ wss://ws.hotjar.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ekr.zdassets.com/ https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.yotpo.com swellrewards.com *.swellrewards.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 script-src 'none'; report-to default 1 script-src 'self' 'unsafe-eval' 'unsafe-inline' *.new10.io *.new10.com *.blueconic.net *.storyblok.com *.cookiebot.com *.googletagmanager.com *.salesforce.com *.salesforceliveagent.com *.force.com *.google-analytics.com *.facebook.net *.licdn.com *.bing.com *.hotjar.com *.financeads.net *.googleadservices.com *.sc-static.net *.googleapis.com; object-src 'none'; frame-ancestors 'self' *.salesforce.com *.force.com *.visualforce.com *.documentforce.com *.storyblok.com new10.gitlab.io *.abnamro.nl *.abnamro.com *.aws.abnamro.org; report-uri /api/csp 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' *.barcelona.cat www.google-analytics.com *.googleapis.com translate.google.com plausible.io cdn.matomo.cloud cdnjs.cloudflare.com stackpath.bootstrapcdn.com www.googletagmanager.com cdn.jsdelivr.net *.bcn.cat www.youtube.com www.clarity.ms dadesbcn.matomo.cloud *.cookiebot.com data: 'self'; style-src 'self' 'unsafe-inline' *.gstatic.com *.barcelona.cat *.bcn.cat stackpath.bootstrapcdn.com *.googleapis.com cdn.jsdelivr.net; frame-src *.cookiebot.com *; child-src *.cookiebot.com; font-src 'self' *.barcelona.cat fonts.googleapis.com fonts.gstatic.com data: 'self'; connect-src 'self' *.barcelona.cat plausible.io *.googleapis.com *.matomo.cloud *.google-analytics.com *.clarity.ms *.bing.com *.cookiebot.com www.gstatic.com; report-uri /report-csp-violation 1 font-src fonts.gstatic.com use.typekit.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.sandbox.paypal.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.snplow.net commerce.adobedc.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.mercadolibre.com www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.magezon.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.avada.io *.mlstatic.com *.mercadopago.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com unsafe-inline www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolibre.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' https: 'unsafe-inline' data: 'unsafe-eval'; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=labuznik 1 font-src fonts.googleapis.com fonts.gstatic.com https://fonts.gstatic.com *.fontawesome.com applepay.cdn-apple.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://connect-v2.fintecture.com https://connect-v2-sbx.fintecture.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.avis-verifies.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * api.payplug.com secure.payplug.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com lumao.eu *.google.fr *.google.com *.myspectro.io cdn.doofinder.com openstreetmap.org maps.googleapis.com maps.gstatic.com https://assets.fintecture.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.gstatic.com *.googletagmanager.com *.doofinder.com *.myspectro.io cdn.doofinder.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com api.payplug.com applepay.cdn-apple.com https://cdn.payplug.com/js/integrated-payment/ *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.doofinder.com fonts.googleapis.com https://fonts.googleapis.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.doofinder.com *.google-analytics.com *.doubleclick.net wss://*.doofinder.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com *.freshchat.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.sharethis.com *.instagram.com www.google.com *.multisafepay.com https://pay.google.com https://cyp.collectyourparcel.eu *.freshchat.com *.tangiblee.com td.doubleclick.net *.criteo.net *.criteo.com google.com googleads.g.doubleclick.net googletagmanager.com *.doubleclick.net google.com/pagead/landing *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.sharethis.com *.cdninstagram.com https://static.buckaroo.nl *.multisafepay.com www.magmodules.eu *.squeezely.tech *.freshchat.com *.tangiblee.com *.thelittlegreenbag.nl *.thelittlegreenbag.com www.google.nl bat.bing.com *.criteo.net *.criteo.com *.adnxs.com *.doubleclick.net contextual.media.net pixel.rubiconproject.com rtb-csync.smartadserver.com sync-t1.taboola.com criteo-sync.teads.tv eb2.3lift.com s.thebrighttag.com ups.analytics.yahoo.com visitor.omnitagjs.com ad.360yield.com match.sharethrough.com criteo-partners.tremorhub.com ad.yieldlab.net beacon.krxd.net google.com googletagmanager.com google.com/pagead/landing *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.sharethis.com *.instagram.com https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl www.google.com https://www.gstatic.com *.multisafepay.com https://pay.google.com squeezely.tech www.squeezely.tech *.squeezely.tech https://cyp.collectyourparcel.eu *.freshchat.com *.tangiblee.com *.analytics.google.com *.criteo.net *.criteo.com www.dwin1.com bat.bing.com lantern.roeyecdn.com google.com googletagmanager.com *.doubleclick.net google.com/pagead/landing https://cdnjs.cloudflare.com *.trustedshops.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl *.fontawesome.com *.multisafepay.com *.freshchat.com fonts.googleapis.com https://cdnjs.cloudflare.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://ipinfo.io *.multisafepay.com squeezely.tech *.squeezely.tech *.tangiblee.com *.analytics.google.com stats.g.doubleclick.net pagead2.googlesyndication.com *.criteo.net *.criteo.com google.com googleads.g.doubleclick.net googletagmanager.com *.doubleclick.net www.google.com google.com/pagead/landing *.trustedshops.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.googleapis.com https://fonts.googleapi.com https://fonts.gstatic.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cdninstagram.com *.fbcdn.net https://maps.gstatic.com https://maps.googleapis.com https://webdemos.tech https://africaneastern.com https://mcstagingauh.africaneasternauh.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.googletagmanager.com *.facebook.net assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.jsdelivr.net *.elfsight.com *.googleapis.com https://unpkg.com https://polyfill.io https://www.youtube.com https://storage.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline *.googleapis.com https://fonts.googleapi.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google-analytics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com https://maps.googleapis.com/ https://fonts.googleapi.com *.elfsight.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.gstatic.com *.klevu.com *.ksearchnet.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com *.klevu.com *.ksearchnet.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.zdassets.com acsbapp.com js-agent.newrelic.com bam.nr-data.net js.klevu.com *.ksearchnet.com *.googleapis.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.klevu.com *.ksearchnet.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.zdassets.com *.acsbapp.com *.zendesk.com wss://widget-mediator.zopim.com bam.nr-data.net *.klevu.com *.ksearchnet.com *.googleapis.com *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' fisiostore.com.br *.fisiostore.com.br fisiostore.fbitsstatic.net fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br dzpxyxks1bfmb.cloudfront.net *.gstatic.com *.mlstatic.com *.g.doubleclick.net *.google.com.br stats.g.doubleclick.net tag.goadopt.io *.voxus.com.br *.goadopt.io *.googleadservices.com *.clearsale.com.br *.loggly.com *.googlesyndication.com *.yourviews.com.br *.googletagmanager.com api.ipify.org *.ipify.org *.google-analytics.com google.co.ao google.fr *.google.fr googletagmanager.com *.mercadopago.com *.google.pl *.googleapis.com *.zdassets.com static.zdassets.com *.mercadolibre.com fisio.zendesk.com *.zendesk.com *.clarity.ms *.soclminer.com.br *.btg360.com.br *.socialminer.com google-analytics.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net td.doubleclick.net *.doubleclick.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.fbits.store *.adyen.com ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.fisiostore.com.br fisiostore.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' loja99oculos.com.br *.loja99oculos.com.br loja99oculos.fbitsstatic.net fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net *.mlstatic.com k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br *.mercadopago.com *.mercadopago.com.br *.paypal.com *.paypal.com.br *.paypalobjects.com secure.mlstatic.com *.loja99oculos.com.br *.opolen.com.br *.targeting.voxus.com.br *.getblue.io *.voxus.com.br recursos.loja99oculos.com.br *.voxus.tv api.voxus.tv *.loggly.com *.ipify.org api.ipify.org logs-01.loggly.com cdn.targeting.voxus.com.br targeting.voxus.com.br *.polen.com.br api.polen.com.br static.opolen.com.br *.edrone.me *.cloudfront.net s.pinimg.com *.hotjar.com static.hotjar.com dynamic.criteo.com dzpxyxks1bfmb.cloudfront.net *.criteo.net *.criteo.com *.pinterest.com *.gstatic.com *.soclminer.com.br *.btg360.com.br *.socialminer.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.fbits.store *.adyen.com ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.loja99oculos.com.br loja99oculos.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho 1 font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com td.doubleclick.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.perfumeriasunidas.com *.google.com *.google.com.mx *.hubapi.com *.hubspot.com *.hsforms.com *.facebook.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com assets.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.nr-data.net *.newrelic.com *.vnforapps.com *.facebook.com *.facebook.net *.luckyorange.com *.doubleclick.net *.hsleadflows.net *.hscollectedforms.net *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hsadspixel.net *.omappapi.com analytics.tiktok.com js.hubspot.com js.usemessages.com plugins-media.makeupar.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com unsafe-inline *.omappapi.com cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net commerce.adobe.net qa-api.magedevteam.com *.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.doubleclick.net *.omappapi.com *.luckyorange.com *.hubapi.com *.hubspot.com *.nr-data.net *.newrelic.com analytics.tiktok.com forms.hscollectedforms.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src maps.googleapis.com www.google.com www.gstatic.com maps.gstatic.com fonts.googleapis.com fonts.gstatic.com www.w3.org *.gstatic.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.addthis.com/ *.moatads.com *.addthisedge.com m.addthis.com api-public.addthis.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.addthis.com *.moatads.com *.addthisedge.com m.addthis.com api-public.addthis.com *.addtoany.com *.pinterest.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de maps.googleapis.com www.google.com www.gstatic.com maps.gstatic.com fonts.googleapis.com www.w3.org blob: *.pinterest.com *.gstatic.com *.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com maps.googleapis.com www.google.com www.gstatic.com maps.gstatic.com fonts.googleapis.com www.w3.org *.addthis.com/ *.moatads.com *.addthisedge.com m.addthis.com api-public.addthis.com bam.nr-data.net *.newrelic.com *.addtoany.com *.facebook.com *.pinterest.com *.tumblr.com *.google.com *.gstatic.com *.googleapis.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com maps.googleapis.com www.google.com www.gstatic.com maps.gstatic.com fonts.googleapis.com www.w3.org *.googleapis.com unsafe-inline *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.addthis.com/ *.moatads.com *.addthisedge.com m.addthis.com api-public.addthis.com bam.nr-data.net *.addtoany.com *.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src https: 'self' data: 'unsafe-inline'; 1 font-src https://*.customily.com https://*.amazonaws.com 'self' data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://test.oppwa.com/ https://oppwa.com/ https://eu-prod.oppwa.com/ https://www.datafast.com.ec/ 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://test.oppwa.com/ https://oppwa.com/ https://www.datafast.com.ec/ business.facebook.com *.weltpixel.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://*.customily.com https://*.amazonaws.com 'self' data: https://test.oppwa.com/ https://oppwa.com/ https://www.datafast.com.ec/ business.facebook.com *.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://*.customily.com https://*.amazonaws.com https://test.oppwa.com/ https://oppwa.com/ https://eu-prod.oppwa.com/ https://www.datafast.com.ec/ business.facebook.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://test.oppwa.com/ https://oppwa.com/ https://eu-prod.oppwa.com/ https://www.datafast.com.ec/ tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://*.customily.com https://*.amazonaws.com 'self' data: https://test.oppwa.com/ https://oppwa.com/ https://eu-prod.oppwa.com/ https://www.datafast.com.ec/ business.facebook.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.mercadolibre.com https://www.google.com www.paypal.com www.sandbox.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com www.facebook.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar www.paypal.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.mlstatic.com *.google.com https://www.gstatic.com *.avada.io www.sandbox.paypal.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.gstatic.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com unsafe-inline *.googleapis.com *.gstatic.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com www.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.mercadopago.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google-analytics.com https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com www.google.com *.mercadolibre.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.gstatic.com *.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com *.google.com *.google.fr *.google.ie 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.googleapis.com *.gstatic.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.avada.io *.mlstatic.com *.mercadopago.com www.gstatic.com *.google.com *.google.fr *.google.ie *.googletagmanager.com *.googleadservices.com googleads.g.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com unsafe-inline *.fontawesome.com maxcdn.bootstrapcdn.com www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com *.googleapis.com www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolibre.com *.google-analytics.com *.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' kidy.com.br *.kidy.com.br kidy.fbitsstatic.net fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br *.googleadservices.com *.g.doubleclick.net googleadservices.com stats.g.doubleclick.net *.posclick.dinamize.com *.lomadee.com ajax.cloudflare.com connect.facebook.net *.facebook.net *.cloudflare.com *.bootstrapcdn.com *.jsdelivr.net code-sa1.jivosite.com static.hotjar.com *.hotjar.com node-sa1-a-1.jivosite.com *.jivosite *.hotjar.io vc.hotjar.io wss://chat-sa1-1.jivosite.com telemetry.jivosite.com *.jivosite.com wss://node-sa1-a-1.jivosite.com dzpxyxks1bfmb.cloudfront.net orion-lb-01.fbits.net *.fbits.net pontos.kidy.com.br gstatic.com *.gstatic.com *.google-analytics.com *.googlesyndication.com *.google.com *.clarity.ms *.soclminer.com.br *.btg360.com.br *.socialminer.com *.cloudfront.net signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.rdstation.com.br *.kidy.com.br popups.rdstation.com.br rdstation.com.br pageview-notify.rdstation.com.br google.com *.google.com.br *.googleapis.com *.googletagmanager.com *.doubleclick.net *.fbits.store *.ritmopropaganda.com *.adyen.com ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.kidy.com.br kidy.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net https://mccdn.me https://*.manychat.com https://cse.google.com https://*.jsdelivr.net https://*.clickdimensions.com https://static.addtoany.com https://cdnjs.cloudflare.com https://s3-us-west-2.amazonaws.com https://www.instagram.com https://www.googletagmanager.com https://ncc-ccn.maps.arcgis.com https://*.arcgisonline.com https://www.google.com; img-src 'self' data: http://ncc-website-2.s3.amazonaws.com https://img.youtube.com https://clients1.google.com https://www.google.com https://*.gstatic.com https://s3.amazonaws.com https://ncc-website-2.s3.amazonaws.com https://s3.ca-central-1.amazonaws.com; style-src 'self' 'unsafe-inline' https://www.google.com https://use.fontawesome.com https://fast.fonts.net; font-src 'self' 'unsafe-inline' https://use.fontawesome.com https://fast.fonts.net; frame-src 'self' https://socialplugin.facebook.net https://www.youtube-nocookie.com https://ncc.geocortex.com https://static.addtoany.com https://*.arcgis.com https://services.arcgisonline.com https://www.adsensecustomsearchads.com; 1 object-src 'none';base-uri 'self';script-src 'nonce-wmihyw1WgTPx3ALRW6eT8Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self'; script-src-elem 'self' 'unsafe-inline' https://www.haecker-kuechen.com https://static.dvinci-easy.com 'sha256-vrjhlOrEAUmEq0sIWrX1oMaLRqZUkCzUsMBJWw4F3TY=' 'sha256-lKqH0iOhxKj1SuFXNR1WzENUipWowRJgzVQOliGKvlU=' 'sha256-D6w35RlPrpdat9eptmZKGleztHL/AF2kBg/FP0vU14w=' https://tagmanager.google.com https://*.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.googlesyndication.com https://www.google.com https://cdn.mouseflow.com https://connect.facebook.net https://assets.calendly.com; style-src-elem 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://static.dvinci-easy.com; font-src 'self' https://fonts.gstatic.com data:; img-src 'self' https://jobs.haecker-kuechen.de https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.googlesyndication.com https://*.google.com https://*.google.de https://www.google.nl https://www.google.ch https://www.google.at https://www.google.dk https://www.google.fr https://www.google.co.uk https://www.google.es https://www.google.it https://www.google.pl https://www.google.tr https://www.google.be https://www.google.at https://www.google.ch https://www.google.ru https://www.google.se https://i.vimeocdn.com https://www.facebook.com; frame-src https://*.haecker-kuechen.de https://*.haecker-kuechen.com https://online.fliphtml5.com https://bid.g.doubleclick.net https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://player.vimeo.com https://calendly.com https://haecker-funnel.kh-apps.com; connect-src 'self' https://jobs.haecker-kuechen.de https://static.dvinci-easy.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.googlesyndication.com https://*.google.com https://*.google.de https://www.google.nl https://www.google.dk https://www.google.fr https://www.google.co.uk https://www.google.es https://www.google.pl https://www.google.tr https://www.google.be https://www.google.at https://www.google.ru https://www.facebook.com https://*.mouseflow.com https://vimeo.com; report-uri https://cspreports.haecker-kuechen.com/?v=9 1 object-src 'none';base-uri 'self';script-src 'nonce-VTfbHV51s0ZF0LqD-ttY6g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-DR5iTG-EJqeUO0H-QnWsMA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-p9xYriEiOTtkKKyT5aCSsg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-2TZscmdW4Vwd-938-Fs_kw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-Zjc9JXDu6OlUcjSV0cYqbA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-q0Fua0xQumdB-3DYQiiEzA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-lenb5pUoPfncGi820YODcQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-75Ykw2_yGRFENcsDvQH1Cg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-x1kgczAIPhyVXrHE_5cEvA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-nQfCVkaDA1T8L34PIFdM5Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-zllLpaL4EXIWsNJja_DsLg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-C9GPcfHIP26dMCD6DhWEUA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-bV79QtYHBqEiCs9xmkyElA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-QpjECToKTbgHK9_AsSexjw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-btGhbRIORIyIBRud_w5svA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-mqOlvSNjXmH5jwmOJSf7NQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-SrIkIRtEnFW7El7ArSpJtA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-bz90c21dAQpPXoFCzyxrjw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-Y5NDTAV0iiKH6T0kogaBYw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-bkEs1vmUwZ83gtl33RE8QA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-X6Eemx4Xzzn529QpkHpbSQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-yRBefIg0NbPsn8miaAU2CQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-5tASK4inAhImZfKBG1jhcw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-WX_SKWOZbNbHZEjCOuxdqw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-eYCcIvF54Mhk-HecZ6A2aQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-PbZvM5z6hdkalsDMG2jBQA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-0SGOYqZlMD_EkIwidqKtkA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-8gBmpwdCvDJzwh18lE455A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-Di4u_ls4hjPG5GGIYozjnQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-mmBILR4MJ6D5uV6GovoeAg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-TgHldA0SU4c1LQ9i5cVPNw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src 'self' https://js.stripe.com 'unsafe-eval' 'sha256-Jxve8bBSodQplIZw4Y1walBJ0hFTx8sZ5xr+Pjr/78Y=' 'sha256-XOlW2U5UiDeV2S/HgKqbp++Fo1I5uiUT2thFRUeFW/g=' 'unsafe-hashes' 'sha256-2rvfFrggTCtyF5WOiTri1gDS8Boibj4Njn0e+VCBmDI=' 'sha256-gC0PN/M+TSxp9oNdolzpqpAA+ZRrv9qe1EnAbUuDmk8=' 'nonce-y3tnC3o_buPD2d6W8xfyAw'; style-src 'self' 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com; frame-src https://js.stripe.com/ https://media.ccc.de https://www.youtube.com https://archive.org; report-uri https://emfcamp.report-uri.com/r/d/csp/reportOnly 1 default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.co.il https://www.myheritage.co.il 'unsafe-eval' 'nonce-09ee5999627039ea4ef50f364d61c837' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.co.il;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1 script-src 'self' warmind.io ajax.cloudflare.com errors.stripe.com js.stripe.com rum.browser-intake-datadoghq.com analytics.google.com www.googletagmanager.com; connect-src api.warmind.io warmind.io js.stripe.com stats.g.doubleclick.net *.analytics.google.com analytics.google.com www.google-analytics.com https://*.browser-intake-datadoghq.com; img-src warmind.io *.bungie.net bungie.net cdn.discordapp.com http://cdn.datatables.net images.ctfassests.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; report-uri https://csp.warmind.io; report-to https://csp.warmind.io; require-trusted-types-for 'script'; 1 frame-ancestors 'self' https://s.brightspace.com https://*.ally.ac https://leaplti.desire2learn.com/ https://leaplti-fr.brightspace.com/ https://tryleap.brightspace.com/ https://leaplti-es.desire2learn.com/ https://leaplti-ptbr.desire2learn.com/ https://leaplti-us.brightspace.com/ https://leaplti-apac.brightspace.com/ https://leaplti-emea.brightspace.com/ https://leapqa.net https://leaplti-ap.brightspace.com https://login.microsoftonline.com/ https://login.live.com/ https://cdn.lcs.brightspace.com/ https://leaplti-in.brightspace.com; report-uri https://logger.us-east-1.logging.brightspace.com/log/csp/fejzn0SKpxgS0STMi-i6fQAAAY6CvH8P 1 default-src 'self' dc.services.visualstudio.com ict.infinity-tracking.net *.infinity-tracking.com stats.g.doubleclick.net *.trustarc.com skyfire.vimeocdn.com maps.googleapis.com ssl.google-analytics.com www.google-analytics.com *.linkedin.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; script-src 'nonce-Kb1uQ8U4Q5c9sXF44BXRDeB+2s6/4gQ3yNhqfILH6PA=' 'self' static-ssl.responsetap.com static-cdn.responsetap.com pi.pardot.com metrics.responsetap.com go.marshcommercial.co.uk cdn.pardot.com https://www.googleadservices.com https://www.google.com ict.infinity-tracking.net connect.facebook.net consent.trustarc.com bam.nr-data.net js-agent.newrelic.com vimeo.com player.vimeo.com maps.googleapis.com www.googleadservices.com ssl.google-analytics.com www.google-analytics.com www.googletagmanager.com www.google.com/recaptcha www.gstatic.com/recaptcha tagmanager.google.com; style-src 'self' 'unsafe-inline' maps.googleapis.com fonts.googleapis.com tagmanager.google.com *.trustarc.com; img-src 'self' www.linkedin.com www.facebook.com/ www.google.es px.ads.linkedin.com consent-pref.trustarc.com consent.trustarc.com maps.gstatic.com maps.googleapis.com www.google-analytics.com www.google.com www.google.co.uk *.doubleclick.net googleads.g.doubleclick.net www.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com data: *.linkedin.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; frame-src 'self' www.facebook.com consent-pref.trustarc.com player.vimeo.com www.google.com www.youtube-nocookie.com www.youtube.com; font-src 'self' consent.trustarc.com fonts.gstatic.com fonts.googleapis.com data:; form-action 'self' www.facebook.com/tr/ dmtrk.net; 1 script-src https: 'strict-dynamic' 'report-sample' 'nonce-w5Hk5igebl6k54cJCLSWxCOdYe6L0pgNNDGe3znEqos='; base-uri 'self';report-to csp-endpoint 1 font-src https://webcache.datareporter.eu *.datareporter.eu *.fontawesome.com https://widgets.trustedshops.com https://static.unzer.com https://applepay.cdn-apple.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://payment.unzer.com/ https://payment.heidelpay.com/ https://sbx-payment.heidelpay.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.colop.com maps.gstatic.com maps.googleapis.com api.colop-online.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://static.unzer.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com unpkg.com *.colop.com *.datareporter.eu api.colop-online.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com https://static.unzer.com https://applepay.cdn-apple.com https://code.jquery.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maps.googleapis.com https://webcache.datareporter.eu *.fontawesome.com unsafe-inline assets.braintreegateway.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.colop.com api.colop-online.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com maps.googleapis.com *.colop.com *.datareporter.eu api.colop-online.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site https://payment.unzer.com https://payment.heidelpay.com https://sbx-payment.heidelpay.com https://api.unzer.com https://api.heidelpay.com https://sbx-api.heidelpay.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.userway.org cdn.segment.com a.klaviyo.com *.facebook.net *.doubleclick.net ka-p.fontawesome.com use.typekit.net acsbapp.com *.gstatic.com www.gsmoutdoors.com static-tracking.klaviyo.com static.klaviyo.com *.facebook.com *.online-metrix.net *.googleapis.com p.typekit.net api.userway.org static-forms.klaviyo.com cdn.acsbapp.com www.googletagmanager.com kit.fontawesome.com cdn.avmws.com cdn77.api.userway.org imgs.signifyd.com fast.a.klaviyo.com www.google.com tasks.gsmoutdoors.com cdn11.bigcommerce.com phosphor.utils.elfsightcdn.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 font-src *.fontawesome.com *.gstatic.com *.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors app.cux.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ pay.google.com pay-accept.bm.pl pay.bm.pl cards-accept.bm.pl cards.bm.pl c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com www.youtube.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.salesmanago.pl *.salesmanago.es *.salesmanago.com platnosci.bm.pl platnosci-accept.bm.pl www.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.google.pl www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.salesmanago.pl *.salesmanago.es *.salesmanago.com cards-accept.bm.pl cards.bm.pl pay.google.com *.google-analytics.com *.googletagmanager.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.dwin1.com dc.cux.io connect.facebook.net *.livechatinc.com static.clickonometrics.pl www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com pay-accept.bm.pl pay.bm.pl cards-accept.bm.pl cards.bm.pl *.googleapis.com *.fontawesome.com unsafe-inline *.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.google-analytics.com https://*.ingest.sentry.io https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.analytics.google.com *.track.cux.io stats.g.doubleclick.net ws: 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ; script-src * 'unsafe-inline' 'unsafe-eval' data: ; style-src * 'unsafe-inline' data: ; img-src 'self' data: secure.gravatar.com www.gravatar.com; font-src * data: ; media-src * ; report-uri https://sheptravel.com?gdsih-csp-report; 1 font-src *.fontawesome.com *.klarnacdn.net *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com eadn-wc03-463152.nxedge.io *.stripe.com klarna.com *.klarna.com *.klarnaevt.com customneon.com customneon.com.au customneon.co.uk/ eadn-wc02-9281796.nxedge.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.twitter.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.google.com/ www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: *.klarna.com *.limepay.com.au *.twitter.com *.consensu.org *.sharethis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com checkout.bluesnap.com ssl.kaptcha.com portal.afterpay.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.afterpay.com https://site-assets.afterpay.com/ www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com https://www.magezon.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cloudflare.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.sharethis.com *.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.google.co.in lh3.googleusercontent.com phosphor.utils.elfsightcdn.com px.ads.linkedin.com d.adroll.com eadn-wc02-9281796.nxedge.io *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com apis.google.com www.apptrian.com pinterest.com www.pinterest.com s.pinimg.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.google.com *.klarna.com *.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.limepay.com.au *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.nr-data.net *.newrelic.com *.trackedlink.net *.sharethis.com *.googletagmanager.com *.facebook.net *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.stripe.com klarna.com *.klarnaevt.com *.trustpilot.com www.google.co.in static.elfsight.com apps.elfsight.com maps.googleapis.com cdn.audiencelab.io s.adroll.com d.adroll.com static.zdassets.com cdn.websitepolicies.io snap.licdn.com ssl.kaptcha.com universe-static.elfsightcdn.com eadn-wc02-9281796.nxedge.io https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com *.fontawesome.com *.klarnacdn.net https://static.klaviyo.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu unsafe-inline *.trustpilot.com cdn.websitepolicies.io eadn-wc02-9281796.nxedge.io tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.googleadservices.com *.google-analytics.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.nr-data.net *.newrelic.com *.ampproject.org *.sharethis.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.stripe.com klarna.com static.elfsight.com apps.elfsight.com service-reviews-ultimate.elfsight.com maps.googleapis.com ekr.zdassets.com pixel.audiencelab.io app.audiencelab.io pro.ip-api.com a.usbrowserspeed.com storage.elfsight.com customneon.zendesk.com stats.g.doubleclick.net d.adroll.com cdn.linkedin.oribi.io core.service.elfsight.com portal.afterpay.com ssl.kaptcha.com custom-neon.ts.r.appspot.com px.ads.linkedin.com www.facebook.com eadn-wc02-9281796.nxedge.io https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1 font-src *.googleapis.com *.gstatic.com 'self' data: *.cloudflare.com *.fontawesome.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.iubenda.com/ *.google.com *.cookiebot.com *.salesmanago.pl *.youtube.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.sharethis.com *.weltpixel.com *.iubenda.com/ *.google.com *.cookiebot.com *.salesmanago.pl *.facebook.com int-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.sharethis.com *.googleadservices.com *.google-analytics.com *.gstatic.com *.googleapis.com *.google.com *.google.de *.googletagmanager.com *.feedaty.com *.salesmanago.pl *.zoorate.com *.bing.com *.facebook.com *.smct.co conversiontag.commerce-connector.como *.salesmanago.es *.salesmanago.com cdn.doofinder.com int-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cdninstagram.com *.fbcdn.net maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.sharethis.com *.google-analytics.com *.google.com *.gstatic.com *.googleapis.com *.zdassets.com *.newrelic.com *.nr-data.net *.zoorate.com *.salesmanago.pl *.cloudflare.com *.doofinder.com *.googletagmanager.com *.cookiebot.com *.sella.it connect.facebook.net s.kk-resources.com *.criteo.net *.hotjar.com *.bing.com pagead2.googlesyndication.com https://www.googletagmanager.com tagmanager.google.com *.salesmanago.es *.salesmanago.com cdn.doofinder.com int-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com www.google.com www.gstatic.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com tracking.trovaprezzi.it www.trovaprezzi.it ajax.googleapis.com *.instagram.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com *.googleapis.com *.gstatic.com *.zoorate.com *.cloudflare.com tagmanager.google.com *.doofinder.com *.fontawesome.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com *.nr-data.net *.salesmanago.pl *.salesmanago.com *.doofinder.com *.google-analytics.com *.paypal.com *.doubleclick.net pagead2.googlesyndication.com www.google.com *.hotjar.com consentcdn.cookiebot.com https://www.google-analytics.com *.salesmanago.es wss://*.doofinder.com int-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com *.instagram.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'none'; img-src 'self' data: uploads-ssl.webflow.com d1otoma47x30pg.cloudfront.net d3e54v103j8qbb.cloudfront.net; script-src 'self' 'unsafe-inline'; font-src 'self' data: uploads-ssl.webflow.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; manifest-src 'self'; connect-src webflow.com member.civsoc.net; 1 font-src *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google.com/ https://plumrocket.com *.weltpixel.com 'self' 'unsafe-inline'; style-src *.adobe.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com maxcdn.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; script-src https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1006330028/?random=1661327724506&cv=9&fst=1661327724506&num=1&label=tXnKCO7515ICEKzB7d8D&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1920&u_ah=1160&u_aw=1920&u_cd=24&u_his=2&u_tz=180&u_java=false&u_nplug=5&u_nmime=2>m=2wg8m0&sendb=1&ig=1&data=ecomm_pagetype%3Dhome&frm=0&url=https%3A%2F%2Fdomko.stenik.cloud%2F&tiba=%D0%9E%D0%BD%D0%BB%D0%B0%D0%B9%D0%BD%20%D0%BC%D0%B0%D0%B3%D0%B0%D0%B7%D0%B8%D0%BD%20%D0%B7%D0%B0%20T%D0%B0%D0%BF%D0%B5%D1%82%D0%B8%20%7C%20%D0%9C%D0%BE%D0%BA%D0%B5%D1%82%D0%B8%20%7C%20%D0%9E%D1%81%D0%B2%D0%B5%D1%82%D0%B8%D1%82%D0%B5%D0%BB%D0%BD%D0%B8%20&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4 http://www.googleadservices.com&async=1&rfmt=3&fmt=4 www.googleadservices.com connect.facebook.com connect.facebook.net facebook.com googleads.g.doubleclick.net www.google-analytics.com www.google.com/pagead/ www.google.bg/pagead/ www.facebook.com/tr/ maps.googleapis.com www.google.com/jsapi www.gstatic.com/charts/ ajax.cloudflare.com cloudflare.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com www.facebook.com graph.facebook.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.googleapis.com *.google.com *.gstatic.com *.avada.io *.google.com/ https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; connect-src stats.g.doubleclick.net dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://*.ingest.sentry.io http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io https://www.google-analytics.com 'self' 'unsafe-inline'; img-src https://www.google.bg/pagead/1p-user-list/1006330028/?random=1661327724506&cv=9&fst=1661324400000&num=1&label=tXnKCO7515ICEKzB7d8D&bg=ffffff&guid=ON&u_h=1200&u_w=1920&u_ah=1160&u_aw=1920&u_cd=24&u_his=2&u_tz=180&u_java=false&u_nplug=5&u_nmime=2>m=2wg8m0&sendb=1&data=ecomm_pagetype%3Dhome&frm=0&url=https%3A%2F%2Fdomko.stenik.cloud%2F&tiba=%D0%9E%D0%BD%D0%BB%D0%B0%D0%B9%D0%BD%20%D0%BC%D0%B0%D0%B3%D0%B0%D0%B7%D0%B8%D0%BD%20%D0%B7%D0%B0%20T%D0%B0%D0%BF%D0%B5%D1%82%D0%B8%20%7C%20%D0%9C%D0%BE%D0%BA%D0%B5%D1%82%D0%B8%20%7C%20%D0%9E%D1%81%D0%B2%D0%B5%D1%82%D0%B8%D1%82%D0%B5%D0%BB%D0%BD%D0%B8%20&async=1&fmt=3&is_vtc=1&cid=CAQSMACsnQUxXY1ty335Q-oZoc0Ng5sw4MqUyNqMK17x-s44kqDdqYuUavuzYHB3OESkVA&random=3010647948&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y https://www.google.com/pagead/1p-user-list/1006330028/?random=1661327724506&cv=9&fst=1661324400000&num=1&label=tXnKCO7515ICEKzB7d8D&bg=ffffff&guid=ON&u_h=1200&u_w=1920&u_ah=1160&u_aw=1920&u_cd=24&u_his=2&u_tz=180&u_java=false&u_nplug=5&u_nmime=2>m=2wg8m0&sendb=1&data=ecomm_pagetype%3Dhome&frm=0&url=https%3A%2F%2Fdomko.stenik.cloud%2F&tiba=%D0%9E%D0%BD%D0%BB%D0%B0%D0%B9%D0%BD%20%D0%BC%D0%B0%D0%B3%D0%B0%D0%B7%D0%B8%D0%BD%20%D0%B7%D0%B0%20T%D0%B0%D0%BF%D0%B5%D1%82%D0%B8%20%7C%20%D0%9C%D0%BE%D0%BA%D0%B5%D1%82%D0%B8%20%7C%20%D0%9E%D1%81%D0%B2%D0%B5%D1%82%D0%B8%D1%82%D0%B5%D0%BB%D0%BD%D0%B8%20&async=1&fmt=3&is_vtc=1&cid=CAQSMACsnQUxXY1ty335Q-oZoc0Ng5sw4MqUyNqMK17x-s44kqDdqYuUavuzYHB3OESkVA&random=3010647948&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-3856273-2&cid=156909586.1653457396&jid=1602498355&_u=QAGAAAAAAAAAAC~&z=1683059115 https://www.google.bg/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-3856273-2&cid=156909586.1653457396&jid=1602498355&_u=QAGAAAAAAAAAAC~&z=1683059115 https://connect.facebook.net/en_US/fbevents.js connect.facebook.com connect.facebook.net facebook.com googleads.g.doubleclick.net www.google-analytics.com www.google.com/pagead/ www.google.bg/pagead/ www.facebook.com/tr/ maps.googleapis.com www.google.com/jsapi www.gstatic.com/charts/ ajax.cloudflare.com cloudflare.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com www.apptrian.com www.facebook.com graph.facebook.com https://www.magezon.com *.gstatic.com data: 'self' 'unsafe-inline'; 1 font-src https://use.typekit.net *.fontawesome.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://*.svea.com https://*.vipps.no https://*.trustly.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com widget.trustpilot.com www.paypalobjects.com google-analytics.com vimeo.com *.yotpo.com *.googleapis.com https://use.typekit.net/* *.cookiebot.com/ *.fontawesome.com htps://fonts.gstatic.com *.weltpixel.com https://*.svea.com *.swiipe.com *.paymentiq.io c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * checkoutapistage.svea.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://cdn.clerk.io *.google.com *.swiipe.com maps.gstatic.com https://www.unifaunonline.se https://*.tile.openstreetmap.org/ https://meetanshi.com/media/logo.png flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.bing.com *.clarity.ms *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com/ *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://api.clerk.io https://cdn.clerk.io *.api.unifaun.com cdn.clerk.io api.clerk.io widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js v2.zopim.com *.gstatic.com chimpstatic.com static.zdassets.com *.newrelic.com bam.eu01.nr-data.net *.cookiebot.com/ s7.addthis.com https://*.svea.com *.swiipe.com https://api.unifaun.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com checkoutapistage.svea.com *.bing.com *.clarity.ms https://www.googletagmanager.com tagmanager.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://api.clerk.io https://cdn.clerk.io *.googleapis.com *.yotpo.com https://use.typekit.net cdn.dnky.com https://p.typekit.net *.fontawesome.com *.swiipe.com maxcdn.bootstrapcdn.com *.gstatic.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.swiipe.com 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com gymkompaniet.zendesk.com https://ekr.zdassets.com widget-mediator.zopim.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://stats.g.doubleclick.net www.youtube.com bam.eu01.nr-data.net dpm.demdex.net ekr.zdassets.com/ *.swiipe.com www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.clarity.ms *.bing.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src https: 'self'; base-uri 'self'; block-all-mixed-content; child-src 'self' *.bluekai.com *.doubleclick.net *.facebook.com *.pay.jp *.pa-mieruka.net platform.twitter.com; connect-src 'self' wss: http://*.milltalk.jp https://*.milltalk.jp *.juicer.cc *.facebook.com *.nr-data.net *.o2u.jp *.optimizely.com www.google-analytics.com stats.g.doubleclick.net; font-src 'self' data:; form-action 'self' http://*.milltalk.jp https://*.milltalk.jp *.facebook.com; frame-ancestors 'self' http://*.milltalk.jp https://*.milltalk.jp; img-src 'self' data: *.milltalk.jp s3-ap-northeast-1.amazonaws.com *.s3-ap-northeast-1.amazonaws.com *.s3.ap-northeast-1.amazonaws.com *.adsrvr.org *.adsymptotic.com *.audiencedata.net *.bluekai.com *.eyeota.net *.doubleclick.net *.google.com *.google.co.jp *.google-analytics.com *.facebook.com *.interactive-circle.jp *.tapad.com *.logly.co.jp *.macromill.com *.mookie1.com *.o2u.jp *.rfihub.com *.socdm.com *.treasuredata.com *.amazon-adsystem.com *.ec-concier.com *.id.amgdgt.com a.ddli.jp idsync.rlcdn.com secure.adnxs.com r.turn.com www.googletagmanager.com; media-src 'self'; object-src 'self'; plugin-types application/x-shockwave-flash; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.audiencedata.net *.bkrtx.com *.bluekai.com *.doubleclick.net *.ec-concier *.facebook.net *.google.com *.google.co.jp *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.im-apps.net *.iogous.com *.juicer.cc *.logly.co.jp *.newrelic.com *.nr-data.net *.o2u.jp *.optimizely.com *.pay.jp *.st-hatena.com *.treasuredata.com *.twitter.com *.yahoo.co.jp ec-concier.com; style-src 'self' 'unsafe-inline' http://*.milltalk.jp https://*.milltalk.jp; report-uri https://b406c5590dc0f4b10d7793992b090d94.report-uri.io/r/default/csp/reportOnly 1 object-src 'none';base-uri 'self';script-src 'nonce-IXGQ-uoUPjsIQO5y3b1Erg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.typekit.net *.bomenenzo.nl *.feedbackcompany.com *.fontawesome.com https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.bomenenzo.nl *.feedbackcompany.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.google.com *.doubleclick.net *.facebook.com *.multisafepay.com https://pay.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com https://d1pna5l3xsntoj.cloudfront.net *.googleapis.com *.gstatic.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.bird.eu *.datatrics.com *.google.nl *.google-analytics.com *.hipex.cloud *.bomenenzo.nl *.smartsuppcdn.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.feedbackcompany.com *.multisafepay.com https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://core.helloretail.com https://d1pna5l3xsntoj.cloudfront.net *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.convertexperiments.com *.smartsuppchat.com widget-v2.smartsuppcdn.com *.feedbackcompany.com *.datatrics.com *.bomenenzo.nl chimpstatic.com downloads.mailchimp.com *.list-manage.com *.multisafepay.com https://pay.google.com https://widgets.trustedshops.com https://integrations.etrusted.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://d1pna5l3xsntoj.cloudfront.net fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.typekit.net *.bomenenzo.nl downloads.mailchimp.com *.fontawesome.com *.multisafepay.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://core.helloretail.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.convertexperiments.com *.smartsuppchat.com widget-v2.smartsuppcdn.com translations.smartsuppcdn.com websocket-visitors.smartsupp.com wss://*.smartsupp.com *.feedbackcompany.com *.datatrics.com *.bomenenzo.nl *.multisafepay.com *.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self'; font-src 'self'; connect-src; media-src 'self'; object-src; prefetch-src; frame-src; worker-src; frame-ancestors 'self'; form-action; base-uri; 1 object-src 'none';base-uri 'self';script-src 'nonce-ZJ_LurkmITHtIiN6804PiQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'none'; child-src 'self' *.facebook.com connect.facebook.net; connect-src 'self' *.facebook.com connect.facebook.net http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://cloudstatic.obi4wan.com https://bat.bing.com https://*.clarity.ms https://c.bing.com https://www.google-analytics.com https://www.googleoptimize.com; font-src 'self' data: http://script.hotjar.com https://script.hotjar.com; form-action 'self' *.facebook.com connect.facebook.net; frame-ancestors 'self'; frame-src 'self' *.facebook.com connect.facebook.net https://vars.hotjar.com 'nonce-3313f1469c2f9f06bfa72b5c92790842f5b2ab19843676391599e4f27231734aa136c17f40c1299f22a2d2790d872955d797d2c3e939bb7551404226bae0f1ad'; img-src 'self' data: https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.nl *.facebook.com *.facebook.net *.fbcdn.net https://script.hotjar.com http://script.hotjar.com https://bat.bing.com https://*.clarity.ms https://c.bing.com https://www.google-analytics.com https://www.googleoptimize.com; media-src 'self'; object-src 'self'; script-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google.com https://www.google.nl https://connect.facebook.net https://graph.facebook.com https://js.facebook.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com https://cloudstatic.obi4wan.com https://bat.bing.com https://*.clarity.ms https://c.bing.com https://www.google-analytics.com https://www.googleoptimize.com 'nonce-3313f1469c2f9f06bfa72b5c92790842f5b2ab19843676391599e4f27231734aa136c17f40c1299f22a2d2790d872955d797d2c3e939bb7551404226bae0f1ad'; style-src 'self' 'unsafe-inline'; 1 *.sooqr.com *.spotlersearch.com spotlersearchanalytics.com 1 default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none' report-uri https://o244114.ingest.sentry.io/api/1420725/security/?sentry_key=d59dabdf03794a039923edd4ac216d88&sentry_environment=production 1 object-src 'none';base-uri 'self';script-src 'nonce-2v7FUPjMY6jcwAKFya8tZw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.privacy-mgmt.com maps.googleapis.com www.news.co.uk uk-script.dotmetrics.net *.google-analytics.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com cdn.privacy-mgmt.com *.tiqcdn.com unpkg.com uk-script.dotmetrics.net *.scorecardresearch.com *.google-analytics.com *.googletagmanager.com *.brightcove.com; style-src 'self' 'unsafe-inline' data: use.fontawesome.com fonts.googleapis.com use.typekit.net maps.google.com unpkg.com; img-src 'self' data: *.googleapis.com *.gstatic.com *.google-analytics.com *.scorecardresearch.com *.news.co.uk www.news.co.uk *.dotmetrics.net newsuk.s3.amazonaws.com *.google.com s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' *.youtube.com *.vimeo.com *.brightcove.com cdn.privacy-mgmt.com; report-uri https://www.news.co.uk?gdsih-csp-report; 1 font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.monetate.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.monetate.net maps.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com songbirdstag.cardinalcommerce.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.monetate.net maps.googleapis.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline *.monetate.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com thm.visa.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com *.typekit.net *.cloudflare.net 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com calendly.com *.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.googleapis.com *.webdamdb.com *.rectorseal.com rectorseal.com *.img-us3.com *.amazon.com *.amazonaws.com *.cloudfront.net *.linkedin.com *.google.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.calendly.com *.cloudfront.net *.licdn.com *.jsdelivr.com *.cloudflare.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.fontawesome.com *.typekit.net *.cloudflare.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.googleapis.com *.google-analytics.com *.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: lftracker.leadfeeder.com *.facebook.com *.doubleclick.net cdn.mouseflow.com cdnjs.cloudflare.com *.facebook.net *.licdn.com *.tiktok.com *.linkedin.com www.google-analytics.com www.google.com *.vimeo.com eastspring.qumucloud.com o2.mouseflow.com *.gstatic.com www.googletagmanager.com cdn.insight.sitefinity.com analytics.google.com api.insight.sitefinity.com web.mxradon.com code.jquery.com *.googleadservices.com tr.lfeeder.com www.google.com.my ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 object-src 'none';base-uri 'self';script-src 'nonce-most6l03sPVqG3tKsG8fdw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self'; report-uri https://logon.bwebstream.com/CspReport/Report 1 font-src *.gstatic.com data: fonts.googleapis.com fonts.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.adyen.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.doubleclick.net *.facebook.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.iubenda.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.adyen.com *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.iubenda.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.google.it *.exacttarget.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.iubenda.com s7.addthis.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com cdn.evgnet.com *.clerk.io *.vimeo.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com *.fontawesome.com *.google.com unsafe-inline https://fonts.googleapis.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.facebook.com *.facebook.net google.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.iubenda.com ekr.zdassets.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com pagead2.googlesyndication.com vimeo.com *.vimeo.com *.evergage.com *.googleapis.com *.google.com *.doubleclick.net *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.gstatic.com data: *.klevu.com *.ksearchnet.com *.morplan.com *.kxcdn.com/ *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.facebook.com *.morplan.com *.kxcdn.com/ *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com account.fetchify.com *.trustpilot.com *.hotjar.com *.facebook.com *.kxcdn.com/ *.morplan.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.gstatic.com *.googleapis.com www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com *.klevu.com *.ksearchnet.com *.morplan.com *.linkedin.com *.bing.com *.adsymptotic.com *.google.com *.google.co.uk *.livehelp.it *.facebook.com *.googletagmanager.com *.uploadlibrary.com *.clarity.ms *.cartcontents.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com songbirdstag.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.klevu.com *.ksearchnet.com *.cgtrader.com unpkg.com *.trustpilot.com *.leadforensics.com *.facebook.net *.hotjar.com *.bing.com *.licdn.com *.windows.net *.livehelp.it *.clarity.ms *.doubleclick.net *.wheelofpopups.com *.cloudfront.net *.cloudflare.com *.cookielaw.org *.cartcontents.com *.morplan.com/ *.kxcdn.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com cc-cdn.com *.klevu.com *.ksearchnet.com *.windows.net *.cloudfront.net *.cloudflare.com *.cookielaw.org *.morplan.com/ *.kxcdn.com/ unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.morplan.com *.kxcdn.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com thm.visa.com www.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.klevu.com *.ksearchnet.com *.google.com *.doubleclick.net *.hotjar.com *.clarity.ms *.liadm.com *.cgtrader.com *.freshrelevance.com am.freshrelevance.com wss://am.freshrelevance.com/ *.dycdn.net *.cloudfront.net *.cloudflare.com *.google-analytics.com *.trustpilot.com *.kxcdn.com/ *.oribi.io *.morplan.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.itemis.com data:; img-src https: data:; style-src https: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; base-uri 'none' 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' boitempoeditorial.com.br *.boitempoeditorial.com.br boitempoeditorial.fbitsstatic.net fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br dzpxyxks1bfmb.cloudfront.net *.gstatic.com *.soclminer.com.br *.btg360.com.br *.socialminer.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.fbits.store *.adyen.com ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.boitempoeditorial.com.br boitempoeditorial.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho 1 object-src 'none';script-src 'nonce-e92020a3-f62d-4e30-beda-b76db5bc89a4' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https:;base-uri 'none';require-trusted-types-for 'script'; report-uri https://csp.microsoft.com/report/Forms-PROD;report-to endpoint-1; 1 script-src 'self' 'unsafe-eval' 'unsafe-inline' static.artforum.sk cdn.luigisbox.com scripts.luigisbox.com cdnjs.cloudflare.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com pagead2.googlesyndication.com googleads.g.doubleclick.net www.google.com www.google.sk www.google.cz connect.facebook.net login.dognet.sk browser.sentry-cdn.com js.sentry-cdn.com *.sentry.io sibautomation.com widget.packeta.com tools.luckyorange.com static.posta.sk; media-src static.artforum.sk; font-src 'self' static.artforum.sk use.typekit.net data:; img-src * data:; form-action 'self' www.facebook.com connect.facebook.net; worker-src 'self'; object-src 'none'; frame-src 'self' www.facebook.com staticxx.facebook.com connect.facebook.net *.doubleclick.net www.google.com www.googletagmanager.com player.vimeo.com www.youtube-nocookie.com www.podbean.com w.soundcloud.com www.scribd.com online.fliphtml5.com www.mixcloud.com www.soundtier.com sibautomation.com widget.packeta.com static.posta.sk; default-src 'self' blob:; style-src 'self' 'unsafe-inline' static.artforum.sk *.typekit.net cdn.luigisbox.com tools.luckyorange.com; connect-src * 'unsafe-eval' 'unsafe-inline' 1 default-src 'self'; img-src 'self' https://www.google-analytics.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com; form-action 'self'; connect-src 'self' https://www.google-analytics.com 1 font-src *.typekit.net data: https://*.hotjar.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors platform.twitter.com *.digitalriver.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://js.digitalriverws.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com platform.twitter.com vod-progressive.akamaized.net social-plugins.line.me *.digitalriver.com *.hotjar.com www.facebook.com *.googletagmanager.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://ui1.img.digitalrivercontent.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com syndication.twitter.com www.google.com www.google.co.jp www.facebook.com https://*.hotjar.com *.googletagmanager.com as.246select.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://js.digitalriverws.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com platform.twitter.com *.typekit.net www.youtube.com www.line-website.com d.line-scdn.net players.brightcove.net *.digitalriver.com js-agent.newrelic.com bam.nr-data.net *.facebook.net *.facebook.com https://*.hotjar.com *.googletagmanager.com as.246select.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://js.digitalriverws.com cdn.dnky.co webchat.dotdigital.com unsafe-inline *.typekit.net *.digitalriver.com https://*.hotjar.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com player.vimeo.com vod-progressive.akamaized.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com platform.twitter.com vimeo.com bam.nr-data.net www.facebook.com stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.googletagmanager.com as.246select.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src http: wss:; script-src http: 'unsafe-inline'; style-src http: 'unsafe-inline'; img-src http: data:; font-src http: data:; report-uri /csp-report 1 default-src https: ; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; report-uri /csp/ 1 font-src *.fontawesome.com https://fonts.gstatic.com fonts.gstatic.com https://cdnjs.cloudflare.com https://geowidget.easypack24.net maxcdn.bootstrapcdn.com *.typekit.net *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com sandbox.przelewy24.pl secure.przelewy24.pl *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.awin1.com *.zenaps.com *.fls.doubleclick.net secure.payu.com merch-prod.snd.payu.com pay.google.com https://static.addtoany.com https://pudofinder.dpd.com.pl *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.facebook.com platform.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.awin1.com *.zenaps.com static.payu.com static.przelewy24.pl www.gstatic.com gstatic.com https://widget-v2.smartsuppcdn.com https://files.smartsuppcdn.com https://files.smartsupp.com https://twemoji.maxcdn.com https://www.google.com https://www.google.pl https://googleads.g.doubleclick.net https://ruch-osm.sysadvisors.pl https://geowidget.easypack24.net https://osm.inpost.pl d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.salesmanago.pl *.salesmanago.es *.salesmanago.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com secure.payu.com secure.snd.payu.com s7.addthis.com cdn.jsdelivr.net sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com https://www.smartsuppchat.com https://widget-v2.smartsuppcdn.com https://www.rzetelnyregulamin.pl https://googleads.g.doubleclick.net https://static.addtoany.com https://www.orlenpaczka.pl https://ruch-osm.sysadvisors.pl https://geowidget.easypack24.net *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.avada.io connect.facebook.net twitter.com platform.twitter.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.googletagmanager.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.googleapis.com *.addtoany.com cdn.jsdelivr.net fonts.googleapis.com https://www.rzetelnyregulamin.pl https://cdnjs.cloudflare.com https://ruch-osm.sysadvisors.pl https://geowidget.easypack24.net cdn.dnky.co webchat.dotdigital.com maxcdn.bootstrapcdn.com unsafe-inline *.typekit.net *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com https://the.sciencebehindecommerce.com secure.payu.com merch-prod.snd.payu.com ekr.zdassets.com/ http://dpm.demdex.net sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com https://bootstrap.smartsuppchat.com https://widget-v2.smartsuppcdn.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://ruch-osm.sysadvisors.pl https://api-pl-points.easypack24.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://*.ingest.sentry.io https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com ws: *.yotpo.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 img-src https://higherlogicdownload.s3.amazonaws.com/AWB/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AWB/ https://img.youtube.com/vi/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/AWB/ https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ fonts.googleapis.com https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AWB/ https://higherlogicdownload.s3.amazonaws.com/AWB/ https://higherlogiclongterm.s3.amazonaws.com/AWB/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ higherlogiccloudfront.s3.amazonaws.com fonts.googleapis.com https://higherlogicdownload.s3.amazonaws.com/AWB/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AWB/ 'self' https://higherlogiclongterm.s3.amazonaws.com/AWB/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; media-src https://higherlogiclongterm.s3.amazonaws.com/AWB/ https://higherlogicdownload.s3.amazonaws.com/AWB/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AWB/ https://higherlogicstream.s3.amazonaws.com/AWB/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/AWB/ https://higherlogicdownload.s3.amazonaws.com/AWB/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d132x6oi8ychic.cloudfront.net cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/AWB/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; script-src-elem https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d3uf7shreuzboy.cloudfront.net/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; worker-src 'self'; frame-src https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; default-src 'self'; base-uri 'self'; connect-src 'self' hl-managedservices.informz.net; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 1 object-src 'none';base-uri 'self';script-src 'nonce-cFofnKCXDwoPi-k--QcAhg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' https://www.google.com/ https://www.facebook.com/ ; script-src 'self' 'unsafe-inline' http://platform.twitter.com/ https://smarticon.geotrust.com/; child-src 'self' https://www.google.com/; style-src 'self' 'unsafe-inline'; font-src 'self' ; block-all-mixed-content; img-src * data:; object-src 'self' ; 1 object-src 'none';base-uri 'self';script-src 'nonce-Wq8H6ef2Ye1fiGLgPti-eQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-rYTLMGtkP7zScGZ7GTR_VA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.googleapis.com *.gstatic.com *.klarnacdn.net *.klevu.com *.ksearchnet.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.nosto.com *.nos.to *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com account.fetchify.com *.klarna.com *.nosto.com *.nos.to c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com *.googleapis.com *.gstatic.com *.trackedlink.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.klevu.com *.ksearchnet.com *.nosto.com *.nos.to www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.googleapis.com *.gstatic.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com *.klarnacdn.net *.klarnaservices.com js.klevu.com *.ksearchnet.com *.nosto.com *.nos.to js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com cc-cdn.com *.klarnacdn.net *.klevu.com *.ksearchnet.com *.nosto.com *.nos.to unsafe-inline assets.braintreegateway.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com *.klevu.com *.ksearchnet.com *.nosto.com *.nos.to api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=hHPQxibWGwdD5pzbFlDTtqNboZFOx.boeweLO7Bxf.4-1711590375-1.0.1.1-uCT0NQgf80Jog.3uLcLUSxZ.3NtxprlQ6k0t9gW2oFGwH5pNAVGYNxY7QX_hg4SWm9sSNipQAThBrAXNf3_i6QDL53L4rwHmBiC8EAVO3RycEXVZNhXCYaANCuhgQ1g9Zg1Mq_WBM8LQU6glOFPFmOeDNueYT8_EzOYQ4vqJ7rXpQuvK1rcP_l_EiNy5YFksmP5qUSoky5kCfFK85Fepww; report-to cf-tutjmjalenbpzgzg 1 font-src *.googleapis.com *.gstatic.com data: https://x.klarnacdn.net/ https://use.fontawesome.com https://stackpath.bootstrapcdn.com https://fonts.gstatic.com 'self' data: *.klarnacdn.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com https://www.facebook.com/ https://payments.securetrading.net 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://www.youtube.com *.youtube-nocookie.com www.google.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com https://player.vimeo.com *.trustpilot.com https://vars.hotjar.com https://www.facebook.com https://www.google.com https://secure.livechatinc.com https://www.pinterest.co.uk https://payments.securetrading.net www.xtento.com account.fetchify.com *.klarna.com *.google.com/ webservices.securetrading.net *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.gstatic.com *.googleapis.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://www.google.com https://www.google.co.uk https://stats.g.doubleclick.net https://www.facebook.com https://cdn.livechatinc.com https://cladcodecking.co.uk https://c.clarity.ms https://www.cladcodecking.co.uk https://*.bing.com https://www.googletagmanager.com www.xtento.com cdn.xtento.com https://www.magezon.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ maps.gstatic.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com pinterest.com www.pinterest.com s.pinimg.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://www.googletagmanager.com https://chimpstatic.com *.trustpilot.com https://widget.trustpilot.com https://invitejs.trustpilot.com https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://www.google.com https://www.gstatic.com http://bat.bing.com https://cdn.livechatinc.com https://secure.livechatinc.com *.google.com/ https://bam.eu01.nr-data.net/ https://bam-cell.nr-data.net https://www.google-analytics.com https://*.clarity.ms https://www.clarity.ms https://eu-library.klarnaservices.com https://apps.elfsight.com/ https://js-agent.newrelic.com/ https://ws.zoominfo.com/ https://static.elfsight.com/ player.vimeo.com www.xtento.com cdn.xtento.com widget.freshworks.com m2epro.freshdesk.com *.klarna.com *.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ s7.addthis.com webservices.securetrading.net songbirdstag.cardinalcommerce.com maps.googleapis.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com downloads.mailchimp.com https://use.fontawesome.com https://stackpath.bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com https://x.klarnacdn.net *.trustpilot.com widget.freshworks.com m2epro.freshdesk.com cc-cdn.com *.klarnacdn.net https://static.klaviyo.com *.fontawesome.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com https://cdn.livechatinc.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com *.googleapis.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com https://use.fontawesome.com https://vc.hotjar.io https://in.hotjar.com https://api.craftyclicks.co.uk https://bat.bing.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googleadservices.com https://*.clarity.ms https://www.google.co.uk https://rcgmal4n.klarnaservices.com/ https://bam.eu01.nr-data.net/ https://region1.analytics.google.com/ widget.freshworks.com m2epro.freshdesk.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ekr.zdassets.com/ o402164.ingest.sentry.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://envisagedigital.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1 font-src *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com https://*.hotjar.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.333obra.com.br *.facebook.com 'self' 'unsafe-inline'; frame-ancestors https://h.online-metrix.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com https://h.online-metrix.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' data: *.demdex.net *.online-metrix.net *.doubleclick.net *.braintreegateway.com *.googletagmanager.com *.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.online-metrix.net quickchart.io img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://redchamps.com maps.gstatic.com *.google.com *.google.com.br *.facebook.com https://*.cloudfront.net https://cdn.cookielaw.org https://*.hotjar.com https://*.nr-data.net https://*.adobe.com https://*.adobedtm.com https://*.demdex.net https://cimentobomdemais.com.br *.333obra.com.br *.clarity.ms *.bing.com https://s3.amazonaws.com https://dev.visualwebsiteoptimizer.com https://s3.amazonaws.com/raichu-beta/ra-verified/assets/images/verified.svg https://s3.amazonaws.com/raichu-beta/ra-verified/assets/images/ra-logo.svg https://votorantimcimentoshelp1697804564.zendesk.com https://*.votorantimcimentoshelp.zendesk.com https://static.zdassets.com/web_widget/latest/default_avatar.png https://img.youtube.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://h.online-metrix.net *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com connect.facebook.net js-agent.newrelic.com https://cdn.cookielaw.org https://*.cloudfront.net https://cdnjs.cloudflare.com/ajax/libs/select2/3.5.2/select2.min.js https://bam.nr-data.net https://*.hotjar.com 'unsafe-inline' https://cdn.jsdelivr.net/npm/choices.js@4/public/assets/scripts/choices.min.js https://cdn.popconvert.com.br/widget/popconvert.js https://cdn.popconvert.com.br/widget/dist/js/app.js https://cdn.pn.vg https://www.clarity.ms https://bat.bing.com/bat.js https://*.sentry-cdn.com https://*.zendesk.com https://static.zdassets.com https://*.s3.amazonaws.com https://dev.visualwebsiteoptimizer.com https://s3.amazonaws.com/raichu-beta/ra-verified/bundle.js https://sdk.crmback.io/connect.js https://plugins.crmback.io/helpers/tresobra.js 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com https://cdnjs.cloudflare.com/ajax/libs/select2/3.5.2/select2.min.css https://*.hotjar.com 'unsafe-inline' https://s3.amazonaws.com https://s3.amazonaws.com/raichu-beta/ra-verified/styles.css 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://h.online-metrix.net https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://viacep.com.br maps.googleapis.com *.google-analytics.com stats.g.doubleclick.net *.cookielaw.org https://privacyportal-br.onetrust.com https://geolocation.onetrust.com https://*.cloudfront.net *.rdstation.com.br https://bam.nr-data.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.adobe.com *.adobedtm.com *.demdex.net *.magentocommerce.com *.doubleclick.net *.googleadservices.com *.vimeocdn.com *.vimeo.com *.youtube.com *.omtrdc.net *.googletagmanager.com *.adobedc.net *.magento.com *.adobe.io *.adobe.net *.magedevteam.com *.metrix.net *.geojs.io *.braintreegateway.com wa.me web.whatsapp.com *.snplow.net performance.typekit.net paypal.com paypalobjects.com *.online-metrix.net viacep.com.br 'self' data: 'unsafe-inline' gyruss.rdops.systems/v2/conversions osp-assets.pn.vg *.clarity.ms https://*.ingest.sentry.io/api https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net https://dev.visualwebsiteoptimizer.com https://*.zendesk.com https://*.s3.amazonaws.com https://static.zdassets.com https://ekr.zdassets.com https://iosite.reclameaqui.com.br wss://pod-27.zendesk.com https://s3.amazonaws.com/raichu-beta/ra-verified/bundle.js https://onsite.crmback.io/collect https://x.cbstatus.net/check https://www.333obra.com.br/share_cart/action/link/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.gstatic.com use.typekit.net maps.googleapis.com www.google.com www.gstatic.com maps.gstatic.com fonts.googleapis.com www.w3.org *.gstatic.com *.authorize.net *.cardinalcommerce.com *.adobedtm.com *.yotpo.com 'self' data: *.cloudfront.net *.bootstrapcdn.com *.typekit.net *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google.com *.dnky.co *.nr-data.net *.googletagmanager.com *.qiscus.com app.sandbox.midtrans.com *.midtrans.com *.doubleclick.net *.google.co.id *.addtoany.com *.pinterest.com landofcoder.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com maps.googleapis.com www.google.com www.gstatic.com maps.gstatic.com fonts.googleapis.com www.w3.org *.gstatic.com 'self' data: *.png *.jpg *.jpeg *.googleapis.com *.cloudfront.net *.yotpo.com *.cdninstagram.com *.kemana.dev *.google.co.id *.amazonaws.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com https://invol.co *.pinterest.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' 'unsafe-inline'; script-src *.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com assets.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com *.magento-ds.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com maps.googleapis.com www.google.com www.gstatic.com maps.gstatic.com fonts.googleapis.com www.w3.org https://www.googletagmanager.com tagmanager.google.com *.google.com *.googleoptimize.com *.gstatic.com *.authorize.net *.cardinalcommerce.com *.googleapis.com *.cloudfront.net *.facebook.net *.newrelic.com *.nr-data.net *.googletagmanager.com *.yotpo.com *.dnky.co *.addtoany.com *.zdassets.com *.chimpstatic.com chimpstatic.com https://chimpstatic.com *.amazonaws.com app.sandbox.midtrans.com *.midtrans.com *.doubleclick.net https://invol.co *.popupsmart.com *.pinterest.com *.tumblr.com landofcoder.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com cdn.dnky.co webchat.dotdigital.com maps.googleapis.com www.google.com www.gstatic.com maps.gstatic.com www.w3.org tagmanager.google.com *.googleapis.com *.cloudfront.net *.yotpo.com *.bootstrapcdn.com *.dnky.co *.typekit.net *.amazonaws.com *.popupsmart.com *.fontawesome.com *.google.com *.gstatic.com unsafe-inline 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.zdassets.com *.scene7.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.snplow.net commerce.adobedc.net api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.google-analytics.com *.google-analytics.com *.instagram.com *.paypal.com *.cloudfront.net *.nr-data.net *.yotpo.com *.dotdigital.com *.googletagmanager.com *.zdassets.com wss://widget-mediator.zopim.com *.zendesk.com *.doubleclick.net *.qiscus.com *.addtoany.com *.googleapis.com landofcoder.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.gstatic.com data: *.stape.io *.fontawesome.com *.googleapis.com * *.yotpo.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com *.adyen.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.stape.io * *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.adyen.com *.gstatic.com *.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net *.stape.io *.facebook.com * *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.adyen.com *.googleapis.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.googletagmanager.com *.doubleclick.net *.stape.io *.facebook.net *.fontawesome.com * maps.googleapis.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com unsafe-inline cdn.dnky.co webchat.dotdigital.com https://static.klaviyo.com *.googleapis.com *.googletagmanager.com *.stape.io *.fontawesome.com * *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google-analytics.com *.google.com *.stape.io * *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.gstatic.com *.fontawesome.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com https://www.googletagmanager.com/ *.trustpilot.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://cdn.clerk.io http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://api.clerk.io https://cdn.clerk.io https://cdn.polyfill.io https://browser.sentry-cdn.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://api.clerk.io https://cdn.clerk.io *.fontawesome.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com cdn.ampproject.org https://*.ingest.sentry.io http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' *.leaseplan.com *.leaseplandigital.com *.leaseplan.io; script-src 'unsafe-inline' https: 'nonce-4Szczg1l7qKEw6mdurv1wg==' 'strict-dynamic'; connect-src 'self' *.ayvens.com *.leaseplan.com edge.adobedc.net ad.doubleclick.net adservice.google.com api.realytics.io api.rudderlabs.com bat.bing.com bis.blastingnews.com browser-http-intake.logs.datadoghq.eu *.browser-intake-datadoghq.eu cdn.cookielaw.org cdn.imagin.studio cdn.linkedin.oribi.io content.hotjar.io csmetrics.hotjar.com geolocation.onetrust.com *.clarity.ms in.hotjar.com leaseplan-dataplane.rudderstack.com m.realytics.io optanon.blob.core.windows.net privacyportal-de.onetrust.com region1.google-analytics.com s.yimg.com sentry-proxy.hotjar.com service.giosg.com settings.luckyorange.net sst.leaseplan.com stats.g.doubleclick.net surveystats.hotjar.io vc.hotjar.io www.facebook.com www.google-analytics.com www.google.com www.leaseplan.it; img-src 'self' data: ad.doubleclick.net bat.bing.com *.clarity.ms cdn.cookielaw.org cdn.imagin.studio i.ytimg.com idt9rpjm7d.execute-api.eu-west-1.amazonaws.com img.youtube.com p1.zemanta.com px.ads.linkedin.com script.hotjar.com tracking.adstrategysites.com tracking.audio.thisisdax.com translate.google.com www.drive.leaseplan.pt www.facebook.com www.google-analytics.com www.google.com www.google.cz www.google.de www.googletagmanager.com www.gstatic.com www.leaseplan.it; media-src 'self' *.leaseplandigital.com www.leaseplanbrand.com; worker-src blob:; style-src 'self' 'unsafe-inline' *.leaseplancdn.com cdn.cookielaw.org maxcdn.bootstrapcdn.com translate.googleapis.com www.leaseplan.it; frame-src 'self' *.leaseplan.com player.vimeo.com www.youtube.com www.youtube-nocookie.com https://map.openchargemap.io widget.klantenthousiasme.nl; font-src 'self' *.leaseplancdn.com; object-src 'none'; base-uri 'none'; 1 font-src data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self'; script-src 'self' 'unsafe-inline' https://ws.zoominfo.com https://*.zdassets.com https://*.zendesk.com https://*.zopim.com https://*.sentry.io wss://*.zendesk.com wss://*.zopim.com https://*.youtube.com scout-cdn.salesloft.com tools.luckyorange.com https://*.6sc.co trk.techtarget.com tag.clearbitscripts.com https://*.terminus.services https://www.googleoptimize.com x.clearbitjs.com app.clearbit.com reveal.clearbit.com https://*.hubspot.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://connect.facebook.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hsadspixel.net https://js.hscollectedforms.net https://js.hscta.net https://*.hsforms.net https://*.hsforms.com https://js.hsleadflows.net https://platform.linkedin.com https://platform.twitter.com https://*.stackadapt.com https://script.hotjar.com https://snap.licdn.com https://static.hotjar.com https://vidassets.terminus.services https://www.googletagmanager.com https://www.google-analytics.com https://cdn2.hubspot.net https://js.hs-scripts.com https://js.hs-banner.net https://static.hsappstatic.net https://js.hubspotfeedback.com https://js.usemessages.com https://*.vidyard.com https://*.clearbitscripts.com https://*.clearbitjs.com; style-src 'self' 'unsafe-inline' https://*.stackadapt.com https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.jsdelivr.net https://cdn2.hubspot.net https://cdnjs.cloudflare.com https://static.hsappstatic.net; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.zdassets.com https://*.zendesk.com https://*.zopim.com https://*.sentry.io wss://*.zendesk.com wss://*.zopim.com https://*.stackadapt.com https://*.googleapis.com https://*.visitors.live wss://*.luckyorange.com wss://*.visitors.live https://*.oribi.io https://*.hotjar.io https://*.techtarget.com scout.salesloft.com https://*.luckyorange.com https://secure.adnxs.com https://*.6sc.co https://api.hubapi.com https://cta-service-cms2.hubspot.com/ https://js.hs-banner.com/ https://cp.hubspot.com https://forms.hubspot.com https://*.hotjar.com wss://*.hotjar.com https://feedback.hubapi.com https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://forms.hsforms.com https://lottie.host http://localhost:1442/check-if-local-dev-server https://app.clearbit.com; font-src 'self' https://fonts.gstatic.com https://*.hubspotusercontent-na1.net https://cdnjs.cloudflare.com; frame-src 'self' https://*.youtube.com https://forms.hsforms.com https://platform.twitter.com https://player.vimeo.com https://vars.hotjar.com https://*.vidyard.com; img-src 'self' data: https://*.googletagmanager.com/ https://*.linkedin.com scout.salesloft.com https://*.luckyorange.com https://secure.adnxs.com https://*.6sc.co https://*.techtarget.com https://perf.hsforms.com/ https://p.adsymptotic.com/ https://no-cache.hubspot.com/ https://secure.adnxs.com/ https://s.ml-attr.com/ https://attr.ml-api.io/ https://*.hubspotusercontent-na1.net https://forms.hsforms.com https://*.ads.linkedin.com https://static.hsappstatic.net https://track.hubspot.com https://wec-assets.terminus.services https://*.vidyard.com https://www.google-analytics.com https://www.google.com https://match.adsrvr.org https://wec-assets-api.terminus.services; manifest-src 'self'; media-src 'self'; worker-src ‘self; prefetch-src 'self' https://static.hsappstatic.net https://fonts.googleapis.com https://fonts.gstatic.com 1 font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.google.com *.google.de *.google.si *.google.at *.google.it *.google.fr *.google.ch *.google.hu *.gstatic.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com cdn-scripts.signifyd.com www.youtube.com polyfill.io jquery.sellxed.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net *.cashpresso.com *.gstatic.com *.google.com *.google.de *.google.si *.google.at *.google.it *.google.fr *.google.ch *.google.hu *.trackedlink.net s7.addthis.com https://www.googletagmanager.com tagmanager.google.com www.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cashpresso.com *.fontawesome.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com *.algolia.net *.algolia.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net *.google-analytics.com *.doubleclick.net *.cashpresso.com ekr.zdassets.com/ https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-ApniyAwup4UZ-JgtUAyJ8g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 connect-src 'self' https: https://ecs.us1.twilio.com wss://endpoint.twilio.com wss://sdkgw.us1.twilio.com wss://global.vss.twilio.com https://*.logs.datadoghq.com; default-src 'self' https: https://*.epulse.io https://epulse.io; font-src 'self' https: data: https://fonts.googleapis.com https://fonts.gstatic.com; img-src 'self' https: https://*.google.com https://*.googleusercontent.com https://*.ggpht.com data:; object-src 'none'; script-src 'self' https://static.twilio.com https://maps.googleapis.com https://fonts.googleapis.com https://storage.googleapis.com https://media.twiliocdn.com https://www.datadoghq-browser-agent.com wss://global.vss.twilio.com https://ecs.us1.twilio.com wss://global.vss.twilio.com wss://endpoint.twilio.com wss://sdkgw.us1.twilio.com 'nonce-lkfTX+5s2VyG82XbNe7QBA=='; style-src 'self' https: 'unsafe-inline'; base-uri 'self' 1 font-src *.googleapis.com *.gstatic.com *.google-analytics.com *.googleadservices.com maxcdn.bootstrapcdn.com *.fontawesome.com *.typekit.net https://media.flixcar.com/ https://media.flixfacts.com/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.google-analytics.com *.googleadservices.com *.googleapis.com 'self' 'unsafe-inline'; frame-ancestors *.google-analytics.com *.googleadservices.com *.googleapis.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.awin1.com *.zenaps.com *.fls.doubleclick.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google-analytics.com *.googleadservices.com *.googleapis.com account.fetchify.com *.google.com/ *.trustpilot.com *.wesupply.xyz https://wesupplylabs.com *.hotjar.com *.doubleclick.net *.facebook.com https://plausible.io/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.awin1.com *.zenaps.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://images.unsplash.com *.googleapis.com *.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.google-analytics.com *.googleadservices.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://www.magezon.com *.facebook.com *.google.co.uk *.flix360.com *.bing.com https://media.flixcar.com/ https://register.feefo.com/ https://logo.flix360.io/ https://lantern.roeye.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google-analytics.com *.googleadservices.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.google.com/ *.trustpilot.com *.cloudflare.com *.salesfire.co.uk *.jsdelivr.net *.facebook.net *.bing.com *.clickcease.com *.hotjar.com https://static.zdassets.com https://plausible.io/ https://media.flixfacts.com/ https://cdn.loadbee.com/ https://api.feefo.com/ https://register.feefo.com/ https://lantern.roeyecdn.com/ https://media.flixcar.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.google-analytics.com *.googleadservices.com *.googleapis.com downloads.mailchimp.com cc-cdn.com maxcdn.bootstrapcdn.com *.fontawesome.com *.trustpilot.com *.jsdelivr.net *.typekit.net https://register.feefo.com/ https://media.flixcar.com/ 'self' 'unsafe-inline'; object-src *.google-analytics.com *.googleadservices.com *.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com *.google-analytics.com *.googleadservices.com *.googleapis.com 'self' 'unsafe-inline'; manifest-src *.google-analytics.com *.googleadservices.com *.googleapis.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://the.sciencebehindecommerce.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.googleadservices.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.smartmetrics.co.uk *.salesfire.co.uk *.doubleclick.net *.facebook.com *.hotjar.io 8.hotjar.com *.hotjar.com wss://wsp19.hotjar.com/api/v2/client/ws https://ekr.zdassets.com/ https://reliantdirect.zendesk.com/ wss://ws.hotjar.com/api/v2/client/ws *.googlesyndication.com https://plausible.io/ https://api.feefo.com/ https://media.flixcar.com/ https://collect.feefo.com/ https://availability.loadbee.com/ 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com *.google-analytics.com *.googleadservices.com *.googleapis.com http: https: blob: 'self' 'unsafe-inline'; default-src *.google-analytics.com *.googleadservices.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 frame-ancestors *.hana.ondemand.com 'self'; object-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; media-src googleapis.com *.zdassets.com 'self' 'unsafe-inline'; font-src googleapis.com *.klevu.com *.ksearchnet.com *.cloudflare.com *.googleapis.com *.zopim.com *.gstatic.com *.tawk.to *.jsdelivr.net media.flixfacts.com 'unsafe-inline' data: 'self' 'unsafe-inline'; style-src googleapis.com getfirebug.com *.klevu.com *.ksearchnet.com oppwa.com *.oppwa.com *.cloudflare.com *.googleapis.com *.jsdelivr.net www.gstatic.com media.flixcar.com 'unsafe-inline' data: 'self' 'unsafe-inline'; connect-src static-forms.klaviyo.com googleapis.com facebook.com facebook.net klaviyo.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://static.klaviyo.com https://fast.a.klaviyo.com *.klevu.com *.ksearchnet.com oppwa.com *.oppwa.com *.testfreaks.com *.google.com *.nosto.com *.hotjar.io *.hotjar.com *.doubleclick.net *.zendesk.com *.paypal.com *.tawk.to wss://*.tawk.to *.tawk.link *.addthis.com *.addthisedge.com *.nr-data.net vsb111.tawk.to ekr.zdassets.com api.magento.com commerce.adobedc.net app.mobicredwidget.co.za www.google-analytics.com wss://widget-mediator.zopim.com bam.nr-data.net *.googletagmanager.com security-hub.vaimo.network 'unsafe-eval' data: 'self' 'unsafe-inline'; form-action googleapis.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com oppwa.com *.oppwa.com *.facebook.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; frame-src googleapis.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google.com oppwa.com *.oppwa.com data:text *.google.com *.nosto.com *.youtube.com *.issuu.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.criteo.net *.criteo.com *.addthis.com *.facebook.com webchat.jdg.co.za *.jdg.co.za 'self' 'unsafe-inline'; img-src googleapis.com widgets.magentocommerce.com 'unsafe-inline' data: www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://a.klaviyo.com *.klevu.com *.ksearchnet.com oppwa.com *.oppwa.com *.cloudflare.com *.google.com *.google.lv *.google.co.za *.google.com.na *.google.na *.gstatic.com *.zopim.com *.nosto.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.zopim.io *.sfdr.co sfdr.co *.tawk.to tawk.link *.tawk.link *.addthis.com *.jsdelivr.net *.facebook.com *.youtube.com *.azurewebsites.net www.google-analytics.com maps.googleapis.com app.mobicredwidget.co.za amcglobal.sc.omtrdc.net media.flixcar.com rt.flix360.com assets.secure.checkout.visa.com 'self' 'unsafe-inline'; script-src googleapis.com klaviyo.com facebook.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.google.com www.gstatic.com https://static.klaviyo.com https://fast.a.klaviyo.com *.klevu.com *.ksearchnet.com *.oppwa.com oppwa.com *.zopim.com *.videoly.co sfdr.co *.cnetcontent.com *.cloudfront.net *.newrelic.com *.google.com *.google.lv *.google.co.za *.google.com.na *.google.na *.cloudflare.com *.cloudflareinsights.com *.nosto.com *.hotjar.com *.googletagmanager.com *.criteo.net *.criteo.com *.sfdr.co *.tawk.to *.tawk.link *.jsdelivr.net *.addthis.com *.addthisedge.com *.moatads.com *.mouseflow.com *.nr-data.net *.facebook.com maps.googleapis.com www.googleadservices.com commerce.adobedtm.com magento-recs-sdk.adobe.net static.zdassets.com app.mobicredwidget.co.za connect.facebook.net bam.nr-data.net googleads.g.doubleclick.net js.testfreaks.com media.flixfacts.com media.flixcar.com security-hub.vaimo.network 'self' 'unsafe-inline' 'unsafe-eval'; 1 default-src 'self' dc.services.visualstudio.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' az416426.vo.msecnd.net www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline'; frame-src 'self' www.google.com ; img-src 'self' googletagmanager.com data: 1 object-src 'none';base-uri 'self';script-src 'nonce--I0yAycw-QrOjAkX2uxYWA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src https://*.cloudfront.net 'self'; script-src 'report-sample' 'self'; style-src 'report-sample' 'self'; object-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self' data:; manifest-src 'self'; media-src 'self'; report-uri /sentry/api/2/security/?sentry_key=a5423dd760fe46e989430f42a880f3e1; worker-src 'none'; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: ssl.kaptcha.com newassets.hcaptcha.com *.gstatic.com *.googleapis.com www.googletagmanager.com geoip-js.com cdn.contentful.com images.ctfassets.net assets.ctfassets.net js.hcaptcha.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdnjs.cloudflare.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 object-src 'none';base-uri 'self';script-src 'nonce-5cBtUD2ZF19jweX6zQuEvA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.opayo.eu.elavon.com *.fontawesome.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.narvar.com *.narvar.qa *.tawk.to fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.opayo.eu.elavon.com https://logistics-stage.ecpay.com.tw/Express/map https://logistics.ecpay.com.tw/Express/map https://logistics-stage.ecpay.com.tw/helper/printTradeDocument https://logistics.ecpay.com.tw/helper/printTradeDocument *.twitter.com https://plumrocket.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.tawk.to 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.opayo.eu.elavon.com *.dnp-cdms.jp *.revolut.com *.bankserv.co.za *.swisscard.ch *.six-group.com *.marqeta.com *.cardinalcommerce.com *.wlp-acs.com *.imbank.com *.tsys.co.uk *.sia.eu *.garanti.com.tr *.commerzbank.de *.cmbchina.com *.alahli.com *.mycardsecure.com *.gps.com.bh *.citibank.com *.wibmo.com *.dkb.de *.monzo.com *.alinma.com *.nccc.com.tw maps.googleapis.com chart.googleapis.com *.twitter.com https://plumrocket.com https://accounts.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.paypal.com * *.tawk.to 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com *.paypal.com *.opayo.eu.elavon.com ebizmarts-website.s3.amazonaws.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.narvar.com *.narvar.qa store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.tawk.to cdn.jsdelivr.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com songbirdstag.cardinalcommerce.com *.opayo.eu.elavon.com maps.googleapis.com chart.googleapis.com *.paypal.com *.sandbox.paypal.com *.google.com *.googletagmanager.com *.plumrocket.com *.tawk.to *.bam-cell.nr-data.net *.gstatic.com https://accounts.google.com https://www.gstatic.com api.veritrans.co.jp *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com cdn.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.opayo.eu.elavon.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu https://accounts.google.com https://www.gstatic.com unsafe-inline assets.braintreegateway.com *.tawk.to fonts.googleapis.com cdn.jsdelivr.net 'self' 'unsafe-inline'; object-src maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.narvar.com *.narvar.qa 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca thm.visa.com *.paypal.com *.opayo.eu.elavon.com maps.googleapis.com chart.googleapis.com *.cloudflare.com *.twitter.com *.twimg.com https://accounts.google.com api.veritrans.co.jp *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com *.tawk.to wss://*.tawk.to 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://mcstaging.mikimoto.com/; report-to report-endpoint; 1 script-src 'self' 'unsafe-eval' 'unsafe-inline' https://static.hotjar.com/ https://googleads.g.doubleclick.net https://js.hs-analytics.net https://js.hsforms.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsadspixel.net/fb.js https://js.usemessages.com/conversations-embed.js https://l.getsitecontrol.com https://lftracker.leadfeeder.com https://s2.getsitecontrol.com https://script.hotjar.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.hotjar.com/c https://www.google-analytics.com https://snap.licdn.com/li.lms-analytics/insight.beta.min.js https://www.googletagmanager.com/ https://script.hotjar.com https://app.hubspot.com https://calendly.com https://assets.calendly.com https://static.hsappstatic.net https://player.vimeo.com https://www.googleadservices.com https://tpc.googlesyndication.com; worker-src blob:; report-uri https://evenito.report-uri.com/r/d/csp/reportOnly 1 font-src *.opayo.eu.elavon.com maxcdn.bootstrapcdn.com *.stripe.com *.google.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.opayo.eu.elavon.com *.stripe.com *.google.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.opayo.eu.elavon.com *.stripe.com *.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.paypal.com *.opayo.eu.elavon.com *.stripe.com *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com *.opayo.eu.elavon.com *.stripe.com *.google.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.opayo.eu.elavon.com maxcdn.bootstrapcdn.com *.stripe.com *.google.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.paypal.com *.opayo.eu.elavon.com *.stripe.com *.google.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src https://fonts.gstatic.com *.gstatic.com *.fontawesome.com https://www.google.com https://www.gstatic.com use.fontawesome.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://seo.mageplaza.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://h.online-metrix.net magento-cloudflare.jetrails.com www.youtube.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.getbeamer.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.googleapis.com *.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.ytimg.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.facebook.com *.getbeamer.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.googleapis.com *.gstatic.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.googletagmanager.com *.facebook.net *.getbeamer.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com unsafe-inline use.fontawesome.com *.getbeamer.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de http://dpm.demdex.net https://www.google.com https://www.gstatic.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google-analytics.com *.getbeamer.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com https://www.google.com/recaptcha/ *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.koongo.com *.gstatic.com flagpedia.net data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.avada.io *.fontawesome.com *.googleapis.com *.gstatic.com https://www.googletagmanager.com tagmanager.google.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com cdnjs.cloudflare.com/ajax/libs/highlight.js/9.3.0/styles/darkula.min.css tagmanager.google.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com *.koongo.com https://www.google-analytics.com www.gstatic.com maps.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none'; script-src 'nonce-ZgTdayleGboZUwS1SK20AQAAjho' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; base-uri 'self'; report-uri https://www.koaspeer.com/csp_process.php; 1 object-src 'none';base-uri 'self';script-src 'nonce-sYGofu5RyrvniE3RpABBBg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src https: 'strict-dynamic' 'report-sample' 'nonce-mV4nuZ9tMEsVu267cgnyPPYbAp9JWwIRgjmJYEdCEhc='; base-uri 'self';report-to csp-endpoint 1 font-src data: fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google.com *.facebook.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.google-analytics.fr *.facebook.com *.linkedin.com https://axeptio.imgix.net https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.facebook.net *.licdn.com *.axept.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com s7.addthis.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.fr *.google-analytics.com *.facebook.com *.doubleclick.net *.oribi.io *.axept.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com ekr.zdassets.com/ www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com *.sirv.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com www.facebook.com *.hotjar.com *.addthis.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.sirv.com www.xtento.com cdn.xtento.com *.googleapis.com *.gstatic.com *.tawk.to cdn.jsdelivr.net *.laybuy.com www.facebook.com www.google.com.ua www.google.pl *.cdninstagram.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com polyfill.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ s7.addthis.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.sirv.com player.vimeo.com www.xtento.com cdn.xtento.com secure.authorize.net test.authorize.net www.gstatic.com/recaptcha www.google.com/recaptcha api.addressfinder.io *.googleapis.com *.tawk.to cdn.jsdelivr.net www.google.com www.gstatic.com js-agent.newrelic.com bam.nr-data.net *.facebook.net *.laybuy.com *.hotjar.com bam.eu01.nr-data.net *.moatads.com *.addthisedge.com *.addthis.com *.osano.com cdn.pricespider.com locate.pricespider.com *.pricespider.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://static.klaviyo.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.sirv.com cdn.pricespider.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.sirv.com stergita.sirv.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.sirv.com *.facebook.net *.algolianet.com ekr.zdassets.com *.googleapis.com *.tawk.to bam.nr-data.net *.laybuy.com *.cloudfront.net stats.g.doubleclick.net t.labs.au.edge.zip.co in.hotjar.com bam.eu01.nr-data.net *.osano.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src www.facebook.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src https://cdn.riverty.design/ maxcdn.bootstrapcdn.com data: *.typekit.net *.dhlparcel.nl data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com uc8.tv 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ uc8.tv https://documents.riverty.com/ *.multisafepay.com https://pay.google.com www.facebook.com *.cookiebot.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com https://cdn.myafterpay.com/ uc8.tv https://cdn.riverty.design/ *.multisafepay.com maps.gstatic.com *.google.com.ua *.cookiebot.com *.doubleclick.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://core.helloretail.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com uc8.tv https://cdn.myafterpay.com/ https://cdn.bnpl.riverty.io/ *.multisafepay.com https://pay.google.com maps.googleapis.com cdn.ampproject.org www.gstatic.com connect.facebook.net *.hotjar.com *.dhlparcel.nl *.cookiebot.com *.clickcease.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://d1pna5l3xsntoj.cloudfront.net https://helloretailcdn.com *.multisafepay.com www.gstatic.com maxcdn.bootstrapcdn.com *.typekit.net *.dhlparcel.nl 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://core.helloretail.com https://helloretailcdn.com uc8.tv https://cdn.myafterpay.com/ https://documents.myafterpay.com/ https://documents.riverty.com/ https://www.afterpay.nl/ https://cdn.bnpl.riverty.io/ https://trace-api.newrelic.com/ https://distributions.crowdin.net/ https://api.crowdin.com/ *.multisafepay.com cdn.ampproject.org www.googleapis.com *.hotjar.io *.google.com *.googleapis.com *.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.gstatic.com *.gstatic.com data: *.development.scalapay.com *.staging.scalapay.com *.scalapay.com https://fonts.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.fontawesome.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://*.pinterest.com https://*.smartlook.com https://*.smartlook.cloud https://*.facebook.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com https://*.criteo.com https://www.googletagmanager.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://*.mainadv.com https://cl.avis-verifies.com https://*.pinterest.com https://ct.pinterest.com https://*.googlesyndication.com https://*.smartlook.com https://*.smartlook.cloud www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.googleapis.com https://*.criteo.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://*.cdninstagram.com https://*.google.com https://*.google.it https://*.yahoo.com https://*.bidswitch.net https://*.doubleclick.net https://*.adnxs.com https://*.adscale.de https://*.omnitagjs.com https://*.casalemedia.com https://*.360yield.com https://*.media.net https://*.mediavine.com https://*.outbrain.net https://*.pubmatic.com https://*.rubiconproject.com https://*.sharethrough.com https://*.smartadserver.com https://*.taboola.com https://*.teads.tv https://*.3lift.com https://*.yieldlab.net https://*.yieldmo.com https://*.smartclip.net https://*.tremorhub.com https://*.rlcdn.com https://*.pinterest.com https://*.outbrain.com https://*.adform.net https://*.krxd.net https://*.thebrighttag.com https://*.googlesyndication.com https://id5-sync.com https://*.bing.com https://*.googletagmanager.com https://*.clarity.ms https://matching.ivitrack.com https://*.smartlook.com https://*.smartlook.cloud www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com cdn.ampproject.org raw.githubusercontent.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://*.criteo.com https://*.clerk.io *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.gstatic.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://cdn.scalapay.com https://ajax.cloudflare.com https://*.pinimg.com https://*.iubenda.com https://*.googlesyndication.com https://*.bing.com https://*.doubleclick.net https://*.clarity.ms https://*.smartlook.com https://*.smartlook.cloud www.facebook.com https://*.tiktok.com connect.facebook.net graph.facebook.com business.facebook.com *.google.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com https://*.googletagmanager.com https://*.smartlook.com https://*.smartlook.cloud https://*.facebook.com *.fontawesome.com *.google.com maxcdn.bootstrapcdn.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com cdn.ampproject.org https://*.criteo.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://stats.g.doubleclick.net https://*.pinterest.com https://*.google-analytics.com https://google-analytics.com https://*.iubenda.com https://*.googlesyndication.com https://*.clarity.ms https://*.smartlook.com https://*.smartlook.cloud www.facebook.com https://*.tiktok.com https://*.bing.com connect.facebook.net graph.facebook.com business.facebook.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.gstatic.com use.typekit.net *.gstatic.com *.typekit.net *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://*.doubleclick.net https://*.google.com https://*.hotjar.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.trustpilot.com *.twitter.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net data: d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://*.doubleclick.net https://*.google.com https://*.google.co.uk *.cloudfront.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de chimpstatic.com downloads.mailchimp.com *.list-manage.com https://*.pcapredict.com/js/sensor.js https://www.googletagmanager.com https://www.google.com *.gstatic.com https://*.hotjar.com https://*.doubleclick.net https://secure.leadforensics.com https://*.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.trustpilot.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com https://*.googleapis.com *.typekit.net unsafe-inline assets.braintreegateway.com *.trustpilot.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://*.hotjar.com https://*.adobedc.net https://*.nr-data.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cloudflare.com *.twitter.com *.twimg.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1 worker-src blob:; font-src cdn.jsdelivr.net fonts.gstatic.com cdn.almapay.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com applepay.cdn-apple.com *.typekit.net *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.getalma.eu *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://www.googletagmanager.com/ www.facebook.com platform.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * api.payplug.com secure.payplug.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org *.openstreetmap.org maps.googleapis.com maps.gstatic.com https://images.unsplash.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.avis-verifies.com *.googleadservices.com *.google.fr *.facebook.com blob: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.jsdelivr.net *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de maps.googleapis.com maps.gstatic.com fonts.googleapis.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ connect.facebook.net twitter.com platform.twitter.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com api.payplug.com applepay.cdn-apple.com https://cdn.payplug.com/js/integrated-payment/ *.google-analytics.com *.jsdelivr.net *.facebook.net *.facebook.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.jsdelivr.net fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.getalma.eu *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de maps.googleapis.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleadservices.com *.google-analytics.com *.analytics.google.com *.facebook.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.addthis.com *.facebook.com *.twitter.com www.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.facebook.com *.addthisedge.com *.twitter.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com int-ecommerce.nexi.it ecommerce.nexi.it www.google.com www.gstatic.com *.googletagmanager.com *.facebook.net *.addthis.com *.moatads.com *.addthisedge.com *.twitter.com *.avada.io maps.googleapis.com cdn.ampproject.org connect.facebook.net https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com downloads.mailchimp.com maxcdn.bootstrapcdn.com www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com int-ecommerce.nexi.it ecommerce.nexi.it *.google-analytics.com https://get.geojs.io *.avada.io cdn.ampproject.org www.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com www.google.com www.gstatic.com https://www.google.com/recaptcha/ *.adyen.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com magento-cloudflare.jetrails.com www.youtube.com web.facebook.com policy.app.cookieinformation.com *.viabill.com *.yotpo.com *.trustpilot.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com static.addtoany.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.adyen.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ebizmarts-website.s3.amazonaws.com business.facebook.com *.ytimg.com scontent.cdninstagram.com web.facebook.com maps.googleapis.com *.navipartner.dk t.raptorsmartadvisor.com *.yotpo.com *.gstatic.com c.clarity.ms www.google.com c.bing.com www.google.mu bat.bing.com golfexperten.dk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com www.google.com www.gstatic.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com polyfill.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.chimpstatic.com business.facebook.com static.addtoany.com *.avada.io widgets.pinterest.com www.reddit.com api.tumblr.com maps.googleapis.com policy.app.cookieinformation.com *.viabill.com *.yotpo.com *.trustpilot.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com instant.page www.clarity.ms cdn.ipaper.io display.ipaper.io az19942.vo.msecnd.net sleeknotecustomerscripts.sleeknote.com bat.bing.com api.videoly.co sparxpres.dk dapi.videoly.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com tagmanager.google.com cdn.ipaper.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.adyen.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com graph.instagram.com https://get.geojs.io *.avada.io stats.addtoany.com policy.app.cookieinformation.com consent.app.cookieinformation.com *.yotpo.com *.sparxpres.dk sparxpres.dk https://www.google-analytics.com e.clarity.ms maxcdn.bootstrap.com display.ipaper.io stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.gstatic.com use.typekit.net *.gstatic.com data: api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.weltpixel.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com p.typekit.net *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com cdn.dnky.co webchat.dotdigital.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com cdn.dnky.co webchat.dotdigital.com https://static.klaviyo.com unsafe-inline tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com *.adobe.io performance.typekit.net *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com webchat.dotdigital.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.googleapis.com *.gstatic.com *.fontawesome.com *.yotpo.com 'self' data: *.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe https://mobbex.com *.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe *.mobbex.com https://stats.g.doubleclick.net/ *.yotpo.com *.google.com *.google.com.ar *.facebook.com *.doubleclick.net 'self' data: www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com https://www.gstatic.com/ *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe *.avada.io *.mobbex.com *.google.com *.googleoptimize.com *.gstatic.com *.googletagmanager.com *.fanplayr.com *.facebook.net *.yotpo.com *.doubleclick.net *.magentosite.cloud www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.googleapis.com *.yotpo.com *.fonts.net *.magentosite.cloud 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.googleapis.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe https://get.geojs.io *.avada.io *.mobbex.com *.google-analytics.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es https://stats.g.doubleclick.net/ *.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://paradineiro.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1 default-src 'self' 'unsafe-inline'; child-src blob:; font-src 'self' data: https://www.plateforme-apis.fr; frame-src https://h5p.org www.youtube-nocookie.com/ https://www.youtube.com/ https://docs.google.com/ https://www.plateforme-apis.fr; img-src https://h5p.org/ https://img.youtube.com/ https://www.youtube.com/ https://www.plateforme-apis.fr; script-src-elem 'self' 'unsafe-inline' https://h5p.org www.youtube.com/ https://cdn.jsdelivr.net/ https://videopress.com/ https://www.plateforme-apis.fr; media-src https://h5p.org/ https://www.youtube.com/ https://www.plateforme-apis.fr; script-src 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net/ https://www.youtube.com/ https://h5p.org/ https://meet.jit.si/ https://www.gstatic.com/; style-src 'unsafe-inline' https://www.plateforme-apis.fr; style-src-elem 'unsafe-inline' https://www.plateforme-apis.fr; worker-src blob:; report-uri https://www.plateforme-apis.fr/local/csp/collector.php?uid=0&cid=1 1 font-src *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com www.searchanise.com *.searchserverapi.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es www.searchanise.com *.searchserverapi.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com js.stripe.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es www.facebook.com platform.twitter.com www.searchanise.com *.searchserverapi.com *.twitter.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com amcglobal.sc.omtrdc.net data: *.twitter.com *.twimg.com www.google.com www.google.ru www.searchanise.com *.searchserverapi.com s3.amazonaws.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com js.stripe.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.avada.io connect.facebook.net twitter.com platform.twitter.com searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com *.searchserverapi.com *.searchanise.com api.amplitude.com *.twitter.com *.twimg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com www.searchanise.com *.searchserverapi.com searchanise-ef84.kxcdn.com s3.amazonaws.com *.twitter.com ton.twimg.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es api.amplitude.com stats.g.doubleclick.net www.google-analytics.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.gstatic.com *.gstatic.com data: fonts.googleapis.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.dotdigital-pages.com *.dotdigital.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadolibre.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com cdn.ampproject.org raw.githubusercontent.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mlstatic.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com cdn.ampproject.org *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadopago.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-38e4f954d6594bdb92c520b4da592ce1' https://mychart-p.well-net.org 'self';img-src https://* 'self' blob: data:;style-src https://mychart-p.well-net.org 'self' 'unsafe-inline';form-action 'self';media-src https://* 'self'; 1 default-src 'self'; script-src 'self' static.dynamicsignal.com cdn.pendo.io data.pendo.io platform.twitter.com connect.facebook.net assets.adobedtm.com 'nonce-a794eb19146c6f490bd229c4d4266740'; style-src 'self' static.dynamicsignal.com *.cloudfront.net *.googleapis.com maxcdn.bootstrapcdn.com 'unsafe-inline'; font-src * data: blob:; img-src * data: blob:; media-src * data: blob:; frame-src 'self' www.youtube.com platform.twitter.com www.facebook.com reg.voicestorm.com reg-eu.voicestorm.com reg.voicestorm.biz reg.dynamicsignal.com; manifest-src *; connect-src cdn.pendo.io data.pendo.io 'self' static.dynamicsignal.com api.dynamicsignal.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com translate.google.com *.googleapis.com *.cloudfront.net *.doubleclick.net platform.twitter.com connect.facebook.net assets.adobedtm.com olivia.paradox.ai gateway.zscloud.net relay.voicestorm.com relay-eu.voicestorm.com relay.voicestorm.biz relay.dynamicsignal.com freq.voicestorm.com freq-eu.voicestorm.com freq.voicestorm.biz freq.dynamicsignal.com api.voicestorm.com api-eu.voicestorm.com api.voicestorm.biz api.dynamicsignal.com apigateway.voicestorm.com apigateway-eu.voicestorm.com apigateway.voicestorm.biz apigateway.dynamicsignal.com streaming.voicestorm.com:* streaming-eu.voicestorm.com:* streaming.voicestorm.biz:* streaming.dynamicsignal.com:*; object-src 'none'; base-uri 'none' 1 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.google.com *.doubleclick.net *.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com https://images.unsplash.com https://www.google.fr https://api.mapbox.com *.tile.openstreetmap.org https://maps.googleapis.com https://maps.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com https://cdnjs.cloudflare.com https://maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.adyen.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com https://nominatim.openstreetmap.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'none'; img-src https://www.proefjes.nl/images/; script-src https://www.proefjes.nl/scripts/; style-src https://www.proefjes.nl/styles/; form-action 'none'; base-uri https://www.proefjes.nl/; frame-ancestors 'none'; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' bat.bing.com www.clarity.ms code.jquery.com *.civiccomputing.com *.matomo.cloud cdn.ijsweb.com cdn-vtech-jouets.vtech.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com *.google.com *.google.com.hk *.gstatic.com www.youtube.com bid.g.doubleclick.net googleads.g.doubleclick.net social-sb.com static-sb.com assets.app.smart-tribune.com polyfill.io stv2-uploads-prod.s3.eu-west-3.amazonaws.com *.clic2buy.com www.actito.be fonts.googleapis.com; frame-src *.fls.doubleclick.net *.google.com *.gstatic.com api-gateway.app.smart-tribune.com www.youtube-nocookie.com *.doubleclick.net vtech-email.quicksupportlink.com *.clic2buy.com www.actito.be; frame-ancestors 'self' www.actito.be 1 font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-SGclLZQL0XjUy5mTICLB_A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src 'strict-dynamic' 'nonce-xJcWxjeIdeJGuv6y9zN1RA=='; 1 form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com 'self'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; style-src *.googleapis.com *.postescanada-canadapost.ca *.adobe.com downloads.mailchimp.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline *.yotpo.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; font-src data: *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; img-src *.googletagmanager.com *.google.com *.gstatic.com *.google.ca *.google-analytics.com *.googleapis.com *.hsforms.net googleadservices.com google-analytics.com paypalobjects.com *.braintreegateway.com www.paypal.com *.cardinalcommerce.com *.paypal.com *.vimeo.com *.youtube.com *.hsforms.com google-analytics.com *.curalate.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.bird.eu ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.facebook.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; frame-src *.googletagmanager.com *.google.com *.gstatic.com *.google.ca *.google-analytics.com *.googleapis.com *.hsforms.net googleadservices.com google-analytics.com paypalobjects.com *.braintreegateway.com www.paypal.com *.cardinalcommerce.com *.paypal.com *.vimeo.com *.youtube.com *.hsforms.com google-analytics.com youtube.com fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com 'self' 'unsafe-inline'; connect-src *.googletagmanager.com *.google.com *.gstatic.com *.google.ca *.google-analytics.com *.googleapis.com *.hsforms.net googleadservices.com google-analytics.com paypalobjects.com *.braintreegateway.com www.paypal.com *.cardinalcommerce.com *.paypal.com *.vimeo.com *.youtube.com *.hsforms.com google-analytics.com *.doubleclick.net dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; script-src *.googletagmanager.com *.google.com *.gstatic.com *.google.ca *.google-analytics.com *.googleapis.com *.hsforms.net googleadservices.com google-analytics.com paypalobjects.com *.braintreegateway.com www.paypal.com *.cardinalcommerce.com *.paypal.com *.vimeo.com *.youtube.com *.hsforms.com google-analytics.com *.postescanada-canadapost.ca *.bootstrapcdn.com *.curalate.com cdn-cookieyes.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com *.facebook.net *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; 1 font-src fonts.gstatic.com use.typekit.net https://fonts.gstatic.com *.googleapis.com *.gstatic.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com secure-gateway.hipay-tpp.com *.hipay.com *.weltpixel.com https://thinglink.com/ https://app.usercentrics.eu/ www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com *.googleapis.com *.gstatic.com https://widgets.trustedshops.com/ https://integrations.etrusted.com/ https://app.usercentrics.eu/ *.facebook.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ secure-gateway.hipay-tpp.com *.hipay.com mpsnare.iesnare.com https://cdnjs.cloudflare.com https://widgets.trustedshops.com/ https://integrations.etrusted.com/ https://cdn.thinglink.me/ https://app.usercentrics.eu/ https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com https://fonts.googleapis.com *.hipay.com https://cdnjs.cloudflare.com https://integrations.etrusted.com/ tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com data: mpsnare.iesnare.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.googleapis.com *.hipay.com wss://mpsnare.iesnare.com https://integrations.etrusted.com/ https://app.usercentrics.eu/ https://api.usercentrics.eu/ *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-jpP-1t_KBHzwCI9vs2ALVg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.googleapis.com *.gstatic.com 'self' data: *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.zopim.com cdn.checkout.com *.klevu.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.twitter.com *.facebook.net *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.twitter.com *.google.com *.trustpilot.com *.checkout.com *.hotjar.com *.doubleclick.net *.epdq.co.uk *.demdex.net *.facebook.net *.facebook.com websiteintegration.source.thenbs.com business.facebook.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.gstatic.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.google.com *.google.co.uk *.zopim.com *.doubleclick.net d23yuld0pofhhw.cloudfront.net *.googletagmanager.com *.eidemo.biz *.facebook.net *.facebook.com *.google.co.in *.demdex.net *.omtrdc.net maps.googleapis.com *.klevu.com *.postcodeanywhere.co.uk *.paypalobjects.com https://cm.everesttech.net *.trustpilot.com amasty.com *.ayko.com *.aqualisa.co.uk *.hubspot.com *.hsforms.com business.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.com *.googletagmanager.com *.googlecommerce.com *.doubleclick.net *.trustpilot.com *.zopim.com *.zdassets.com *.payments-amazon.com *.amazon.com *.local.com maps.googleapis.com *.checkout.com *.aspnetcdn.com *.hotjar.com *.gatorleads.co.uk *.facebook.net *.facebook.com *.aqualisa.co.uk *.aqualisa.co.uk:8085 *.sellxed.com *.klevu.com https://bam.nr-data.net https://js-agent.newrelic.com *.pcapredict.com *.braintreegateway.com *.postcodeanywhere.co.uk *.nr-data.net *.newrelic.com *.hs-scripts.com *.hs-analytics.net *.hscollectedforms.net *.hs-banner.com jquery.sellxed.com *.avada.io business.facebook.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.fontawesome.com *.checkout.com *.klevu.com *.postcodeanywhere.co.uk *.trustpilot.com *.google.com https://optimize.google.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.zdassets.com *.zopim.com *.amazon.com 'self' wss: *.checkout.com *.google-analytics.com *.doubleclick.net *.aqualisa.co.uk *.aqualisa.co.uk:8085 *.hotjar.com *.facebook.net *.facebook.com *.demdex.net https://bam.nr-data.net *.postcodeanywhere.co.uk *.amcglobal.sc.omtrdc.net *.hotjar.io *.trustpilot.com *.klevu.com *.nr-data.net *.ksearchnet.com *.hubspot.com https://get.geojs.io *.avada.io business.facebook.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 script-src 'nonce-DxJzkwcQWKR_kycDS_ItnQ' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none' 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: newassets.hcaptcha.com www.statcounter.com www.google.ca *.gstatic.com cdn.statuspage.io *.facebook.net app.trustev.com *.snapchat.com www.google.com js.hcaptcha.com z8sh6nsldxtk.statuspage.io use.fontawesome.com www.googletagmanager.com www.google-analytics.com *.doubleclick.net sc-static.net google.com *.facebook.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 font-src fonts.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.mercadolibre.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.croapp.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.mlstatic.com *.mercadopago.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com fonts.googleapis.com fonts.gstatic.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.mercadopago.com *.mercadolibre.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.googleapis.com *.gstatic.com *.fontawesome.com *.zopim.com fonts.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.magerocket.com *.gocuotas.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.addthis.com *.doubleclick.com *.getblue.io *.addtoany.com *.magerocket.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.weltpixel.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe *.gocuotas.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com *.metricool.com *.google.com.ar *.google.com *.storydots.app storydots.app *.magerocket.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe *.gocuotas.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.aptrinsic.com *.facebook.net *.facebook.com *.zopim.com *.zdassets.com *.embluemail.com *.getblue.io *.doubleclick.com *.newrelic.com *.nr-data.net *.addtoany.com *.woowup.com *.storydots.app storydots.app *.magerocket.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe *.gocuotas.com https://www.googletagmanager.com tagmanager.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com unsafe-inline *.fontawesome.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.net *.facebook.com *.zopim.com *.zdassets.com *.doubleclick.com *.nr-data.net *.storydots.app storydots.app *.magerocket.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe *.gocuotas.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.aptrinsic.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.sharethis.com *.google.com/ www.googletagmanager.com *.yotpo.com *.sendcloud.sc *.jsdelivr.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.sharethis.com https://static.buckaroo.nl ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://www.magezon.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com flagpedia.net *.yotpo.com *.amazonaws.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com polyfill.io https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl chimpstatic.com downloads.mailchimp.com *.list-manage.com *.googleapis.com *.google.com *.gstatic.com *.avada.io *.google.com/ connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com maps.googleapis.com *.yotpo.com *.sendcloud.sc *.jsdelivr.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl downloads.mailchimp.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com maxcdn.bootstrapcdn.com *.yotpo.com *.sendcloud.sc *.jsdelivr.net unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net www.gstatic.com maps.googleapis.com *.yotpo.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-ufw8aBzGLtR0odyrZF80mA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src 'strict-dynamic' 'nonce-+6nFjyrFl/nMzBuUpZ72fg=='; 1 font-src *.sagepay.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.sagepay.com *.nosto.com *.nos.to *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com *.dotdigital-pages.com *.dotdigital.com *.online-metrix.net pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.sagepay.com *.nosto.com *.nos.to c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.afd.co.uk www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com *.paypal.com *.sagepay.com ebizmarts-website.s3.amazonaws.com *.nosto.com *.nos.to www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io www.google.com *.afd.co.uk testflex.cybersource.com flex.cybersource.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal *.online-metrix.net pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com songbirdstag.cardinalcommerce.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.sagepay.com *.nosto.com *.nos.to js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.sagepay.com *.nosto.com *.nos.to unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com thm.visa.com webchat.dotdigital.com webchat.staging.dotdigital.com *.paypal.com *.sagepay.com *.nosto.com *.nos.to api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 script-src 'self' api.tiles.mapbox.com https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com; script-src-attr 'self'; style-src 'self' api.tiles.mapbox.com cache.addthiscdn.com https://cdnjs.cloudflare.com; style-src-attr 'self'; frame-ancestors 'self' 1 object-src 'none';base-uri 'self';script-src 'nonce-0QyKQOYt2TEUMgKPzYTY0A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.gstatic.com *.gstatic.com data: fonts.googleapis.com *.fontawesome.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com cdn.dnky.co webchat.dotdigital.com *.mercadolibre.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com cdn.ampproject.org raw.githubusercontent.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com cdn.dnky.co webchat.dotdigital.com *.googletagmanager.com *.facebook.net *.avada.io *.mlstatic.com *.mercadopago.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com cdn.ampproject.org *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com webchat.dotdigital.com *.google-analytics.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolibre.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cc.cdn.civiccomputing.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://reports.hrmdirect.com https://*.etcconnect.com;style-src 'self' 'unsafe-inline' https://hello.myfonts.net https://reports.hrmdirect.com https://www.highend.com https://fonts.googleapis.com https://*.etcconnect.com;object-src 'none';img-src 'self' data: https://www.google-analytics.com https://www.facebook.com https://*.etcconnect.com;report-uri /Handlers/CspReports.ashx?type=REPORTONLY; 1 upgrade-insecure-requests; default-src 'self' https://*.motorcar.com https://*.ebizautos.media; img-src *; script-src 'self' 'unsafe-inline' *; font-src *; media-src *; frame-src *; manifest-src 'self'; style-src 'self' 'unsafe-inline' *; connect-src https://*; object-src 'none'; worker-src 'none'; base-uri 'self'; report-uri https://ebizautos.report-uri.com/r/t/csp/reportOnly; 1 font-src fonts.gstatic.com use.typekit.net *.fontawesome.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com https://js.digitalriverws.com landofcoder.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://ui1.img.digitalrivercontent.net *.alothemes.com *.magepow.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com commerce.adobedtm.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://js.digitalriverws.com landofcoder.com *.alothemes.com *.magepow.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://js.digitalriverws.com *.fontawesome.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com commerce.adobedtm.com commerce.adobedc.net *.snplow.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io landofcoder.com *.alothemes.com *.magepow.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.afterpay.com https://site-assets.afterpay.com/ *.trackedlink.net flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net app.zinrelo.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com player.vimeo.com *.gstatic.com maps.googleapis.com https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static.afterpay.com/ *.squarecdn.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com maxcdn.bootstrapcdn.com *.gstatic.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com static.afterpay.com static.sandbox.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.clearpay.co.uk *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.googleapis.com *.gstatic.com fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com *.fontawesome.com data: maxcdn.bootstrapcdn.com https://geowidget.easypack24.net 'self' data: fonts.bunny.net admor.co data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.facebook.com sandbox.przelewy24.pl secure.przelewy24.pl paywall.imoje.pl process.paypo.pl eblik.pl javascript admor.co 'self' 'unsafe-inline'; frame-ancestors admor.co 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: cdn.dnky.co *.hotjar.com *.google.com *.facebook.com *.trustpilot.com *.criteo.com https://geowidget-app.inpost.pl/ admor.co 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com https://images.unsplash.com *.google.com *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.linkedin.com *.googletagmanager.com gallery.mailchimp.com *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net static.przelewy24.pl www.gstatic.com gstatic.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org 'self' data: scontent-waw1-1.cdninstagram.com www.google.pl scontent-fra5-2.cdninstagram.com scontent-fra5-1.cdninstagram.com scontent-fra3-2.cdninstagram.com scontent.cdninstagram.com scontent-vie1-1.cdninstagram.com us-ms.gr-cdn.com scontent-fra3-1.cdninstagram.com data.imoje.pl www.google.co.uk www.google.com.tr www.google.hu www.przelewy24.pl pagead2.googlesyndication.com www.admor.co admor.co *.google.pl *.gr-cdn.com *.googleadservices.com *.google-analytics.com *.cdninstagram.com *.imoje.pl embedsocial.com *.embedsocial.com *.googlesyndication.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.google.com *.googletagmanager.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytics.com *.trustpilot.com cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com cdn.mouseflow.com *.avada.io sandbox.przelewy24.pl secure.przelewy24.pl https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org ga.getresponse.com www.google.com code.jquery.com cdnjs.cloudflare.com admor.co *.apptrian.com *.facebook.com *.getresponse.com *.gr-cdn.com *.cookiefirst.com *.embedsocial.com embedsocial.com *.googlesyndication.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com https://geowidget.easypack24.net https://geowidget.inpost.pl *.gstatic.com fonts.cdnfonts.com cdnjs.cloudflare.com geowidget.inpost.pl admor.co fonts.bunny.net *.cookiefirst.com *.embedsocial.com embedsocial.com *.googlesyndication.com 'self' 'unsafe-inline'; object-src admor.co none 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.zopim.com https://geowidget.easypack24.net data admor.co *.google.pl *.google.com *.googlesyndication.com 'self' 'unsafe-inline'; manifest-src admor.co 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.clarity.ms *.facebook.com *.datatrics.com https://get.geojs.io *.avada.io sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com *.easypack24.net *.inpost.pl *.openstreetmap.org t.elasticsuite.io region1.analytics.google.com ga2.getresponse.com graph.instagram.com analytics.pangle-ads.com adservice.google.com ts.getresponse.pl popups1-show.getresponse.com popups1-s.getresponse.com www.google.gr data service.gstatic-cache.com d2pky5fwbi4lk0.cloudfront.net www.google.hr admor.co *.instagram.com *.getresponse.com *.google.pl google.pl google.com *.google.com *.pangle-ads.com *.getresponse.pl *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.tiktok.com *.apptrian.com *.get.geojs.io *.cookiefirst.com embedsocial.com *.embedsocial.com *.googlesyndication.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com admor.co http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com admor.co 'self' 'unsafe-inline' 'unsafe-eval'; base-uri admor.co 'self' 'unsafe-inline'; report-uri /csp_reporter.php; 1 font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com https://static.unzer.com https://applepay.cdn-apple.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.doubleclick.net *.facebook.com https://*.cookiebot.com https://payment.unzer.com/ https://payment.heidelpay.com/ https://sbx-payment.heidelpay.com/ https://h.online-metrix.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net https://stats.g.doubleclick.net *.googletagmanager.com *.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.google.de https://services.postcodeanywhere.co.uk https://*.cookiebot.com *.hsforms.net *.hsforms.com https://dildoking.de https://*.dildoking.de https://*.cloudfront.net https://static.unzer.com *.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.google.bg https://www.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com jsd-widget.atlassian.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.cookiebot.com https://rec.smartlook.com https://click11202.pcapredict.com https://services.postcodeanywhere.co.uk *.hsforms.net *.hsforms.com https://js-agent.newrelic.com https://*.channeladvisor.com https://*.payments-amazon.com https://bam.nr-data.net https://static.unzer.com https://applepay.cdn-apple.com https://code.jquery.com https://h.online-metrix.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://static.klaviyo.com https://services.postcodeanywhere.co.uk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.facebook.com *.facebook.net *.google.com jsd-widget.atlassian.com api-private.atlassian.com api.friendlycaptcha.com eu-api.friendlycaptcha.eu https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://clickpool.tt.omtrdc.net https://*.cookiebot.com https://*.smartlook.cloud https://googleads.g.doubleclick.net https://services.postcodeanywhere.co.uk t.elasticsuite.io *.hsforms.net *.hsforms.com https://*.paypal.com https://*.amazon.com https://bam.nr-data.net https://payment.unzer.com https://payment.heidelpay.com https://sbx-payment.heidelpay.com https://api.unzer.com https://api.heidelpay.com https://sbx-api.heidelpay.com https://h.online-metrix.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.klevu.com *.hotjar.com *.typekit.net *.reviews.io *.cloudfront.net *.topfurniture.co.uk *.icomoon.io *.stripe.com *.google.com *.opayo.eu.elavon.com *.klarnacdn.net *.ksearchnet.com *.fontawesome.com *.reviews.co.uk data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.googlesyndication.com *.hotjar.com *.stripe.com *.google.com *.opayo.eu.elavon.com *.nosto.com *.nos.to *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; frame-ancestors *.reviews.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.google.com/ *.hotjar.com *.addthis.com *.pinterest.com *.reviews.io *.paypalobjects.com *.finance-calculator.co.uk *.stripe.com *.opayo.eu.elavon.com *.klarna.com *.nosto.com *.nos.to *.reviews.co.uk 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.bing.com *.klevu.com *.clarity.ms *.reviews.io *.norton.com *.onetrust.com *.pinterest.com *.cloudfront.net *.klarnacdn.net *.google.co.uk *.topfurniture.co.uk t.co *.twitter.com https://images.unsplash.com *.stripe.com ebizmarts-website.s3.amazonaws.com *.paypal.com *.opayo.eu.elavon.com *.klarna.com *.klarnaevt.com *.ksearchnet.com *.nosto.com *.nos.to *.reviews.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com *.bing.com *.klevu.com *.nosto.com *.hotjar.com *.pinimg.com *.tiktok.com *.addthis.com *.moatads.com *.clarity.ms *.onetrust.com *.zdassets.com *.cloudflare.com *.pcapredict.com *.klarnacdn.net *.reviews.io *.trustpilot.com *.addthisedge.com *.trackedlink.net *.topfurniture.co.uk *.reviews.co.uk *.postcodeanywhere.co.uk static.ads-twitter.com *.stripe.com *.opayo.eu.elavon.com *.klarna.com *.klarnaservices.com js.klevu.com *.ksearchnet.com s7.addthis.com *.avada.io *.nos.to 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com data: *.klevu.com *.myfonts.net *.typekit.net *.cloudfront.net *.reviews.io *.topfurniture.co.uk *.reviews.co.uk *.postcodeanywhere.co.uk *.icomoon.io *.stripe.com *.google.com *.opayo.eu.elavon.com *.klarnacdn.net *.ksearchnet.com *.fontawesome.com *.nosto.com *.nos.to 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src *.topfurniture.co.uk 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com *.bing.com *.zopim.com *.hotjar.com *.tiktok.com *.clarity.ms topfurnitureltd.zendesk.com *.onetrust.com *.zdassets.com *.hotjar.io *.pinterest.com wss://widget-mediator.zopim.com *.postcodeanywhere.co.uk *.reviews.io *.topfurniture.co.uk *.reviews.co.uk *.playground.klarnaevt.com google.com *.stripe.com *.paypal.com *.opayo.eu.elavon.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com *.klevu.com *.ksearchnet.com ekr.zdassets.com/ https://get.geojs.io *.avada.io *.nosto.com *.nos.to *.cloudfront.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.feedbackcompany.com *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com https://*.hotjar.com https://*.tawk.to data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.feedbackcompany.com https://*.tawk.to https://www.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ https://www.googletagmanager.com/ https://*.tawk.to https://*.doubleclick.net https://www.facebook.com https://assets.pinterest.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com *.feedbackcompany.com 'self' data: http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://*.analytics.google.com https://*.clarity.ms https://*.google-analytics.com https://*.googletagmanager.com https://*.hotjar.com https://*.linkedin.com https://*.tawk.to https://bat.bing.com https://c.bing.com https://cdn.jsdelivr.net https://googleads.g.doubleclick.net https://tawk.link https://www.google.nl https://www.facebook.com https://i.pinimg.com https://log.pinterest.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com d2a6mddvzruxpc.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.feedbackcompany.com bam.nr-data.net bam-cell.nr-data.net js-agent.newrelic.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://*.googletagmanager.com https://*.hotjar.com https://*.tawk.to https://bat.bing.com https://connect.facebook.net https://cdn.jsdelivr.net https://googleads.g.doubleclick.net https://snap.licdn.com https://script.adcalls.nl https://www.clarity.ms https://www.google.com https://www.googleadservices.com https://www.googleoptimize.com https://assets.pinterest.com https://widgets.pinterest.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://components.vanhelden.nl 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com maxcdn.bootstrapcdn.com https://*.hotjar.com https://*.tawk.to https://cdn.jsdelivr.net https://fonts.googleapis.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://*.tawk.to https://v.pinimg.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.feedbackcompany.com bam.nr-data.net bam-cell.nr-data.net http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://*.analytics.google.com https://*.clarity.ms https://*.google-analytics.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://*.tawk.to https://api.adcalls.nl https://bat.bing.com https://cdn.linkedin.oribi.io https://fonts.gstatic.com https://www.facebook.com wss://*.hotjar.com wss://*.tawk.to api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://components.vanhelden.nl 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-gcGNPimP9ygf94SRecjUQQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-BvFBvLRaZpIY1hsy936C5A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 connect-src 'self' dc.services.visualstudio.com *.vo.msecnd.net js.monitor.azure.com *.google-analytics.com financereports.ipcoop.com content.ipcoop.com; default-src 'self' data: *.dataweavers.io www.googletagmanager.com *.google-analytics.com financereports.ipcoop.com content.ipcoop.com; font-src 'self' fonts.gstatic.com *.dataweavers.io content.ipcoop.com hello.myfonts.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com *.google-analytics.com dc.services.visualstudio.com *.vo.msecnd.net js.monitor.azure.com data: *.dataweavers.io blob: financereports.ipcoop.com content.ipcoop.com unpkg.com ipcoop.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.dataweavers.io financereports.ipcoop.com content.ipcoop.com hello.myfonts.net; 1 object-src 'none';base-uri 'self';script-src 'nonce-Qgo3OdBjaXsrKPP_BhJr6g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src fonts.gstatic.com use.typekit.net data: *.fontawesome.com *.gstatic.com 'self' data: https://surveys-static.survicate.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com cdn.dnky.co amc.demdex.net www.google.com www.facebook.com youtube.com *.mercadolibre.com mldp.mercadopago.com www.mercadolibre.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.gstatic.com maps.googleapis.com accounts.google.com www.facebook.com imgmp.mlstatic.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar 'self' data: www.mercadolibre.com www.mercadolibre.com.mx www.mercadolibre.com.ar www.mercadolibre.com.br a248.e.akamai.net mercadolivre.com.br www.mercadolivre.com.br www.mercadolivre.com.mx www.mercadolivre.com.ar www.mercadopago.com secure.mlstatic.com https://agentcore.s3.amazonaws.com https://www.google.com.ar https://c.clarity.ms https://c.bing.com https://www.mercadolivre.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net use.typekit.net commerce.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com connect.facebook.net player.vimeo.com *.mlstatic.com https://www.google.com.ar *.gstatic.com http2.mlstatic.com secure.mlstatic.com https://maps.googleapis.com https://cdn.agentbot.net https://agentcore.s3.amazonaws.com https://www.googleoptimize.com https://www.clarity.ms https://survey.survicate.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co *.fontawesome.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://agentcore.s3.amazonaws.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com performance.typekit.net commerce.adobe.net api.comapi.com bam.nr-data.net *.mercadopago.com *.google-analytics.com api.mercadopago.com events.mercadopago.com www.mercadolibre.com https://stats.g.doubleclick.net https://adapter.aivo.co https://i.clarity.ms https://f.clarity.ms https://www.facebook.com https://www.mercadopago.com.mx https://maps.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 require-trusted-types-for 'script';report-uri /_/ShoppingUi/cspreport 1 object-src 'none';base-uri 'self';script-src 'nonce-Do8FNVxCFzeUbTYcu4K6qQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.zopim.com data: cdn.checkout.com *.postcodeanywhere.co.uk *.bootstrapcdn.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.securetrading.net 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.twitter.com *.google.com *.trustpilot.com *.checkout.com *.cookiebot.com *.postcodeanywhere.co.uk *.securetrading.net *.doubleclick.net *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.google.com *.google.co.uk *.zopim.com *.doubleclick.net *.gstatic.com d23yuld0pofhhw.cloudfront.net *.googletagmanager.com *.postcodeanywhere.co.uk *.bing.com *.zdassets.com *.googleapis.com *.lsengineers.co.uk *.google.co.in https://placehold.it *.ayko.com gardenhirespares.co.uk *.placeholder.com placeholder.com http://via.placeholder.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.com *.googletagmanager.com *.googlecommerce.com *.doubleclick.net *.trustpilot.com *.zopim.com *.zdassets.com *.payments-amazon.com *.amazon.com *.local.com *.googleapis.com *.checkout.com *.pcapredict.com *.trackedweb.net *.cookiebot.com *.adyen.com *.postcodeanywhere.co.uk *.mouseflow.com *.newrelic.com *.nr-data.net *.bing.com *.zendesk.com *.googleadservices.com *.securetrading.net *.zonos.com *.iglobalstores.com *.cookiefirst.com https://unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.fontawesome.com *.checkout.com *.trackedweb.net *.postcodeanywhere.co.uk *.bootstrapcdn.com *.cookiefirst.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.zdassets.com *.zopim.com *.amazon.com 'self' wss: *.checkout.com *.trackedweb.net *.postcodeanywhere.co.uk *.google-analytics.com *.doubleclick.net *.nr-data.net *.zendesk.com *.zonos.com *.googleapis.com *.bing.com *.cookiefirst.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com https://www.correios.com.br 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com assets.braintreegateway.com cdn.dnky.co webchat.dotdigital.com *.mercadolibre.com www.facebook.com www.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com validator.swagger.io *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net js.braintreegateway.com www.youtube.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.mlstatic.com *.mercadopago.com *.pagseguro.com.br maps.googleapis.com cdn.ampproject.org www.gstatic.com connect.facebook.net www.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com www.gstatic.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com assets.braintreegateway.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com *.mercadopago.com *.mercadolibre.com https://ws.correios.com.br cdn.ampproject.org 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fa2ccg.acquire.io www.dkvdirecto.com static.acquire.io *.dkvseguros.com www.google.es www.dkvdirect-on.com rum-static.pingdom.net region1.analytics.google.com www.googletagmanager.com www.google.com.pe analytics.google.com *.googleapis.com *.doubleclick.net rum-collector-2.pingdom.net areadelcliente.dkvdirect-on.com *.gstatic.com wss://fa2ccg.acquire.io cdn.cookie-script.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com https://geowidget.easypack24.net *.fontawesome.com maxcdn.bootstrapcdn.com https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com secure.payu.com merch-prod.snd.payu.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com www.google.pl https://static.paynow.pl https://geowidget.easypack24.net https://osm.inpost.pl static.payu.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com https://unpkg.com https://cdn.jsdelivr.net https://api.mapbox.com https://geowidget.easypack24.net secure.payu.com secure.snd.payu.com *.snrbox.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://geowidget.easypack24.net *.snrcdn.net *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com https://stats.g.doubleclick.net https://api.mapbox.com https://events.mapbox.com https://api-shipx-pl.easypack24.net secure.payu.com merch-prod.snd.payu.com *.snrbox.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com t.elasticsuite.io *.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' marpax.com.br *.marpax.com.br marpax.fbitsstatic.net fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br dzpxyxks1bfmb.cloudfront.net *.gstatic.com *.soclminer.com.br *.btg360.com.br *.socialminer.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.mercadopago.com *.mlstatic.com *.smarthint.co *.conectiva.io *.sunset.systems *.cartstack.com.br *.app.cartstack.com *.performa.ai *.cupom.social *.conectiva.app conectiva.io app.conectiva.io vm.conectiva.io conectiva.app api.performa.ai valid.performa.ai cartstack.com.br app.cartstack.com.br api.cartstack.com.br sunset.systems api.sunset.systems cupom.social app.cupom.social cdn.performa.ai googleads.g.doubleclick.net connect.facebook.net *.facebook.net *.g.doubleclick.net eficazmarketing.com *.google.com.br *.googleadservices.com *.tiktok.com *.fbitsstatic.net marpax.fbitsstatic.net google.es analytics.tiktok.com *.google.es *.eficazmarketing.com googletagmanager.com *.googletagmanager.com *.mailclick.me *.s3.amazonaws.com *.movidesk.com *.global-cache.online *.pangle-ads.com *.yviews.com.br *.ecmacore.com *.co.uk *.google.com *.google.de *.clearsale.com.br *.fbits.net *.google-analytics.com analytics.pangle-ads.com s.pinimg.com *.pinimg.com facebook.com *.facebook.com *.googlesyndication.com *.pinterest.com *.doubleclick.net *.clarity.ms *.hotjar.com *.bing.com *.pn.vg *.hertzen.com *.lomadee.com *.online-metrix.net *.bonifiq.com.br *.properties *.pagespeed-mod.com *.com.py *.conoret.com *.nr-data.net *.w88p9x.com *.fbits.store *.adyen.com ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.marpax.com.br marpax.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' mpozenato.com.br *.mpozenato.com.br MPozenato.fbitsstatic.net fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com cloudflare.com doubleclick.net linximpulse.net crazyegg.com retargeter.com.br googleadservices.com mlstatic.com shopconvert.com.br hotjar.com hotjar.io smarthint.co ebit.com.br viptarget.com.br mercadopago.com shoptarget.com.br directtalk.com.br googleapis.com shopback.net montacasa.com.br *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com *.shopconvert.com.br *.hotjar.com *.hotjar.io *.smarthint.co *.googleadservices.com *.mlstatic.com *.crazyegg.com *.retargeter.com.br *.cloudflare.com *.doubleclick.net *.linximpulse.net *.mercadopago.com *.shoptarget.com.br *.ebit.com.br *.viptarget.com.br *.montacasa.com.br *.directtalk.com.br *.googleapis.com *.shopback.net wss://signalr.fbits.net gstatic.com k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br track.omguk.com *.omguk.com *.lomadee.com *.vendavalida.com.br dzpxyxks1bfmb.cloudfront.net s.pinimg.com *.pinimg.com receiver.posclick.dinamize.com *.posclick.dinamize.com ct.pinterest.com *.pinterest.com d3u0jcwe5p7qrc.cloudfront.net d2rp1k1dldbai6.cloudfront.net cybba-bucket.s3.amazonaws.com storage.googleapis.com *.amazon-adsystem.com *.s3.amazonaws.com *.cybba.solutions *.rtb123.com *.cybba.us *.adnxs.com *.stackadapt.com *.adsrvr.org *.facebook.net *.enviou.com.br *.gstatic.com *.soclminer.com.br *.btg360.com.br *.socialminer.com signalrcore.fbits.net wss://signalrcore.fbits.net koinprod.azurewebsites.net payments.koin.com.br koinhomolog.azurewebsites.net *.blob.core.windows.net *.g2afse.com rankmediabrasil.g2afse.com *.cloudfront.net samuraiexpertsstorage.blob.core.windows.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.fbits.store *.adyen.com ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.mpozenato.com.br mpozenato.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho 1 default-src 'self' data: *.youtube.com *.testimonial.to *.stripe.com unpkg.com *.cloudflare.com *.datatables.net *.recurly.com *.facebook.net *.facebook.com *.trychameleon.com *.googleapis.com *.gstatic.com *.app-us1.com *.trackcmp.net *.google.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.sentry-cdn.com *.sentry.io *.hubspot.com *.hubapi.com cdn-cookieyes.com *.cookieyes.com *.hscollectedforms.net *.hs-banner.com *.hs-analytics.com *.hotjar.com;script-src 'nonce-KpmRntCdG12CLFaSUe8eyYH' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https: http:;style-src * 'unsafe-inline';object-src 'self';img-src * data:;font-src * data:;report-uri https://myconsultation.report-uri.com/r/d/csp/reportOnly 1 font-src *.typekit.net fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: *.fontawesome.com https://fonts.gstatic.com 'self' data: *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com www.googletagmanager.com www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * https://s7.addthis.com z.moatads.com *.google.com/ https://player.vimeo.com https://www.youtube-nocookie.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net p.typekit.net *.gstatic.com *.googleapis.com www.apptrian.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.google.com *.omappapi.com https://www.magezon.com https://redchamps.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net cdn.ampproject.org raw.githubusercontent.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://s7.addthis.com api.cartstack.com z.moatads.com acsbapp.com a.omappapi.com v1.addthisedge.com m.addthis.com api-public.addthis.com static.hotjar.com static.doubleclick.net script.hotjar.com tools.luckyorange.com *.google.com/ https://player.vimeo.com https://www.youtube.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com a.omappapi.com *.fontawesome.com https://fonts.googleapis.com http://fonts.googleapis.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.paypal.com *.adobe.io performance.typekit.net *.sentry.io cdn.ampproject.org *.googleapis.com www.apptrian.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com cdn.acsbapp.com api.omappapi.com api-public.addthis.com stats.g.doubleclick.net in.hotjar.com wsp34.hotjar.com content.hotjar.io m.addthis.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' seustillo.com.br *.seustillo.com.br seustillo.fbitsstatic.net fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br dzpxyxks1bfmb.cloudfront.net *.gstatic.com *.soclminer.com.br *.btg360.com.br *.socialminer.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com tagmanager.google.com business.facebook.com analytics.google.com *.googleadservices.com *.g.doubleclick.net *.*rdstation.com.br *.rdstation.com.br popups.rdstation.com.br static.i-goal.com.br analytics.i-goal.com.br *.mimo.com.br assets-shorts.mimo.com.br *.shorts.mimo.com.br *.fbits.store analytics.tiktok.com *.tiktok.com *.adyen.com *.googleapis.com *.google.com *.google.com* *.googleapis.com* *.i-goal.com.br ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.seustillo.com.br seustillo.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho 1 font-src *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google.com/ https://plumrocket.com *.weltpixel.com *.wesupply.xyz https://wesupplylabs.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.magezon.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.googleapis.com *.google.com *.gstatic.com *.avada.io *.google.com/ releva.ai https://www.googletagmanager.com tagmanager.google.com *.cloudflare.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://*.ingest.sentry.io http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io releva.ai localhost https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.cloudflare.com data: *.adbr.io maxcdn.bootstrapcdn.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com *.feedaty.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.doubleclick.net *.facebook.com *.trustpilot.com *.criteo.com *.criteo.net *.cookiebot.com youtu.be *.adbr.io *.hotjar.com smct.co *.privacy-center.org *.awin1.com *.zenaps.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.google.de *.google.it *.bing.com *.adbr.io *.adabra.com *.ytimg.com *.twiago.com *.bidswitch.net *.adnxs.com *.casalemedia.com *.360yield.com *.media.net *.mediavine.com *.outbrain.com *.pubmatic.com *.rubiconproject.com *.sharethrough.com *.smartadserver.com *.taboola.com *.teads.tv *.3lift.com *.yahoo.com *.yieldlab.net *.adform.net *.omnitagjs.com *.criteo.com id5-sync.com *.smartclip.net *.tremorhub.com *.yieldmo.com *.krxd.net *.thebrighttag.com *.feedaty.com *.awin1.com *.zenaps.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com maps.gstatic.com ts.tradetracker.net www.magmodules.eu data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com commerce.adobedtm.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ *.google.com *.magento-ds.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.trustpilot.com *.criteo.com *.criteo.net *.cookiebot.com bam.nr-data.net *.google.de *.google.it *.bing.com *.unpkg.com *.adbr.io *.kk-resources.com *.mndtrk.com pushpad.xyz *.solocpm.com *.feedaty.com smct.co *.hotjar.com *.smct.io *.privacy-center.org *.convertful.com *://the.sciencebehindecommerce.com *.zenaps.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com maps.googleapis.com *.clarity.ms tm.tradetracker.net tracking.trovaprezzi.it www.trovaprezzi.it 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.cloudflare.com *.unpkg.com unpkg.com *.adbr.io *.feedaty.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.typekit.net *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com commerce.adobedtm.com commerce.adobedc.net *.snplow.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com bam.nr-data.net *.doubleclick.net *.trustpilot.com *.adbr.io *.googlesyndication.com *.cookiebot.com pushpad.xyz *.feedaty.com *.smct.io *.amazonaws.com smct.co *.privacy-center.org *.convertful.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.clarity.ms 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com kakegiganten-1efc4.kxcdn.com media.kakelgiganten.se static.kakelgiganten.se static.kakelgiganten.dk *.fontawesome.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.google.com *.doubleclick.net *.facebook.com *.svea.com kakegiganten-1efc4.kxcdn.com media.kakelgiganten.se static.kakelgiganten.se static.kakelgiganten.dk *.klarna.com *.trustpilot.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googleusercontent.com *.cloudfront.net kakegiganten-1efc4.kxcdn.com media.kakelgiganten.se static.kakelgiganten.se static.kakelgiganten.dk *.dibs.se *.clarity.ms *.bing.com *.klarna.com *.klarnaevt.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.sandbox.paypal.com t.paypal.com polyfill.io *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com https://*.dibspayment.eu *.ehandelscertifiering.se g1782759015.co *.svea.com *.cloudflare.com googletagmanager.com *.fontawesome.com apis.google.com graph.facebook.com bat.bing.com clickcease.com googleadservices.com *.clarity.ms *.cloudfront.net kakegiganten-1efc4.kxcdn.com media.kakelgiganten.se static.kakelgiganten.se static.kakelgiganten.dk *.klarna.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ s7.addthis.com *.avada.io *.trustpilot.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com kakegiganten-1efc4.kxcdn.com media.kakelgiganten.se static.kakelgiganten.se static.kakelgiganten.dk *.fontawesome.com https://static.klaviyo.com *.trustpilot.com 'self' 'unsafe-inline'; object-src kakegiganten-1efc4.kxcdn.com media.kakelgiganten.se static.kakelgiganten.se static.kakelgiganten.dk 'self' 'unsafe-inline'; media-src *.adobe.com kakegiganten-1efc4.kxcdn.com media.kakelgiganten.se static.kakelgiganten.se static.kakelgiganten.dk 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com sentry.io www.googleadservices.com *.doubleclick.net *.clarity.ms *.cloudfront.net kakegiganten-1efc4.kxcdn.com media.kakelgiganten.se static.kakelgiganten.se static.kakelgiganten.dk *.klarnaevt.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ekr.zdassets.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.svea.com *.google.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.facebook.net *.trustpilot.net *.cdninstagram.com *.cdn.mymall.se *.google.com.bd *.google.se kakegiganten-1efc4.kxcdn.com media.kakelgiganten.se static.kakelgiganten.se static.kakelgiganten.dk 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com/ https://consent.cookiefirst.com https://edge.cookiefirst.com https://api.cookiefirst.com fonts.gstatic.com *.googleapis.com *.gstatic.com https://geowidget.easypack24.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com sandbox.przelewy24.pl secure.przelewy24.pl addtoany.com bam.eu01.nr-data.net https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.youtube.com https://www.instagram.com pay.google.com https://geowidget-app.inpost.pl/ *.addtoany.com bam.eu01.nr-data.net https://plumrocket.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.apptrian.com https://www.facebook.com https://www.google.de https://www.google.en https://www.google.pl https://www.google.com.ua https://www.google.com static.przelewy24.pl www.gstatic.com gstatic.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.addtoany.com bam.eu01.nr-data.net https://meetanshi.com/media/logo.png data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.apptrian.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleservices.com https://v2.zopim.com https://consent.cookiefirst.com https://edge.cookiefirst.com https://api.cookiefirst.com https://connect.facebook.net https://region1.google-analytics.com https://analytics.google.com https://www.instagram.com sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com https://ipinfo.io *.avada.io *.fontawesome.com *.googleapis.com *.gstatic.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.addtoany.com bam.eu01.nr-data.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com https://consent.cookiefirst.com https://www.google.com https://www.gstatic.com https://fast.fonts.net https://secure.przelewy24.pl https://edge.cookiefirst.com https://api.cookiefirst.com fonts.googleapis.com *.googleapis.com *.addtoany.com https://geowidget.easypack24.net https://geowidget.inpost.pl 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.apptrian.com https://widget-mediator.zopim.com https://consent.cookiefirst.com https://edge.cookiefirst.com https://api.cookiefirst.com https://www.facebook.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://analytics.google.com sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com https://get.geojs.io *.avada.io http://dpm.demdex.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.addtoany.com bam.eu01.nr-data.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://static.afterpay.com https://site-assets.afterpay.com/ d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net cdn.ampproject.org raw.githubusercontent.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.googletagmanager.com *.facebook.net assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.google.com *.gstatic.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com static.afterpay.com/ *.squarecdn.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline *.googleapis.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com static.afterpay.com static.sandbox.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.clearpay.co.uk cdn.ampproject.org *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google-analytics.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com *.yotpo.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com https://widgets.trustedshops.com fonts.gstatic.com *.zohocdn.com *.zoho.eu data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.luznegra.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com cdn.doofinder.com validate.fishpig.co.uk *.zohostatic.eu *.zoho.eu www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com *.zohocdn.com *.google.es *.gstatic.com *.googleapis.com *.sharethis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.doofinder.com *.avada.io *.googletagmanager.com https://www.googletagmanager.com tagmanager.google.com *.zohostatic.eu *.jsdelivr.net *.facebook.net *.facebook.com *.doubleclick.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.zohocdn.com *.zoho.eu *.googleapis.com *.sharethis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.doofinder.com *.fontawesome.com *.zohostatic.eu *.jsdelivr.net *.facebook.net *.facebook.com *.doubleclick.net/ unsafe-inline https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com tagmanager.google.com fonts.google.com *.zohocdn.com *.zoho.eu *.googleapis.com 'self' 'unsafe-inline'; object-src *.luznegra.net 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.doofinder.com wss://*.doofinder.com https://get.geojs.io *.avada.io *.google-analytics.com https://www.google-analytics.com *.zohopublic.eu api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.analytics.google.com *.googletagmanager.com *.zoho.eu *.googleapis.com *.sharethis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' 3vsNutrition.com.br *.3vsNutrition.com.br 3vs.fbitsstatic.net fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com doubleclick.net cloudflare.com googlesyndication.com googleadservices.com mlstatic.com yapay.com.br traycheckout.com.br online-metrix.net microsofttranslator.com smarthint.co taboola.com hertzen.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com *.traycheckout.com.br *.online-metrix.net *.microsofttranslator.com *.smarthint.co *.doubleclick.net *.googleadservices.com *.mlstatic.com *.yapay.com.br *.cloudflare.com *.googlesyndication.com *.taboola.com *.hertzen.com wss://signalr.fbits.net app.shoptarget.com.br *.linximpulse.net *.shopback.net *.shopconvert.com.br *.shoptarget.com.br *.ckies.net *.clearsale.com.br *.mercadopago.com k-analytix.com *.k-analytix.com i.konduto.com linximpulse.net chaordicsystems.com *.yapay.com.br *.traycheckout.com.br dzpxyxks1bfmb.cloudfront.net *.gstatic.com *.soclminer.com.br *.btg360.com.br *.socialminer.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.g-static.co *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.fbits.store *.adyen.com ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.3vsNutrition.com.br 3vsNutrition.com.br; report-uri https://pub-csp.fbits.net/346bc2b4-c3db-415b-925d-565cca70dd74; report-to https://pub-csp.fbits.net/346bc2b4-c3db-415b-925d-565cca70dd74 1 font-src 'self' data: cdn.jsdelivr.net *.googleapis.com *.gstatic.com *.tawk.to https://webchat.saysimple.io/ fonts.googleapis.com fonts.gstatic.com *.doubleclick.net *.facebook.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com https://player.vimeo.com/ *.google.com https://googleads.g.doubleclick.net/ https://www.google.nl/ consentcdn.cookiebot.com consentcdn.cookiebot.eu https://ct.pinterest.com/ *.doubleclick.net *.facebook.com *.multisafepay.com https://pay.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com *.doubleclick.net 'self' data: *.googleapis.com *.gstatic.com cdn.jsdelivr.net *.tawk.to tawk.link *.facebook.com *.gravatar.com https://imgsct.cookiebot.com/1.gif https://ct.pinterest.com/v3/* maps.googleapis.com maps.gstatic.com *.google.com *.google.bg *.facebook.net *.googletagmanager.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.multisafepay.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com https://vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.googleapis.com https://www.gstatic.com/ cdn.jsdelivr.net *.tawk.to player.vimeo.com http://player.vimeo.com/api/player.js chimpstatic.com https://connect.facebook.net/ https://webchat.saysimple.io/ *.smooch.io https://cdn.pixibo.com/ consent.cookiebot.com consent.cookiebot.eu https://s.pinimg.com/ct/lib/main.742e9fad.js https://s.pinimg.com/ct/core.js https://ct.pinterest.com/static/ct/token_create.js maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com downloads.mailchimp.com *.list-manage.com *.multisafepay.com https://pay.google.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com cdn.jsdelivr.net *.tawk.to https://webchat.saysimple.io/ fonts.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com downloads.mailchimp.com maxcdn.bootstrapcdn.com *.multisafepay.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com https://vimeo.com/api/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com 'self' data: *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com/ *.paypal.com *.tawk.to 'self' ws: https://stats.g.doubleclick.net/ https://webchat.saysimple.io/ *.smooch.io *.gravatar.com https://*.pixibo.dev/ consentcdn.cookiebot.com consentcdn.cookiebot.eu https://ct.pinterest.com/* https://ct.pinterest.com/v3/* https://ct.pinterest.com/user/* *.facebook.com *.facebook.net *.google.com *.multisafepay.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src maps.googleapis.com www.google.com www.gstatic.com maps.gstatic.com fonts.googleapis.com fonts.gstatic.com www.w3.org *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.addthis.com/ *.moatads.com *.addthisedge.com m.addthis.com api-public.addthis.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.addthis.com *.moatads.com *.addthisedge.com m.addthis.com api-public.addthis.com *.addtoany.com *.pinterest.com *.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com www.gstatic.com maps.gstatic.com fonts.googleapis.com www.w3.org blob: *.pinterest.com *.gstatic.com *.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com www.google.com www.gstatic.com maps.gstatic.com fonts.googleapis.com www.w3.org *.addthis.com/ *.moatads.com *.addthisedge.com m.addthis.com api-public.addthis.com *.addtoany.com *.facebook.com *.pinterest.com *.tumblr.com *.google.com *.gstatic.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maps.googleapis.com www.google.com www.gstatic.com maps.gstatic.com fonts.googleapis.com www.w3.org *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.addthis.com/ *.moatads.com *.addthisedge.com m.addthis.com api-public.addthis.com *.addtoany.com *.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.gstatic.com data: *.cloudflare.com *.listrakbi.com *.twitter.com *.typekit.net *.googleapis.com *.turnto.com *.pixlee.co *.resellerratings.com *.videoly.co *.authorize.net *.klevu.com fonts.gstatic.com *.googletagmanager.com *.pinterest.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.listrakbi.com *.turnto.com *.pixlee.co *.authorize.net *.klevu.com *.googletagmanager.com *.pinterest.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.twitter.com *.listrakbi.com *.turnto.com *.pixlee.co *.google.com *.paypal.com *.livechatinc.com *.addtoany.com *.resellerratings.com *.videoly.co *.youtube-nocookie.com *.authorize.net *.addthis.com *.klevu.com *.googletagmanager.com *.pinterest.com *.weltpixel.com *.google.com.ua *.google.co.uk https://player.vimeo.com https://www.youtube-nocookie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.googleapis.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.cloudflare.com *.listrakbi.com *.edgecastcdn.net *.klarna.com *.googleadservices.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.google.com *.paypal.com *.ytimg.com *.paypalobjects.com *.a2z.com *.livechatinc.com *.turnto.com *.pixlee.co *.resellerratings.com *.espssl.com *.videoly.co *.magentocommerce.com *.klevu.com certify.alexametrics.com *.googletagmanager.com *.gunbuyer.com *.pinterest.com *.google.com.ua *.google.co.uk *.doubleclick.net blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cdninstagram.com *.fbcdn.net maps.googleapis.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com *.cloudflare.com *.listrakbi.com *.credova.com *.google-analytics.com *.gstatic.com *.fontawesome.com *.google.com *.googleadservices.com *.paypalobjects.com *.paypal.com *.googletagmanager.com *.cloudflareinsights.com *.addtoany.com *.livechatinc.com *.turnto.com *.pixlee.co *.resellerratings.com *.videoly.co *.youtube.com *.youtube-nocookie.com *.authorize.net *.klevu.com certify-js.alexametrics.com *.addthis.com z.moatads.com *.addthisedge.com graph.facebook.com *.pinterest.com s7.addthis.com *.google.com.ua *.google.co.uk *.doubleclick.net https://player.vimeo.com https://www.youtube.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com maps.googleapis.com www.xtento.com cdn.xtento.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.cloudflare.com *.googleapis.com *.listrakbi.com *.gstatic.com *.typekit.net *.fontawesome.com *.livechatinc.com *.turnto.com *.pixlee.co *.resellerratings.com *.videoly.co *.authorize.net *.klevu.com fonts.googleapis.com *.googletagmanager.com *.pinterest.com data: maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.googleapis.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cloudflare.com *.listrakbi.com *.twitter.com *.paypal.com *.livechatinc.com *.turnto.com *.credova.com *.pixlee.co *.resellerratings.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.google.com *.videoly.co *.authorize.net *.klevu.com *.googletagmanager.com *.pinterest.com ekr.zdassets.com/ https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com https://www.google-analytics.com *.instagram.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.floridagunexchange.com/; report-to report-endpoint; 1 upgrade-insecure-requests; media-src https: blob:; child-src https: blob:; default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:; font-src https: data:; img-src https: data:; 1 default-src https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://sentry.amazongames.com https://d13pe3bn1jpqwf.cloudfront.net; script-src 'nonce-c7bf5a5db301492f9a4b5b6558a54303' https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://sentry.amazongames.com https://d13pe3bn1jpqwf.cloudfront.net; style-src 'self' 'nonce-c7bf5a5db301492f9a4b5b6558a54303' https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://sentry.amazongames.com https://d13pe3bn1jpqwf.cloudfront.net; img-src 'self' data: https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://sentry.amazongames.com https://d13pe3bn1jpqwf.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://*.ytimg.com; media-src 'self' data: https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://sentry.amazongames.com https://d13pe3bn1jpqwf.cloudfront.net https://*.twimg.com https://player.twitch.tv/ https://www.youtube.com https://youtube.com https://*.googlevideo.com; frame-src https://www.youtube.com https://youtube.com https://*.googlevideo.com https://*.twimg.com https://player.twitch.tv/ https://*.amazon.com https://*.media-amazon.com https://*.ssl-images-amazon.com https://*.amazon-adsystem.com https://*.twitch.tv https://*.amazongames.com https://*.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazongamestudios.d2.sc.omtrdc.net https://*.viddler.com https://*.ctfassets.net https://chat.amazon.eu https://chat.amazon.co.jp https://sentry.amazongames.com https://d13pe3bn1jpqwf.cloudfront.net; report-uri https://www.amazon.com/1/batch/2/OE/mid=ATVPDKIKX0DER:sid=131-1454339-7402149:rid=36DAEAB5A47545F8A86A:sn=www.amazongames.com 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.licdn.com survalyzer.survalyzer.swiss *.googleapis.com *.adsrvr.org *.mktoresp.com c.az.contentsquare.net nexus.ensighten.com *.azureedge.net www.needco.com analytics.formstack.com p.brsrvr.com digitalcontentcenter.compas.siemens-info.com www.google.com runtimeapi.survalyzer-swiss.app k-us1.az.contentsquare.net *.gstatic.com www.stelpro.com dc.services.visualstudio.com *.linkedin.com files.survalyzer.swiss media.distributordatasolutions.com t.contentsquare.net *.doubleclick.net munchkin.marketo.net ideadigitalasset.com *.marketo.com *.facebook.com www.ideadigitalcontent.com *.cloudfront.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 font-src consent.cookiefirst.com *.fontawesome.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com consent.cookiefirst.com *.alothemes.com *.magepow.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de consent.cookiefirst.com *.avada.io *.alothemes.com *.magepow.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com consent.cookiefirst.com *.fontawesome.com *.alothemes.com *.magepow.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de consent.cookiefirst.com edge.cookiefirst.com api.cookiefirst.com https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://www.paypalobjects.com 'self' 'unsafe-inline'; 1 font-src *.yotpo.com *.googleapis.com *.gstatic.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com/ js.mollie.com www.youtube.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com https://www.magezon.com https://www.mollie.com *.yotpo.com dhv2ziothpgrr.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com maps.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com/ js.mollie.com www.youtube.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com d18eg7dreypte5.cloudfront.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline *.yotpo.com *.googleapis.com dhv2ziothpgrr.cloudfront.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de cdn.plyr.io noembed.com *.yotpo.com dhv2ziothpgrr.cloudfront.net *.smsbump.com 7kgd3hs1oh.execute-api.us-east-1.amazonaws.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-tZea_BUNDy716njrH4Ws0Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 report-uri //report-csp-violation 1 font-src cdn.jsdelivr.net fonts.gstatic.com *.klarnacdn.net *.gstatic.com https://widgets.trustedshops.com *.almapay.com https://integrations.etrusted.com *.fontawesome.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors https://s.pinimg.com/ https://www.gstatic.com/ *.nr-data.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.klarna.com consentcdn.cookiebot.com *.pinterest.com *.facebook.com widgets.gutgemacht.at *.google.com/ *.iadvize.com *.doubleclick.net service.moebel.de *.combeenation.com www.youtube.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.facebook.com *.googleadservices.com *.google-analytics.com bat.bing.com app.usercentrics.eu *.pinterest.com c.clarity.ms c.bing.com widgets.trustedshops.com *.googletagmanager.com *.wkoecg.at *.lamodula.at https://widgets.trustedshops.com *.iadvize.com *.lamodula.de *.doubleclick.net *.google.com *.google.de *.google.at dev.visualwebsiteoptimizer.com https://integrations.etrusted.com 'self' data: imgsct.cookiebot.com *.visualwebsiteoptimizer.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com cdn.jsdelivr.net jquery.sellxed.com *.klarna.com *.klarnacdn.net *.klarnaservices.com *.googlesyndication.com *.authorize.net *.bing.com *.braintreegateway.com *.cardinalcommerce.com *.ccdc02.com *.clarity.ms *.doubleclick.net *.facebook.net *.google.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.iadvize.com *.paypal.com *.paypalobjects.com *.pinimg.com https://s.pinimg.com/ *.trustedshops.com *.usercentrics.eu consent.cookiebot.com code.jquery.com *.newrelic.com *.nr-data.net stats.lamodula.at metric.lamodula.at integrations.etrusted.com dev.visualwebsiteoptimizer.com s7.addthis.com service.moebel.de *.combeenation.com https://widgets.trustedshops.com https://integrations.etrusted.com consentcdn.cookiebot.com www.youtube.com *.mouseflow.com *.pinterest.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.jsdelivr.net fonts.googleapis.com *.klarnacdn.net *.googleapis.com *.gstatic.com *.pinimg.com *.trustedshops.com *.iadvize.com https://widgets.trustedshops.com https://integrations.etrusted.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net *.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.getalma.eu *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com *.googlesyndication.com *.cardinalcommerce.com *.clarity.ms *.demdex.net *.facebook.com *.google-analytics.com *.iadvize.com *.pinterest.com *.trustedshops.com *.usercentrics.eu eu.playground.klarnaevt.com eu.klarnaevt.com api.trustbadge.etrusted.com trustbadge.api.etrusted.com *.nr-data.net bat.bing.com *.lamodula.at *.lamodula.de *.doubleclick.net *.google.com *.google.de integrations.etrusted.com ekr.zdassets.com/ *.etrusted.com t.elasticsuite.io consentcdn.cookiebot.com cdn.plyr.io noembed.com *.visualwebsiteoptimizer.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src images.latitudepayapps.com imageapi.magebinary.co.nz *.klarnacdn.net *.stripe.com klarna.com *.klarna.com *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de api.bazaarvoice.com stg.api.bazaarvoice.com *.images.latitudepayapps.com *.imageapi.magebinary.co.nz *.cardinalcommerce.com *.paypal.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.sharethis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://plumrocket.com *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.afterpay.com https://site-assets.afterpay.com/ *.sharethis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.klarna.com *.klarnaevt.com *.klarnacdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com *.sharethis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarna.com *.klarnacdn.net *.klarnaservices.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.stripe.com klarna.com *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com *.sharethis.com display.ugc.bazaarvoice.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com images.latitudepayapps.com/ imageapi.magebinary.co.nz/ *.klarnacdn.net unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.sharethis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.stripe.com klarna.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.images.latitudepayapps.com *.imageapi.magebinary.co.nz 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-Pa_FLZXb-PwxZm8rd_tcIg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src fonts.gstatic.com *.bookshark.com *.sonlight.com *.authorize.net *.cardinalcommerce.com *.vimeo.com https://vimeo.com *.instagram.com *.zdassets.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.bootstrapcdn.com *.zendesk.com *.chimpstatic.com chimpstatic.com *.addtoany.com *.pinterest.com https://cdn.datatables.net *.klaviyo.com *.sonlightconnections.com https://widget-mediator.zopim.com/ https://alb.reddit.com/ https://tr.snapchat.com/ *.fontawesome.com 'self' data: *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.bookshark.com *.sonlight.com *.authorize.net *.cardinalcommerce.com *.vimeo.com https://vimeo.com *.instagram.com *.zdassets.com *.zendesk.com *.twitter.com *.facebook.com *.zopim.com *.chimpstatic.com chimpstatic.com *.addtoany.com *.pinterest.com https://app.viralsweep.com https://test-api.viedu.org https://api.viedu.org https://test-launchpad.viedu.org https://launchpad.viedu.org https://luau-api.dev.viedu.org https://cdn.datatables.net *.klaviyo.com *.sonlightconnections.com *.sharethis.com https://s.pinimg.com/ https://analytics.tiktok.com/ https://sc-static.net/ *.redditstatic.com https://googleads.g.doubleclick.net/ https://tr.snapchat.com/ https://widget-mediator.zopim.com/ https://alb.reddit.com/ https://api.vistaordering.org/ https://uat-api.vistaordering.org/ *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.bookshark.com *.sonlight.com *.gstatic.com *.zdassets.com https://widget-mediator.zopim.com/ 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.sharethis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.weltpixel.com *.bookshark.com *.sonlight.com *.authorize.net *.cardinalcommerce.com *.vimeo.com https://vimeo.com *.instagram.com *.zdassets.com *.twitter.com https://www.google.com https://www.google.co.in https://www.facebook.com *.zendesk.com *.zopim.com *.chimpstatic.com chimpstatic.com *.braintree-api.com *.braintreegateway.com *.paypal.com *.kaptcha.com *.addtoany.com *.calendly.com https://calendly.com/ https://app.viralsweep.com https://edge.addthis.com https://cdn.datatables.net *.addthis.com *.klaviyo.com *.pinterest.com *.sonlightconnections.com https://c.sharethis.mgr.consensu.org/ https://anchor.fm https://s.pinimg.com/ https://analytics.tiktok.com/ https://sc-static.net/ *.redditstatic.com https://googleads.g.doubleclick.net/ https://tr.snapchat.com/ https://widget-mediator.zopim.com/ https://alb.reddit.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.wesupply.xyz https://wesupplylabs.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.sharethis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.bookshark.com *.sonlight.com *.authorize.net *.cardinalcommerce.com *.vimeo.com https://vimeo.com *.instagram.com *.cloudflare.com *.gstatic.com *.google.com *.google.co.in https://www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net *.youtube.com https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com *.zdassets.com *.chimpstatic.com chimpstatic.com *.zendesk.com *.addtoany.com *.pinterest.com https://app.viralsweep.com https://cdn.datatables.net *.klaviyo.com *.cdninstagram.com *.sonlightconnections.com https://widget-mediator.zopim.com/ https://alb.reddit.com/ https://tr.snapchat.com/ https://a1.b0e8.com/ https://match.adsrvr.org/ https://insight.adsrvr.org/ https://px.steelhousemedia.com/ https://match.sharethrough.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com store.paradoxlabs.com *.fbcdn.net maps.googleapis.com www.xtento.com cdn.xtento.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com ajax.googleapis.com *.bookshark.com *.sonlight.com *.authorize.net *.cardinalcommerce.com https://vimeo.com *.instagram.com wss://*.zopim.com *.zdassets.com *.zendesk.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://connect.facebook.net *.paypalobjects.com *.paypal.com *.googletagmanager.com *.youtube.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.bootstrapcdn.com *.chimpstatic.com chimpstatic.com *.addtoany.com *.api.sonlight.com *.api2.sonlight.com *.braintree-api.com *.pinterest.com https://js-agent.newrelic.com/ *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.nr-data.net *.calendly.com https://calendly.com/ https://app.viralsweep.com https://cdn.datatables.net *.klaviyo.com *.sonlightconnections.com https://s.pinimg.com/ https://analytics.tiktok.com/ https://sc-static.net/ *.redditstatic.com https://googleads.g.doubleclick.net/ https://tr.snapchat.com/ https://widget-mediator.zopim.com/ https://alb.reddit.com/ https://cdn.bc0a.com/ https://cdn1.b0e8.com/ https://dx.mountain.com/ https://px.mountain.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com maps.googleapis.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com cdn.dnky.co webchat.dotdigital.com fonts.googleapis.com api2-staging.inquisicorp.com api2.sonlight.com *.bookshark.com *.sonlight.com *.authorize.net *.cardinalcommerce.com *.vimeo.com https://vimeo.com *.instagram.com *.cloudflare.com *.googleapis.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.youtube.com *.bootstrapcdn.com *.zdassets.com *.zendesk.com *.chimpstatic.com chimpstatic.com *.addtoany.com *.pinterest.com https://app.viralsweep.com https://cdn.datatables.net *.klaviyo.com *.sonlightconnections.com https://widget-mediator.zopim.com/ https://alb.reddit.com/ https://tr.snapchat.com/ https://static.klaviyo.com unsafe-inline tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.bookshark.com *.sonlight.com *.zdassets.com *.zopim.com *.addtoany.com *.pinterest.com https://cdn.datatables.net *.klaviyo.com *.sonlightconnections.com *.vimeo.com https://vimeo.com *.libsyn.com *.blubrry.com https://widget-mediator.zopim.com/ https://alb.reddit.com/ *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.sharethis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com api2-staging.inquisicorp.com *.bookshark.com *.sonlight.com *.authorize.net *.cardinalcommerce.com *.vimeo.com https://vimeo.com *.instagram.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google.com *.google.co.in *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.facebook.com *.zdassets.com *.zendesk.com wss://*.zopim.com *.chimpstatic.com chimpstatic.com *.braintree-api.com *.braintreegateway.com *.kaptcha.com *.addtoany.com *.pinterest.com *.bam.nr-data.net https://bam.nr-data.net https://app.viralsweep.com https://cdn.datatables.net *.klaviyo.com *.sonlightconnections.com *.addthis.com https://stats.g.doubleclick.net/ https://s.pinimg.com/ https://analytics.tiktok.com/ https://sc-static.net/ *.redditstatic.com https://googleads.g.doubleclick.net/ https://tr.snapchat.com/ https://widget-mediator.zopim.com/ https://alb.reddit.com/ https://maps.googleapis.com/ https://ixfd2-api.bc0a.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com t.elasticsuite.io https://www.google-analytics.com *.googleusercontent.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.klaviyo.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1 default-src https://kasbah.guiabolso.com.br https://www.guiabolso.com.br https://www.googletagmanager.com https://www.google-analytics.com https://fonts.googleapis.com https://webchat.helpshift.com *.pn.vg *.pushnews.eu *.smrk.io 1 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.doubleclick.net *.facebook.com www.paypal.com www.sandbox.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * s7.addthis.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.klevu.com *.ksearchnet.com www.paypal.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com js.klevu.com *.ksearchnet.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com s7.addthis.com m.addthis.com v1.addthisedge.com z.moatads.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.bolt.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.klevu.com *.ksearchnet.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com s7.addthis.com m.addthis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' *;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com http://www.googletagmanager.com *.googletagmanager.com maps.googleapis.com static.cdn.prismic.io prismic.io vimeo.com https://player.vimeo.com/api/player.js https://player.vimeo.com/ https://i.vimeocdn.com/video/ https://i.vimeocdn.com https://*.attraqt.io https://www.youtube.com/embed https://www.google-analytics.com https://*.hotjar.com/ js.stripe.com *.google.com *.google.fr https://*.facebook.net https://*.googlesyndication.com https://*.googleadservices.com https://*.doubleclick.net https://*.facebook.com;frame-src 'self' maps.googleapis.com *.prismic.io https://player.vimeo.com/ https://www.youtube.com/ https://player.vimeo.com/ https://i.vimeocdn.com/video/ https://i.vimeocdn.com js.stripe.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.googletagmanager.com;img-src 'self' data: *;font-src 'self' data: *;connect-src 'self' https://vimeo.com/api/ *.hotjar.com maps.googleapis.com *.attraqt.io *.google.com *.doubleclick.net https://*.facebook.net https://www.googletagmanager.com wss://ws.hotjar.com https://content.hotjar.io https://www.google-analytics.com https://*.google-analytics.com *.analytics.google.com https://vc.hotjar.io https://*.facebook.com;base-uri 'self' *;report-uri /csp/report 1 font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.gstatic.com 'self' data: v2.zopim.com *.zopim.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.storyblok.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.facebook.com *.hotjar.com *.doubleclick.net https://e.issuu.com v2assets.zopim.io *.pinterest.com *.wesupply.xyz https://wesupplylabs.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com www.feedoptimise.com cdn.feedoptimise.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.storyblok.com 'self' data: *.monsoonconsulting.dev *.cloudwaysapps.com *.facebook.com api.feefo.com *.google.com *.google.ie *.google.pt *.google.fr *.google.com.br *.zopim.com *.zopim.io *.pinterest.com *.cookiepro.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.feedoptimise.com cdn.feedoptimise.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.autoaddress.ie *.storyblok.com *.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.google.com *.gstatic.com *.cloudwaysapps.com *.hotjar.com connect.facebook.net api.feefo.com register.feefo.com v2.zopim.com *.klaviyo.com widget-mediator.zopim.com browser-update.org static.zdassets.com *.doubleclick.net *.googletagmanager.com *.cookiepro.com *.avada.io *.pinimg.com *.pinterest.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com *.storyblok.com *.googleapis.com *.gstatic.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.autoaddress.ie *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com t.elasticsuite.io *.analytics.google.com *.feefo.com ekr.zdassets.com wss://widget-mediator.zopim.com/ *.doubleclick.net *.klaviyo.com *.cookiepro.com *.google.com *.cloudwaysapps.com *.hotjar.io *.facebook.com *.zopim.com *.paypal.com *.pinterest.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.gstatic.com data: https://*.dnafactory.it https://*.dnalab.online cdnjs.cloudflare.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://*.dnafactory.it https://*.dnalab.online *.facebook.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.googleapis.com cdn.doofinder.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.dnafactory.it https://*.dnalab.online *.feedaty.com *.google.it *.lafarmaciadelsole.it http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ cdn.doofinder.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.gestpay.net *.sella.it https://*.dnafactory.it https://*.dnalab.online cdn.clerk.io *.feedaty.com *.jivosite.com *.prezzifarmaco.it *.doubleclick.net *.smartlook.cloud *.smartlook.com openfpcdn.io *.lafarmaciadelsole.it http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.doofinder.com https://*.dnafactory.it https://*.dnalab.online cdnjs.cloudflare.com *.feedaty.com *.jivosite.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://*.dnafactory.it https://*.dnalab.online *.jivosite.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.doofinder.com wss://*.doofinder.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.dnafactory.it https://*.dnalab.online *.feedaty.com *.google-analytics.com *.jivosite.com *.prezzifarmaco.it *.smartlook.cloud *.smartlook.com *.lafarmaciadelsole.it http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com https://petdiscont.cz/ https://maps.googleapis.com/ https://www.googletagmanager.com https://widget.packeta.com/ https://widget.intime.cz/ https://ajax.googleapis.com/ *.gstatic.com https://*.mapy.cz im9.cz *.im9.cz *.youtube.com https://zoovyhodne.cz/ https://krmivazoo.cz/ https://aquazoo.cz *.seznam.cz *.google.com https://stats.g.doubleclick.net https://www.heureka.cz https://www.zbozi.cz https://c.seznam.cz https://c.imedia.cz https://www.google-analytics.com *.facebook.net; report-uri /reportCSP.php 1 font-src fonts.gstatic.com use.typekit.net *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com *.klaviyo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.sharethis.com www.xtento.com *.klarna.com *.resurs.com *.vimeo.com *.google.com *.googletagmanager.com *.chatbotize.com *.cookieinformation.com *.trustpilot.com *.viabill.com *.doubleclick.net *.getzowie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.sharethis.com www.xtento.com cdn.xtento.com *.bird.eu *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.bing.com *.magentocommerce.com *.sleeknote.com sharkgaming.dk sharkgaming.se sharkgaming.no *.sharkgaming.dk *.sharkgaming.se *.sharkgaming.no *.google.dk *.google.se *.google.no *.visualwebsiteoptimizer.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.sharethis.com www.xtento.com cdn.xtento.com *.klarna.com *.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.resurs.com *.sharkgaming.dk *.sharkgaming.se *.sharkgaming.no *.visualwebsiteoptimizer.com *.app.cookieinformation.com *.sleeknote.com *.viabill.com *.trustpilot.com *.emaerket.dk *.payever.org *.hotjar.com *.bing.com addrevenue.io *.retargeted.co *.getzowie.com *.zopim.com *.adii.se *.scratcher.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.sharethis.com *.klarnacdn.net https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.adobe.io *.omtrdc.net 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net qa-api.magedevteam.com *.sharethis.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 base-uri 'self'; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'strict-dynamic' 'nonce-GYyebnQFVpSX/8w67Ax2jw=='; style-src 'self' https: 'unsafe-inline'; frame-src https://www.youtube.com https://www.google.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net https://securepubads.g.doubleclick.net https://td.doubleclick.net https://www.googletagmanager.com; report-uri https://o1232135.ingest.sentry.io/api/6380069/security/?sentry_key=10008737bc394435821a8bd8d2af6a67 1 font-src fonts.gstatic.com use.typekit.net https://todolivro.com.br https://mcstaging.todolivro.com.br *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com https://fonts.gstatic.com *.bootstrapcdn.com *.mundipagg.com *.fontawesome.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com fonts.googleapis.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://todolivro.com.br https://mcstaging.todolivro.com.br *.twitter.com *.facebook.com *.mundipagg.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://todolivro.com.br https://mcstaging.todolivro.com.br *.twitter.com https://www.google.com https://www.google.co.in https://www.facebook.com *.mundipagg.com *.criteo.com/ *.sunset.systems *.hotjar.com/ https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de ebizmarts-website.s3.amazonaws.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://todolivro.com.br https://mcstaging.todolivro.com.br *.cloudflare.com *.gstatic.com *.google.com *.google.com.br *.google.co.in https://www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net *.youtube.com https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com *.mundipagg.com https://conectiva.io *.akamaihd.net *.amazonaws.com *.smartbmc.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ quickchart.io img.youtube.com https://cdn.mundipagg.com https://api.pagar.me www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.croapp.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com https://chimpstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://todolivro.com.br https://mcstaging.todolivro.com.br *.cloudflare.com *.googleoptimize.com *.ebit.com.br *.zopim *.twitter.com *.google.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.newrelic.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://connect.facebook.net *.paypalobjects.com *.paypal.com *.googletagmanager.com *.youtube.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.bootstrapcdn.com *.mundipagg.com *.hotjar.com *.clearsale.com.br *.mouseflow.com *.cartstack.com.br https://conectiva.io *.getbutton.io *.goadopt.io *.amazonaws.com *.smartlook.com *.nr-data.net *.zdassets.com *.doubleclick.net *.voxus.com.br http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.googleapis.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com cdn.dnky.co webchat.dotdigital.com https://todolivro.com.br https://mcstaging.todolivro.com.br *.cloudflare.com *.googleapis.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.youtube.com *.bootstrapcdn.com *.mundipagg.com *.amazonaws.com maxcdn.bootstrapcdn.com fonts.gstatic.com unsafe-inline *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net *.adobe.io performance.typekit.net commerce.adobe.net qa-api.magedevteam.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://todolivro.com.br https://mcstaging.todolivro.com.br *.cloudflare.com *.twitter.com *.reclameaqui.com.br *.paypal.com *.twimg.com *.google.com *.google.co.in *.facebook.com *.mundipagg.com *.cardinalcommerce.com *.nr-data.net *.doubleclick.net *.performa.ai *.goadopt.io *.smartlook.cloud *.hotjar.com/ *.voxus.com.br http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io https://api.mundipagg.com https://api.pagar.me www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://todolivro.com.br; report-to report-endpoint; 1 font-src *.fontawesome.com *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.google.com/ *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.xtento.com cdn.xtento.com 'self' data: *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.avada.io *.adform.net *.doubleclick.net https://www.google.com/recaptcha/ www.xtento.com cdn.xtento.com *.google.com *.gstatic.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com *.fontawesome.com *.googleapis.com *.gstatic.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com t.elasticsuite.io *.google-analytics.com https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 report-uri /ui/csp-violations/;default-src 'none';img-src 'self' data: https:;base-uri 'self';block-all-mixed-content;form-action 'self';font-src 'self' https://fonts.gstatic.com data:;object-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://polyfill.io https://cdn.walkme.com https://www.datadoghq-browser-agent.com 'report-sample';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests;media-src 'self';manifest-src 'self';connect-src 'self' 'report-sample' https://rum-http-intake.logs.datadoghq.com https://rum.browser-intake-datadoghq.com https://*.walkme.com;frame-src 'self' https://cdn.walkme.com https://*.vetconnectplus.com;frame-ancestors * 1 font-src *.cloudflare.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com 'unsafe-inline' data: https://widgets.trustedshops.com https://integrations.etrusted.com *.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.youtube-nocookie.com https://*.dpdconnect.nl *.demdex.net *.weltpixel.com *.multisafepay.com https://pay.google.com *.pinterest.com *.cookiebot.com *.google.com *.adobe.com *.paypal.com *.dpdconnect.nl *.cardinalcommerce.com *.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com *.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.trustedshops.com *.multisafepay.com https://widgets.trustedshops.com https://integrations.etrusted.com *.gstatic.com *.bing.com www.google.be *.pinterest.com *.google-analytics.com *.googleadservices.com *.paypal.com *.google.com *.google.be *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io https://*.dpdconnect.nl *.cloudflare.com *.twitter.com *.fontawesome.com *.trustedshops.com chimpstatic.com *.google.com *.gstatic.com *.multisafepay.com https://pay.google.com https://widgets.trustedshops.com https://integrations.etrusted.com https://www.googletagmanager.com tagmanager.google.com *.cookiebot.com www.dwin1.com *.pinimg.com *.facebook.net *.bing.com *.tiktok.com *.googleadservices.com *.google-analytics.com *.paypal.com *.googleapis.com *.dpdconnect.nl *.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com *.mailchimp.com *.jsdelivr.net 'unsafe-inline' data: *.multisafepay.com https://widgets.trustedshops.com https://integrations.etrusted.com tagmanager.google.com *.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.cloudflare.com *.demdex.net *.multisafepay.com *.trustedshops.com *.etrusted.com https://www.google-analytics.com www.google.com *.doubleclick.net *.pinterest.com *.bing.com *.tiktok.com *.cookiebot.com *.google.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' blob: data:; frame-src 'self'; connect-src cdn.jsdelivr.net http://localhost:* ws://localhost:* 'self'; script-src cdn.jsdelivr.net http://localhost:* 'self' 'unsafe-inline' 'unsafe-eval'; font-src fonts.gstatic.com http://localhost:* 'self' data:; style-src fonts.googleapis.com http://localhost:* 'self' 'unsafe-inline'; object-src 'none'; img-src http://localhost:* https: data: blob:; media-src http://localhost:* https: data: blob:; report-uri /modules/root/api/_/csp 1 default-src 'unsafe-inline' 'unsafe-eval' data: https:; 1 script-src https: 'strict-dynamic' 'report-sample' 'nonce-/DLBL6Zd+i6ZopCdEoPM9xPRYhgdmowTRjSwehCOWq0='; base-uri 'self';report-to csp-endpoint 1 object-src 'none';base-uri 'self';script-src 'nonce-9-rZT6j7buj1B44NHtElgw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self'; font-src 'self' https://fonts.gstatic.com/; img-src 'self' https://www.google.com/pagead/1p-user-list/456625577/ https://www.facebook.com/tr https://www.facebook.com/tr/ https://www.googletagmanager.com/a https://images.ctfassets.net/mqztk29gethb/ https://px.ads.linkedin.com/ https://p.adsymptotic.com/d/px/ https://ad.doubleclick.net https://adservice.google.com/ https://thumbnail.cibotechnologies.com https://mp-node.cibotechnologies.com https://maptiles.cibotechnologies.com; script-src 'self' 'sha256-sue/tIOvKxj1qdiU7vjXc3QRr4m38miOSTt5ej1B1Qk=' 'sha256-LCdNmzWPcRHz06PXJc7oSqX0BQKKg5DanOWcQhUuS9Q='; style-src 'self' https://fonts.googleapis.com/ 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-tGH3DyYa/C/Qsyv5DdGn+1AI17pxR5gyLRjKcrl+ZsA='; object-src 'none'; frame-src https://10311117.fls.doubleclick.net https://www.facebook.com https://bid.g.doubleclick.net; script-src-elem https://www.googletagmanager.com/ https://js.hsforms.net/ https://static.zdassets.com/ekr/snippet.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://connect.facebook.net/ https://www.googleadservices.com/pagead/conversion_async.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/456625577/ https://www.cibotechnologies.com; connect-src https://analytics.google.com/g/collect https://ekr.zdassets.com/compose/1d779da2-f0d9-4e53-ab95-c06c8c507a46 https://preview.contentful.com/spaces/mqztk29gethb/environments/master/entries https://cdn.contentful.com/spaces/mqztk29gethb/ https://api.mapbox.com/styles/v1/cibo-apps/ https://events.mapbox.com/events/v2 https://api.mapbox.com/map-sessions/v1 https://api.mapbox.com/fonts/v1/cibo-apps/ https://api.mapbox.com/mapbox-gl-js/plugins/mapbox-gl-rtl-text/v0.2.3/mapbox-gl-rtl-text.js https://api.mapbox.com/v4/ https://api.mapbox.com/raster/v1/ https://api.mp.cibotechnologies.com wss://api.mp.cibotechnologies.com 1 form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://seo.mageplaza.com *.canadapost.ca https://sso.epost.ca *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; frame-src *.hotjar.com *.hubspot.com fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.addthis.com *.facebook.com *.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; connect-src va.tawk.to *.tawk.to wss://*.tawk.to wss://*.hotjar.com *.hubspot.com *.hotjar.com *.hotjar.io *.hscollectedforms.net dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; script-src embed.tawk.to cdn.jsdelivr.net *.googletagmanager.com *.hotjar.com *.hs-scripts.com *.hs-analytics.net *.hscollectedforms.net *.hs-banner.com cloud.affiliationfocus.com *.hubspot.com *.usemessages.com assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.gstatic.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.net *.twitter.com *.avada.io *.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; font-src embed.tawk.to *.gstatic.com data: *.googleapis.com *.fontawesome.com fonts.googleapis.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; style-src embed.tawk.to *.googleapis.com *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline 'self' 'unsafe-inline'; img-src embed.tawk.to *.facebook.com facebook.com www.facebook.com *.hsforms.com forms.hsforms.com *.hubspot.com google.ca assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com *.bird.eu ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.addthisedge.com *.twitter.com mageside.com *.canadapost.ca www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://redchamps.com data: 'self' 'unsafe-inline'; 1 default-src 'none'; script-src 'self' 'unsafe-inline' https://js-agent.newrelic.com https://static.addtoany.com browser-update.org/update.min.js https://bam.nr-data.net cdn.jsdelivr.net/npm/toastify-js https://unpkg.com/@popperjs/core@2 https://unpkg.com/tippy.js@6 *.googletagmanager.com *.google-analytics.com 'sha256-3TIdhecF1TUJTU6UHHV+XFjtxST4Ly4SI5dp7p8w94k=' 'sha256-y51vfYQvJ1pJRC+bl/Dl5hWr66ny/NBHWu7mLsKSL34=' 'sha256-bRd7sm1D7+GYKVHJlUiklMRRw5DiB166o8NEJexQRO0=' 'sha256-dL2ESckwj4nJmxM2eeOnCjOCh/FGvV7p0G37luLRpEI=' 'sha256-HgwtOpcp9hPBBxMehbA+SvDbZZoakCw8R6HOSH0TgnE=' 'sha256-/rGLbsC3KREsVOihkt0j7wGku9aMLV2tcrug1R+VUY0=' 'sha256-3TIdhecF1TUJTU6UHHV+XFjtxST4Ly4SI5dp7p8w94k=' 'sha256-y51vfYQvJ1pJRC+bl/Dl5hWr66ny/NBHWu7mLsKSL34=' 'sha256-bRd7sm1D7+GYKVHJlUiklMRRw5DiB166o8NEJexQRO0=' 'sha256-dL2ESckwj4nJmxM2eeOnCjOCh/FGvV7p0G37luLRpEI=' 'sha256-HgwtOpcp9hPBBxMehbA+SvDbZZoakCw8R6HOSH0TgnE='; object-src 'none'; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net/npm/toastify-js/src/toastify.min.css https://fonts.gstatic.com; img-src 'self' unocha.org hpc.tools content.hpc.tools fts.unocha.org data: api.mapbox.com browser-update.org https://fonts.gstatic.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; frame-src 'self' https://content.hpc.tools https://www.youtube.com https://data.humdata.org https://datawrapper.dwcdn.net; frame-ancestors 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com data:; connect-src 'self' https://bam.nr-data.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; report-uri /report-csp-violation; base-uri 'self' 1 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com *.google.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net www.facebook.com platform.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.sendcloud.sc www.youtube.com widget.trustpilot.com vars.hotjar.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io 'self' data: *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com pinterest.com assets.pinterest.com syndication.twitter.com flagpedia.net https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.placeholder.com cdn.trustpilot.net bat.bing.com www.google.nl www.ideal.nl sp.tinymce.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com connect.facebook.net *.facebook.net *.g.doubleclick.net *.google-analytics.com *.gstatic.com *.avada.io twitter.com platform.twitter.com maps.googleapis.com js.mollie.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.sendcloud.sc widget.trustpilot.com trackcmp.net *.app-us1.com *.hotjar.com *.hotjar.io *.bing.com script.adcalls.nl *.clarity.ms www.google.nl cdn.tiny.cloud static.zdassets.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline fonts.googleapis.com/ cdn.tiny.cloud 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cluster.app-us1.com *.clarity.ms *.g.doubleclick.net *.hotjar.io *.hotjar.com *.bing.com ekr.zdassets.com *.zendesk.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.gravatar.com *.googleapis.com *.gstatic.com *.googleusercontent.com; frame-ancestors 'self'; report-to https://csp-report.clickhelp.com/csp-report; 1 font-src *.typekit.net fonts.gstatic.com use.typekit.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.cybersource.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cybersource.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.paypal.com *.typekit.net p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.magezon.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net https://cdn.jsdelivr.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com h.online-metrix.net *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://cdn.jsdelivr.net *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.paypal.com *.adobe.io performance.typekit.net *.sentry.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com h.online-metrix.net *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-2OuTX7Cr-T0xIvZulQ0fkA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' ; script-src 'self' ; script-src-elem 'self' https://www.google.com ; style-src 'self' ; style-src-elem 'self' https://fonts.googleapis.com ; img-src 'self' data: https://secure.gravatar.com" 1 object-src 'none';base-uri 'self';script-src 'nonce-nKzHfunvdQFh_NmyZmJnGw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-x-S1gSsTYjyPFC0KM_pKsg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' http://res.wx.qq.com https://res.wx.qq.com http://*.weishi.com https://*.weishi.com http://*.m.tencent.com https://*.m.tencent.com http://*.weixin.qq.com https://*.weixin.qq.com https://midas.gtimg.cn http://vm.gtimg.cn https://vm.gtimg.cn 'nonce-1575515410' 'strict-dynamic'; base-uri 'self';report-uri https://mp.weixin.qq.com/mp/fereport?action=csp_report 1 font-src *.fontawesome.com data: *.hotjar.com github.com cdn.honey.io *.photoslurp.com use.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.redsys.es facebook.com *.adyen.com *.redsys.com *.pinterest.com sas.redsys.es *.facebook.com sas.redsys.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.hotjar.com *.google.com *.addthis.com *.kampyle.com facebook.com docs.google.com *.facebook.com *.pinterest.es *.pinterest.com service.force.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com blob: *.w3.org *.bing.com c.bing.com *.hotjar.com bat.bing.com *.clarity.ms *.google.fr facebook.com *.kampyle.com *.gstatic.com *.ladybird.nl *.google.com *.fbcdn.net *.cookiepro.com *.pinterest.com *.pronovias.com *.facebook.com *.google.es *.photoslurp.com *.googleapis.com *.sanpatrick.com *.nicolemilano.com *.cdninstagram.com instagram.com *.verawangbride.com *.whiteonebridal.com *.googletagmanager.com scontent.fmad7-1.fna.fbcdn.net click.s50.exacttarget.com * data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ s7.addthis.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com unpkg.com *.force.com bat.bing.com *.adyen.com *.pinimg.com *.google.com *.hotjar.com *.tiktok.com dropbox.com gstatic.com *.nr-data.net *.clarity.ms *.moatads.com *.addthis.com *.kampyle.com *.newrelic.com *.gstatic.com *.dropbox.com *.cookiepro.com *.facebook.net *.facebook.com facebook.net *.photoslurp.com *.googleapis.com *.salesforce.com *.addthisedge.com *.secure.force.com http://polyfill.io service.force.com bam.eu01.nr-data.net *.nicolemilano.com *.empathybroker.com x.empathy.co x.staging.empathy.co *.lightning.force.com analytics.tiktok.com *.googletagmanager.com googletagmanager.com *.salesforceliveagent.com static.lightning.force.com *.la3-c1cs-fra.salesforceliveagent.com d.la3-c1cs-fra.salesforceliveagent.com pronoviasgroup.my.salesforce.com *.pinterest.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.honey.io *.kampyle.com *.force.com *.photoslurp.com service.force.com *.nicolemilano.com gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.vimeo.com *.akamaized.net *.photoslurp.com player.vimeo.com vod-progressive.akamaized.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net *.tt.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com wss: bat.bing.com *.force.com *.tiktok.com *.nr-data.net *.hotjar.io *.clarity.ms *.vimeo.com d.clarity.ms h.clarity.ms *.kampyle.com *.hotjar.com vc.hotjar.io ws7.hotjar.com *.instagram.com *.cookiepro.com *.pinterest.com *.amazonaws.com client.rum.us-east-1.amazonaws.com sts.eu-west-1.amazonaws.com ws16.hotjar.com ws20.hotjar.com ws22.hotjar.com ws23.hotjar.com ws33.hotjar.com ws34.hotjar.com *.facebook.com *.googleapis.com *.photoslurp.com *.secure.force.com bam.eu01.nr-data.net *.empathybroker.com x.empathy.co x.staging.empathy.co stats.g.doubleclick.net *.google-analytics.com api.empathybroker.com api.empathy.co api.staging.empathy.co api-staging.empathybroker.com pronoviasgroupcti.secure.force.com analytics.pangle-ads.com properties 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.cloudflare.com *.twitter.com *.gstatic.com https://googleapis.com *.fontawesome.com *.spockee.io *.skeepers.io *.crisp.chat data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com api.bazaarvoice.com stg.api.bazaarvoice.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com secure-gateway.hipay-tpp.com *.hipay.com *.twitter.com https://www.googletagmanager.com *.doubleclick.net/ *.googlesyndication.com *.cloudfront.net *.be2bill.com *.dalenys.com *.payplug.com *.teester.com *.easydmp.net *.botmind.ai *.pinterest.com *.spockee.io *.skeepers.io *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com https://web.bankin.com https://s3-eu-west-1.amazonaws.com *.bridgeapi.io *.design-a-cake.co.uk *.cloudflare.com *.klarna.com *.google-analytics.com *.paypal.com *.twitter.com *.google.com *.google.fr *.easypara.fr https://www.googletagmanager.com *.doubleclick.net/ *.cloudfront.net *.bazaarvoice.com *.googlesyndication.com *.bing.com *.pinterest.com *.digital-metric.net *.easyparapharmacie.com *.spockee.io *.skeepers.io *.onetrust.com cdn.cookielaw.org www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.crisp.chat *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com secure-gateway.hipay-tpp.com *.hipay.com *.cloudflare.com *.twitter.com *.google-analytics.com *.fontawesome.com *.skeepers.io https://swa.easypara.fr *.googleadservices.com *.scarabresearch.com *.google.com *.google.fr *.algolia.net *.algolia.com *.emarsys.net *.gstatic.com https://www.googletagmanager.com *.doubleclick.net *.googlesyndication.com *.cloudfront.net *.botmind.io *.be2bill.com *.batch.com *.easypara.fr *.hotjar.com *.tiktok.com *.easydmp.net *.teester.com *.kk-resources.com *.pinimg.com *.digital-metric.net *.bing.com *.bazaarvoice.com *.spockee.io *.pinterest.com party.spockee.io *.onetrust.com cdn.cookielaw.org https://cdn.scalapay.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.crisp.chat tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com display.ugc.bazaarvoice.com *.hipay.com *.cloudflare.com *.googleapis.com *.twitter.com *.fontawesome.com *.skeepers.io https://swa.easypara.fr *.googleadservices.com *.scarabresearch.com *.google-analytics.com *.algolia.net *.algolia.com *.emarsys.net *.google.com *.spockee.io *.onetrust.com unsafe-inline *.crisp.chat tagmanager.google.com 'self' 'unsafe-inline'; object-src *.youtube.com *.teester.com *.spockee.io *.skeepers.io 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://web.bankin.com https://s3-eu-west-1.amazonaws.com *.bridgeapi.io data: mpsnare.iesnare.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.hipay.com wss://mpsnare.iesnare.com *.cloudflare.com *.twitter.com *.paypal.com *.emarsys.net *.scarabresearch.com *.google-analytics.com https://region1.analytics.google.com/ https://swa.easypara.fr *.googlesyndication.com *.doubleclick.net *.botmind.io *.spockee.io *.google.com *.batch.com *.tiktok.com *.pinterest.com *.easypara.fr *.skeepers.io party.spockee.io *.onetrust.com cdn.cookielaw.org https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.crisp.chat https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com https://fonts.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://player.vimeo.com https://www.youtube-nocookie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io blueskytechmage.com mageblueskytech.com placehold.jp www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com s7.addthis.com *.avada.io https://player.vimeo.com https://www.youtube.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com https://fonts.googleapis.com http://fonts.googleapis.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com ekr.zdassets.com/ https://get.geojs.io *.avada.io https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com *.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com www.magmodules.eu *.datatrics.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.squeezely.tech data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.datatrics.com www.facebook.com graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com squeezely.tech www.squeezely.tech *.squeezely.tech 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.googleapis.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net *.datatrics.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com squeezely.tech *.squeezely.tech 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-APeQoJMlkCgK0FFDmmUx8Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com *.gstatic.com marketplace.phi-production.cloud *.googleapis.com www.njstart.gov www.googletagmanager.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 default-src 'self' *.tc.edu *.tc.columbia.edu; font-src *; frame-ancestors 'self' *.tc.edu *.tc.columbia.edu; frame-src *; img-src *; connect-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src *; object-src 'none'; 1 object-src 'none';base-uri 'self';script-src 'nonce-gi9pRibCloi3fmGEun390Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src https://*.quadpay.com https://fonts.gstatic.com *.lewandmassager.com *.bvibe.com use.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://bid.g.doubleclick.net *.lewandmassager.com *.bvibe.com https://www.googletagmanager.com/ *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.quadpay.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com shareasale.com *.bvibe.com *.lewandmassager.com *.yotpo.com swellrewards.com *.swellrewards.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.quadpay.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.gstatic.com https://www.google.com https://cdnjs.cloudflare.com *.lewandmassager.com *.bvibe.com *.impactcdn.com *.yotpo.com swellrewards.com *.swellrewards.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com unsafe-inline https://fonts.gstatic.com https://fonts.googleapis.com *.lewandmassager.com *.bvibe.com *.yotpo.com swellrewards.com *.swellrewards.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://*.quadpay.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com https://bvibe.pxf.io/ https://lewand-massager.sjv.io/ *.yotpo.com swellrewards.com *.swellrewards.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-FAucV7nWA04jaOhk9OUtxQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' https://www.google.*; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.acsbapp.com https://*.google-analytics.com https://*.googleadservices.com https://*.googletagmanager.com https://*.qvdt3feo.com https://*.stackadapt.com https://acdn.adnxs.com https://acsbapp.com https://connect.facebook.net https://contentdsp.com https://display-logix.containers.piwik.pro https://googleads.g.doubleclick.net https://js.hs-scripts.com https://maps.googleapis.com https://maps.gstatic.com https://qvdt3feo.com/* https://stats.g.doubleclick.net https://use.typekit.net https://www.google.com https://www.gstatic.com; img-src 'self' *.https://www.google data: https://*.adnxs.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.mdhv.io https://analytics.google.com https://arttrk.com https://cdn.acsbapp.com https://jelly.mdhv.io https://maps.gstatic.com https://p.typekit.net https://*.stackadapt.com https://use.typekit.net https://www.facebook.com https://www.googletagmanager.com https://www.sfbcic.com https://googleads.g.doubleclick.net https://*.googleapis.com https://*.gravatar.com https://*.google.com https://www.gstatic.com https://*.gofundme.com https://www.heber-springs.com https://www.hotsprings.org https://*fna.fbcdn.net https://*.acsbapp.com https://www.msfbins.com https://www.lafarmbureau.com https://www.afbic.com https://*.w55c.net; style-src 'self' 'unsafe-inline' https://*.stackadapt.com https://fonts.googleapis.com https://use.typekit.net; font-src 'self' data: https://acsbapp.com https://fonts.gstatic.com; connect-src 'self' https://*.acsbapp.com https://*.google-analytics.com https://*.google.com https://*.stackadapt.com https://adservice.google.com https://analytics.google.com https://maps.googleapis.com https://stats.g.doubleclick.net https://zip.faverates.com *.https://stats.g https://*.googlesyndication.com https://yoast.com https://my.wpengine.com; frame-src 'self' https://*.googletagmanager.com https://td.doubleclick.net https://www.google.com https://*.spotify.com https://www.youtube.com https://mozbar.moz.com https://*.adsrvr.org; report-uri https://node-csp-reporter.herokuapp.com/csp-report-endpoint; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.bunny.net n2.mouseflow.com greenlineloans.com bam.nr-data.net cdn.mouseflow.com cdn.acsbapp.com www.googletagmanager.com maxcdn.bootstrapcdn.com *.googleapis.com *.gstatic.com acsbapp.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 object-src 'none';base-uri 'self';script-src 'nonce-M2HE-oVB6C3jqzqTVXigGw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.meetanshi.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com api.razorpay.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.meetanshi.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com cdn.razorpay.com *.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google-analytics.com *.gstatic.com *.webagencyanalytics.com *.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.googleapis.com *.google.com *.avada.io *.meetanshi.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com checkout.razorpay.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.gstatic.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.google.com unsafe-inline tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de webagencyanalytics.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io *.meetanshi.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com lumberjack.razorpay.com lumberjack-metrics.razorpay.com https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 report-uri *; font-src fonts.gstatic.com use.typekit.net https://fonts.gstatic.com *.gstatic.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.fontawesome.com *.alothemes.com *.magepow.com * data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.youtube.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net data: www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com gateway.apaylater.com gateway.atome.sg *.trackedlink.net *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.facebook.com *.alothemes.com *.magepow.com * data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com gateway.apaylater.com gateway.atome.sg *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.nr-data.net *.newrelic.com *.hoolah.co *.googletagmanager.com *.facebook.net *.avada.io *.addtoany.com *.alothemes.com *.magepow.com * 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com gateway.apaylater.com gateway.atome.sg cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.hoolah.co *.addtoany.com *.alothemes.com *.magepow.com * 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net *.sentry.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.cloudflare.com *.twitter.com *.twimg.com *.googleadservices.com *.google-analytics.com *.sandbox.paypal.com *.paypalobjects.com *.nr-data.net *.newrelic.com *.ampproject.org https://get.geojs.io *.avada.io http://dpm.demdex.net *.alothemes.com *.magepow.com * 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1 default-src 'self' statistiek.rijksoverheid.nl; script-src 'self' 'sha256-3Pejfkj6T0q3nIFwdhJVA0ST+KnF2yIhYlZO1qmTNPU=' statistiek.rijksoverheid.nl 'report-sample' 'sha256-IbtDa5/kbW2Hbn7qGi1538ERW/JuXrjCjK6zuL7QDfE='; object-src 'self'; style-src 'self' 'sha256-7xqMqDOfWqvgvujBp1NXgw9yq9uWja1UZbZbBoSphjU=' 'sha256-mCFjSEfVbMV655L708fbXky77erDrJ8sYVyx+V9Igjg=' 'sha256-5uIP+HBVRu0WW8ep6d6+YVfhgkl0AcIabZrBS5JJAzs=' 'sha256-1VTAHS0X+0lgrfu7iW/2ikIZ/VIANi00phY6Pqavxdg=' ; img-src 'self' statistiek.rijksoverheid.nl *.rovid.nl data:; media-src 'self' rovid.nl *.rovid.nl; frame-src 'self' ; font-src 'self'; report-uri https://sentry.dtnr.nl/api/44/security/?sentry_key=7a6c58c960be4975936f128606931c16&sentry_environment=production 1 object-src 'none';base-uri 'self';script-src 'nonce-BSgHHfHr4rDE7_2nPuZTXg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.cloudflare.com *.typekit.net *.trustedshops.com *.fontawesome.com fonts.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.google.com *.youtube.com youtu.be *.vimeo.com *.addthis.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.cloudflare.com https://cdn.klarna.com *.paypal.com https://s.ytimg.com *.usercentrics.eu *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.cloudflare.com www.google.com www.gstatic.com *.trustedshops.com *.usercentrics.eu *.addthis.com *.addthisedge.com *.moatads.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.cloudflare.com *.typekit.net *.trustedshops.com *.usercentrics.eu fonts.googleapis.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.cloudflare.com *.paypal.com *.googleapis.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-Q4lyXaVswk2eA8YgohGFzQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src fonts.googleapis.com fonts.gstatic.com *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com *.helloumi.com *.flixfacts.com *.flixcar.com cdn.sancta-domenica.hr *.esisapp.com data: *.criteo.com media.sancta-domenica.h *.googleapis.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.txpmnts.com *.facebook.com cdn.sancta-domenica.hr *.criteo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://ipgtest.monri.com/ https://ipg.monri.com/ landbot.io *.flixcar.com *.facebook.com *.facebook.com/tr *.twitter.com *.google.com *.youtu.be *.txpmnts.com *.addthis.com *.monri.com cdn.sancta-domenica.hr *.loadbee.com consentcdn.cookiebot.com *.samsung.com *.criteo.com *.sancta-domenica.hr *.weltpixel.com *.wesupply.xyz https://wesupplylabs.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.helloumi.com storage.googleapis.com *.flixcar.com *.flix360.com *.twitter.com *.pinterest.com *.news.samsung.com *.moja-trgovina.net *.jwpsrv.com *.samsung.com promocije.sancta-domenica.hr cdn.sancta-domenica.hr *.google.com *.google.de *.facebook.com *.kxcdn.com *.nrholding.net fugajcreative.hr *.doubleclick.net *.google.hr *.webpushr.com *.prismic.io *.esisapp.com *.esisatc.com *.googletagmanager.com *.bosch-home.com *.criteo.com media.sancta-domenica.hr *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.avada.io https://ipgtest.monri.com/ https://ipg.monri.com/ api.exponea.com *.helloumi.com *.facebook.net *.pinterest.com *.google.com *.twitter.com *.flixfacts.com *.flixcar.com *.loadbee.com *.channelsight.com *.txpmnts.com *.addthis.com *.moatads.com *.addthisedge.com *.gstatic.com *.mailerlite.com *.zdassets.com *.webpushr.com *.zopim.com *.doubleclick.net *.monri.com cdn.sancta-domenica.hr *.adform.net inte.searchnode.io *.esisapp.com *.cookiebot.com *.flix360.io consentcdn.cookiebot.com bam.eu01.nr-data.net *.newrelic.com *.googleapis.com *.criteo.com static.criteo.net *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.flixcar.com *.flixfacts.com fugajcreative.hr static.mailerlite.com cdn.sancta-domenica.hr media.sancta-domenica.hr *.esisapp.com *.criteo.com *.googleapis.com tagmanager.google.com blob: 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com cdn.sancta-domenica.hr *.youtube.com *.youtu.be *.criteo.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://get.geojs.io *.avada.io *.exponea.com *.addthis.com *.google-analytics.com *.doubleclick.net bot.webpushr.com analytics.webpushr.com *.zdassets.com sanctadomenica.zendesk.com wss://widget-mediator.zopim.com cdn.sancta-domenica.hr *.loadbee.com *.esisapp.com *.google.com bam.eu01.nr-data.net *.cookiebot.com *.searchnode.net *.criteo.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com use.typekit.net *.adbr.io *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.cookiebot.com *.adbr.io *.addthis.com *.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.google.it *.zopim.io *.adbr.io *.adabra.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.addthisedge.com *.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.cookiebot.com fullstory.com assets.zendesk.com static.zdassets.com cdn.jsdelivr.net *.adbr.io *.cloudflare.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.addthis.com *.moatads.com *.addthisedge.com *.twitter.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://cdn.scalapay.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.bootstrapcdn.com cdn.jsdelivr.net fonts.gstatic.com fonts.googleapis.com *.typekit.net *.adbr.io https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.cookiebot.com *.g.doubleclick.net *.googlesyndication.com *.zendesk.com *.zopim.com *.zdassets.com wss://widget-mediator.zopim.com *.adbr.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.mercadolibre.com https://player.vimeo.com https://www.youtube-nocookie.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com blob: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com *.google.com *.google.fr *.google.ie www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.mlstatic.com *.mercadopago.com https://player.vimeo.com https://www.youtube.com www.gstatic.com *.google.com *.google.fr *.google.ie *.googletagmanager.com *.googleadservices.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.googleapis.com www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.mercadopago.com *.mercadolibre.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.gstatic.com fonts.googleapis.com newrelic.com www.google.com use.typekit.net maxcdn.bootstrapcdn.com *.myshopify.com *.shopify.com *.saas.talismaonline.com data: 'self' 'unsafe-inline'; form-action www.facebook.com *.facebook.com *.google.com *.saas.talismaonline.com 'self' 'unsafe-inline'; frame-ancestors gstatic.com *.saas.talismaonline.com *.myshopify.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com social-plugins.line.me www.facebook.com www.google.com newrelic.com vault.omise.co www.youtube.com youtu.be https://cdn.omise.co *.weltpixel.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.myshopify.com *.shopify.com *.saas.talismaonline.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com www.facebook.com maps.gstatic.com *.googleapis.com *.ggpht.com lh3.googleusercontent.com *.googleusercontent.com platform-lookaside.fbsbx.com www.w3.org newrelic.com www.paypalobjects.com t.paypal.com s.ytimg.com www.google.co.in api.omise.co omise-gateway-production.s3.ap-southeast-1.amazonaws.com flagpedia.net *.myshopify.com *.shopify.com *.saas.talismaonline.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com omise.co cdn.omise.co maps.googleapis.com connect.facebook.net d.line-scdn.net js-agent.newrelic.com bam-cell.nr-data.net www.google.com www.gstatic.com newrelic.com cdn.iubenda.com www.iubenda.com www.google.co.in f.vimeocdn.com https://cdn.omise.co cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.gstatic.com *.myshopify.com *.shopify.com *.saas.talismaonline.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com newrelic.com www.google.com use.typekit.net p.typekit.net cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com maxcdn.bootstrapcdn.com *.gstatic.com *.myshopify.com *.shopify.com *.saas.talismaonline.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com bam-cell.nr-data.net newrelic.com www.google.com youtube.com googletagmanager.com paypal.com bam.nr-data.net webchat.dotdigital.com stats.g.doubleclick.net hits-i.iubenda.com www.facebook.com maps.googleapis.com https://cdn.omise.co webchat.staging.dotdigital.com www.gstatic.com *.myshopify.com *.shopify.com *.saas.talismaonline.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.klarnacdn.net *.cloudflare.com *.typekit.net *.trustedshops.com *.googleapis.com cdn1.stamped.io stamped.io *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.klarna.com *.freshchat.com *.twitter.com *.trustpilot.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'self' data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.klarna.com *.klarnaevt.com *.cloudfront.net/ *.criteo.net *.stamped.io *.freshchat.com/ *.cloudflare.com *.ytimg.com https://images.unsplash.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://img.youtube.com cdn1.stamped.io stamped.io flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: *.paypal.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.klarna.com *.kk-resources.com/ *.shopalike.fi/ *.chatbotize.com/ qanuk-stage.vercel.app *.tradedoubler.com *.criteo.com *.cookiefirst.com *.omappapi.com *.googleoptimize.com *.klaviyo.com reviewsonmywebsite.com 'self' data: *.fontawesome.com *.videoly.co/ *.freshchat.com cdnjs.cloudflare.com/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.trustpilot.com s7.addthis.com cdn1.stamped.io stamped.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.cookiefirst.com *.klarnacdn.net *.omappapi.com reviewsonmywebsite.com *.typekit.net *.freshchat.com/ *.cloudflare.com/ https://static.klaviyo.com *.trustpilot.com cdn1.stamped.io stamped.io *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src cdn1.stamped.io stamped.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.klarnaevt.com *.criteo.com *.kelkoogroup.net/ *.chatbotize.com *.klarnaservices.com *.doubleclick.net *.qanuk.app *.cookiefirst.com *.omappapi.com *.googlesyndication.com reviewsonmywebsite.com *.cloudflare.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ekr.zdassets.com/ cdn1.stamped.io stamped.io www.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.trustpilot.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.gstatic.com *.fontawesome.com *.googleapis.com *.bootstrapcdn.com *.amazonaws.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.facebook.net *.yotpo.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com *.pelecard.biz *.queue-it.net *.facebook.com *.facebook.net *.vimeo.com vimeo.com *.adoric.com *.tiktok.com *.glassix.com *.adoric-om.com *.google.com www.xtento.com *.paypal.com *.yotpo.com *.creditguard.co.il *.googletagmanager.com *.xtento.com *.doubleclick.net acsbapp.com *.acsbap.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.magentocommerce.com *.entrust.net *.google.com *.google.com.vn *.doubleclick.net *.cloudfront.net *.googleapis.com *.gstatic.com *.facebook.com *.facebook.net *.mltp.co.il *.adoric.com *.adoric-om.com *.tiktok.com *.giphy.com *.acsbapp.com *.amazonaws.com *.shw.co.il www.xtento.com cdn.xtento.com *.googleadservices.com *.yotpo.com *.cdninstagram.com *.google-analytics.com *.google.co.il https://www.google *.paypal.com *.paypalobjects.com *.vimeo.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.adobedtm.com *.authorize.net *.entrust.net *.gstatic.com www.google.com *.adyen.com *.queue-it.net *.googletagmanager.com *.googleapis.com *.cardinalcommerce.com *.ccdc02.com *.braintreegateway.com *.signifyd.com *.nowdialogue.com *.xtento.com *.facebook.com *.facebook.net *.nagich.co.il *.rawgit.com *.adoric.com *.tiktok.com *.glassix.com *.adoric-om.com www.xtento.com cdn.xtento.com *.google-analytics.com *.google.com *.fontawesome.com *.googleadservices.com *.doubleclick.net *.analytics.com *.youtube.com *.paypal.com *.paypalobjects.com acsbapp.com acsbap.com *.cloudflare.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.adoric.com *.adoric-om.com *.googleapis.com *.nowdialogue.com *.fontawesome.com *.bootstrapcdn.com *.cloudflare.com unsafe-inline tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.amazonaws.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.entrust.net *.google-analytics.com *.google.com *.nowdialogue.com nowdialogue.com *.nagich.co.il *.doubleclick.net *.vimeo.com vimeo.com *.demdex.com *.adoric.com *.adoric-om.com *.tiktok.com *.glassix.com *.analytics.com *.facebook.com player.vimeo.com *.googleapis.com *.acsbapp.com acsbap.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src https://connect.facebook.net/ https://script.crazyegg.com/ https://static.hotjar.com/ https://widgets-static.embluemail.com/ https://cdn.embluemail.com/ data: *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://connect.facebook.net/ business.facebook.com https://script.crazyegg.com/ https://static.hotjar.com/ https://widgets-static.embluemail.com/ https://cdn.embluemail.com/ data: c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://connect.facebook.net/ business.facebook.com https://script.crazyegg.com/ https://static.hotjar.com/ https://widgets-static.embluemail.com/ https://cdn.embluemail.com/ https://www.google.co.cr/ *.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://connect.facebook.net/ business.facebook.com *.greenpaysbx.me *.kaptcha.com https://script.crazyegg.com/ https://static.hotjar.com/ https://widgets-static.embluemail.com/ https://cdn.embluemail.com/ data: *.googletagmanager.com *.facebook.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://connect.facebook.net/ https://script.crazyegg.com/ https://static.hotjar.com/ https://widgets-static.embluemail.com/ https://cdn.embluemail.com/ data: *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://connect.facebook.net/ business.facebook.com *.kaptcha.com https://data-collector.greenpay.me https://script.crazyegg.com/ *.hotjar.net/ https://widgets-static.embluemail.com/ https://cdn.embluemail.com/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://googletagmanager.com/ https://www.googletagmanager.com/ https://gtm-mpv8c69c-mze5m.uc.r.appspot.com *.doubleclick.net/ data: *.google-analytics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' *.leaseplan.com *.leaseplandigital.com *.leaseplan.io; script-src 'unsafe-inline' https: 'nonce-jAx1u7TZ50bWo8/3vXGwIg==' 'strict-dynamic'; connect-src 'self' *.ayvens.com *.leaseplan.com edge.adobedc.net ad.doubleclick.net adservice.google.com api.realytics.io api.rudderlabs.com bat.bing.com bis.blastingnews.com browser-http-intake.logs.datadoghq.eu *.browser-intake-datadoghq.eu cdn.cookielaw.org cdn.imagin.studio cdn.linkedin.oribi.io content.hotjar.io csmetrics.hotjar.com geolocation.onetrust.com *.clarity.ms in.hotjar.com leaseplan-dataplane.rudderstack.com m.realytics.io optanon.blob.core.windows.net privacyportal-de.onetrust.com region1.google-analytics.com s.yimg.com sentry-proxy.hotjar.com service.giosg.com settings.luckyorange.net sst.leaseplan.com stats.g.doubleclick.net surveystats.hotjar.io vc.hotjar.io www.facebook.com www.google-analytics.com www.google.com www.leaseplan.it; img-src 'self' data: ad.doubleclick.net bat.bing.com *.clarity.ms cdn.cookielaw.org cdn.imagin.studio i.ytimg.com idt9rpjm7d.execute-api.eu-west-1.amazonaws.com img.youtube.com p1.zemanta.com px.ads.linkedin.com script.hotjar.com tracking.adstrategysites.com tracking.audio.thisisdax.com translate.google.com www.drive.leaseplan.pt www.facebook.com www.google-analytics.com www.google.com www.google.cz www.google.de www.googletagmanager.com www.gstatic.com www.leaseplan.it; media-src 'self' *.leaseplandigital.com www.leaseplanbrand.com; worker-src blob:; style-src 'self' 'unsafe-inline' *.leaseplancdn.com cdn.cookielaw.org maxcdn.bootstrapcdn.com translate.googleapis.com www.leaseplan.it; frame-src 'self' *.leaseplan.com player.vimeo.com www.youtube.com www.youtube-nocookie.com https://map.openchargemap.io widget.klantenthousiasme.nl; font-src 'self' *.leaseplancdn.com; object-src 'none'; base-uri 'none'; 1 object-src 'none';base-uri 'self';script-src 'nonce-fyvPx3-K0x9KoU4fYGX4Eg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-inline' *.googleusercontent.com https://unpkg.com *.googleusercontent.com https://www.firstbus.co.uk *.gstatic.com *.google.co.uk *.facebook.com *.googleapis.com *.hotjar.com *.contentsquare.net *.ads-twitter.com *.unpkg.com *.tiktok.com *.googleadservices.com *.twitter.com *.youtube.com *.google-analytics.com *.google.com *.facebook.net *.googletagmanager.com *.cookiepro.com *.doubleclick.net *.sc-static.net *.thisisdax.com *.adform.net *.cloudflare.com *.t.co *.adnxs.com *.snapchat.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cardinalcommerce.com *.paypalobjects.com *.paypal.com *.comcarde.com *.vimeo.com https://unpkg.com/@googlemaps/markerclustererplus/dist/index.min.js https://unpkg.com/@googlemaps/markerclustererplus@1.2.10/dist/index.min.js *.unpkg.com https://unkpkg.com https://sc-static.net https://www.google.co.uk *.gstatic.com *.googleapis.com *.hotjar.com *.contentsquare.net *.ads-twitter.com *.unpkg.com *.licdn.com *.tiktok.com *.googleadservices.com *.google-analytics.com *.google.com *.jsdelivr.net *.facebook.net *.googletagmanager.com *.cookiepro.com *.doubleclick.net *.sc-static.net *.adform.net *.cloudflare.com *.adnxs.com *.snapchat.com; style-src 'self' 'unsafe-inline' *.cloudflare.com *.jsdelivr.net *.unpkg.com *.jquery.com; img-src 'self' 'unsafe-inline' data: *.paypalobjects.com https://adservice.google.com *.google.com https://www.google.com *.gstatic.com *.google.gg *.google.bs *.google.tn *.google.hn *.google.com.om *.google.com.ag *.google.com.ng *.googleusercontent.com *.google.com.gi *.google.es *.google.com.mx *.google.dk *.ggpht.com *.google.is *.google.me *.google.com.co *.google.com.ec *.facebook.net *.firstbus.co.uk *.googletagmanager.com *.google.ad *.google.hu *.google.gy *.google.co.bw *.google.com.lb *.google.ca *.google.com.hk *.google.mg *.google.co.ma *.google.jo *.google.com.qa *.google.com.pr *.wwe.com *.google.im *.google.fr *.linkedin.com *.facebook.com *.google.cz *.google.cl *.google.co.in *.google.com.sa *.google.com.bd *.google.pt *.google.nl *.google-analytics.com *.google.co.th *.google.lv *.google.com.ph *.cookiepro.com *.firstgroup.com *.google.no *.google.co.id *.google.be *.google.com.sg *.google.co.kr *.google.sk *.google.gr *.google.com.tr *.google.co.tz *.google.com.au *.google.lk *.google.com.my *.google.kg *.kellysford.com *.ytimg.com *.google.kz *.google.rs *.blacksportsonline.com *.google.lu *.google.com.eg *.google.pl *.google.com.mt *.google.com.cy *.google.mv *.google.com.jm *.google.cv *.twitter.com *.google.bg *.google.fi *.google.com.ar *.google.ee *.google.com.gh *.google.co.jp *.doubleclick.net *.ipromote.com *.google.cn *.google.ae *.google.com.et *.google.ru *.google.com.bo *.google.je *.google.com.pe *.adnxs.com *.google.ch *.google.se *.google.ro *.google.co.nz *.plusbus.info *.google.co.uk *.google.hr *.google.com.tw *.google.it *.paypal.com *.google.com.np *.googleapis.com *.google.cm *.pinimg.com *.google.com.br *.google.co.za *.leanlibrary.app *.google.dm *.google.com.kw *.google.mk *.google.com.pk *.google.tt *.google.co.ke *.google.com.bh *.google.lt *.google.com.bn *.thisisdax.com *.google.at *.google.ie *.google.de *.t.co *.google.si *.google.lv; style-src-elem 'self' 'unsafe-inline' cdn.jsdelivr.net *.googleapis.com https://unpkg.com https://cdnjs.cloudflare.com *.gstatic.com; frame-src 'self' 'unsafe-inline' *.paypalobjects.com *.paypal.com *.comcarde.com *.doubleclick.net *.vimeo.com *.youtube.com https://tr.snapchat.com *.td.doubleclick.net *.fls.doubleclick.net *.facebook.com; connect-src 'self' 'unsafe-inline' *.google.co.uk *.cardinalcommerce.com *.paypal.com *.braintree-api.com *.braintreegateway.com *.comcarde.com *.cookiepro.com https://www.facebook.com https://www.facebook.com *.analytics.google.com *.snapchat.com https://stats.g.doubleclick.net https://www.google-analytics.com https://cookie-cdn.cookiepro.com https://maps.googleapis.com https://tr.snapchat.com/p *.google.rs *.google.be *.google.ae *.google.gg *.google.com.om *.google.com.gi *.google.es *.google.com.mx *.google.dk *.google.com.co *.w88p9x.com *.adtonus.com *.googletagmanager.com *.doublestat.info *.google.hu *.google.co.bw *.google.ca *.google.com.hk *.rktds.net *.privacy-protector-adblocker.com *.wedata.net *.google.im *.google.fr *.linkedin.com *.amcreativemedia; report-uri https://heldertesting.spideronline.co.uk/csp-report-endpoint/index.php 1 default-src 'self'; script-src 'self' www.gstatic.com/cast/ www.gstatic.com/cv/js/sender/v1/cast_sender.js www.gstatic.com/eureka/clank/ cdn.segment.com app.intercom.io widget.intercom.io js.intercomcdn.com; img-src * data: blob:; style-src 'self' 'unsafe-inline' *.typekit.net fonts.googleapis.com; font-src 'self' use.typekit.net fonts.gstatic.com js.intercomcdn.com fonts.intercomcdn.com; connect-src 'self' *.intercom.io wss://*.intercom.io uploads.intercomcdn.com uploads.intercomcdn.eu uploads.au.intercomcdn.com uploads.intercomusercontent.com api.segment.io api.mapbox.com; object-src 'none'; report-uri /csp 1 worker-src blob:; font-src fonts.gstatic.com *.kxcdn.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.google.com *.addthis.com *.google.com/ https://www.youtube.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.cdninstagram.com *.kxcdn.com amcglobal.sc.omtrdc.net *.twitter.com *.googleapis.com *.google.com *.gstatic.com *.fbcdn.net https://www.magezon.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.googleapis.com *.google.com *.gstatic.com cdn.ampproject.org connect.facebook.net www.googletagmanager.com googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com *.google.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.google.com *.kxcdn.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com dpm.demdex.net *.instagram.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1 object-src 'none';base-uri 'self';script-src 'nonce-YBHuxAV47s0s0fUracAHVg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-welwe9Tc8XQgO944MMyt8A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.stripe.com *.google.com *.opayo.eu.elavon.com *.klarnacdn.net klarna.com *.klarna.com *.klarnaevt.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.stripe.com *.google.com *.opayo.eu.elavon.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.stripe.com *.google.com *.opayo.eu.elavon.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * secure.payu.com merch-prod.snd.payu.com klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.stripe.com *.google.com ebizmarts-website.s3.amazonaws.com *.paypal.com *.opayo.eu.elavon.com *.klarna.com *.klarnaevt.com *.klarnacdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com static.payu.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.stripe.com *.google.com *.opayo.eu.elavon.com *.klarna.com *.klarnacdn.net *.klarnaservices.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com secure.payu.com secure.snd.payu.com klarna.com *.klarnaevt.com *.trustpilot.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.stripe.com *.google.com *.opayo.eu.elavon.com *.klarnacdn.net unsafe-inline assets.braintreegateway.com *.trustpilot.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.stripe.com *.google.com *.paypal.com *.opayo.eu.elavon.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com secure.payu.com merch-prod.snd.payu.com klarna.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-gVCm1g4kxrTet4z-ISSZ6Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src https://fonts.gstatic.com data: *.fontawesome.com maxcdn.bootstrapcdn.com *.bootstrapcdn.com https://static.olark.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com www.facebook.com platform.twitter.com https://static.olark.com https://www.google.com https://bid.g.doubleclick.net https://www.equipmentleasing.org https://pay.google.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.googleapis.com https://redchamps.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com https://log.olark.com https://www.google.com https://marketing.labdepotinc.com https://www.google.com.ph https://www.googletagmanager.com https://www.gstatic.com https://stats.g.doubleclick.net https://bat.bing.com *.inspectlet.com https://analytics.sleeknote.com *.nextopia.net *.securitymetrics.com *.bing.com *.clarity.ms maps.gstatic.com https://www.labdepotinc.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ s7.addthis.com *.avada.io connect.facebook.net twitter.com platform.twitter.com *.cloudflare.com *.google-analytics.com *.bootstrapcdn.com https://www.bugherd.com *.nextopia.net https://ac.nextopiasoftware.com https://static.olark.com https://connect.facebook.net https://nrpc.olark.com https://www.googletagmanager.com https://marketing.labdepotinc.com https://googleads.g.doubleclick.net https://www.google.com https://www.gstatic.com https://pay.google.com https://static.cloudflareinsights.com https://api.olark.com https://bat.bing.com https://apis.google.com https://assets.olark.com *.inspectlet.com https://a.omappapi.com https://labdepotinc-com.ecomm-nav.com *.clarity.ms https://cdn.searchspring.net/intellisuggest/is.min.js *.searchspring.io cdn.ampproject.org www.gstatic.com tagmanager.google.com https://d.clarity.ms https://www.clarity.ms 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com *.fontawesome.com maxcdn.bootstrapcdn.com *.googleapis.com *.bootstrapcdn.com https://cdn.nextopia.net https://static.olark.com www.gstatic.com tagmanager.google.com https://a.omappapi.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://static.olark.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com ekr.zdassets.com/ https://get.geojs.io *.avada.io *.cloudflare.com *.bootstrapcdn.com https://nrpc.olark.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.com *.googleapis.com https://stats.g.doubleclick.net *.inspectlet.com wss://ws.inspectlet.com https://bat.bing.com *.braintreegateway.com *.clarity.ms https://beacon.searchspring.io/beacon cdn.ampproject.org https://a.omappapi.com https://api.omappapi.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://cadencedev.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1 default-src 'self' www.oxemis.com oxemis.com ; script-src 'self' www.oxemis.com oxemis.com 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline' ; frame-src oxiforms.com www.oxiforms.com ; frame-ancestors 'self' ; base-uri 'none' ; report-uri csp-reports.php?d3d3Lm94ZW1pcy5jb20v ; 1 default-src 'self'; connect-src 'self' *.google-analytics.com analytics.google.com *.analytics.google.com *.google.pl stats.g.doubleclick.net www.youtube.com; frame-ancestors https://cap1abmip02.capdale.com; frame-src 'self' www.google.com; font-src 'self' data:; img-src data: *; media-src *; object-src 'self' media.mtvnservices.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.googletagmanager.com; style-src 'self' 'unsafe-inline'; report-uri https://csp-reports.firmseek.com/caplin; 1 font-src *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://static.addtoany.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.avada.io maps.googleapis.com https://static.addtoany.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.avada.io https://static.addtoany.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src https://www.gstatic.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com fonts.gstatic.com https://maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self' *.maksekeskus.ee *.test.maksekeskus.ee 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com https://www.google.com/recaptcha/ https://www.google.com 'self' *.maksekeskus.ee *.test.maksekeskus.ee c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://accounts.google.com https://*.google.com https://*.hotjar.com https://vars.hotjar.com https://www.facebook.com https://*.criteo.com https://gum.criteo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.maksekeskus.ee *.test.maksekeskus.ee public.montonio.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://www.facebook.com https://www.google.com https://www.google.ee https://www.google-analytics.com chat.petcity.ee data: http: https: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.polyfill.io https://browser.sentry-cdn.com https://www.google.com https://www.gstatic.com 'self' *.maksekeskus.ee *.test.maksekeskus.ee data: public.montonio.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net chat.petcity.ee http: https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com chat.petcity.ee http: https: 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://*.ingest.sentry.io 'self' *.maksekeskus.ee *.test.maksekeskus.ee api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com https://stats.g.doubleclick.net chat.petcity.ee http: https: 'self' 'unsafe-inline'; child-src 'self' *.maksekeskus.ee *.test.maksekeskus.ee assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com *.fonts.googleapis.com data: *.cloudflare.com forms.syncrony.com www.halsteds.co.zw *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.meetanshi.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.google.com *.addthis.com *.pinterest.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.meetanshi.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com www.halsteds.co.zw www.google.co.za *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.fontawesome.com *.googleapis.com *.gstatic.com *.meetanshi.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com forms.syncrony.com www.googletagmanager.com www.halsteds.co.zw https://www.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline *.googleapis.com forms.syncrony.com www.halsteds.co.zw tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.meetanshi.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com analytics.google.com https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-_7_R4sbmYBtgM4Rs32Gy2A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.googleapis.com *.gstatic.com 'unsafe-inline' data: *.opayo.eu.elavon.com *.zopim.com *.klarnacdn.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.opayo.eu.elavon.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.opayo.eu.elavon.com *.trustpilot.com *.hotjar.com *.facebook.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.paypal.com *.opayo.eu.elavon.com ebizmarts-website.s3.amazonaws.com *.google.com *.googletagmanager.com *.google.co.uk *.facebook.com *.zopim.com *.klarnaevt.com *.klarna.com *.doubleclick.net *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.opayo.eu.elavon.com widget.freshworks.com m2epro.freshdesk.com *.hotjar.com *.klarna.com *.facebook.net *.zopim.com *.trustpilot.com *.zdassets.com browser-update.org *.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.opayo.eu.elavon.com widget.freshworks.com m2epro.freshdesk.com *.googleapis.com *.klarnacdn.net https://static.klaviyo.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.trustpilot.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.paypal.com *.opayo.eu.elavon.com widget.freshworks.com m2epro.freshdesk.com *.doubleclick.net *.klaviyo.com *.zdassets.com *.hotjar.com wss://ws7.hotjar.com *.hotjar.io *.google-analytics.com wss://widget-mediator.zopim.com *.facebook.com *.klarnaevt.com *.trustpilot.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://dev.theopticshop.co.uk/; report-to report-endpoint; 1 default-src 'self' 'nonce-c2lvMjAzTHRXenZJZk5qUA==' https://fonts.googleapis.com https://fonts.gstatic.com https://*.facebook.com https://*.socialhp.com https://js.driftt.com https://calendly.com https://www.google.com https://*.iubenda.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.shp.so https://snap.licdn.com https://ga.clearbit.com https://polyfill.io https://cdn.jwplayer.com https://www.youtube.com https://connect.facebook.net https://*.google-analytics.com https://*.lfeeder.com https://*.driftt.com https://*.googleapis.com https://*.gstatic.com https://www.google.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://*.sentry-cdn.com https://cdn.logrocket.io https://js-agent.newrelic.com https://bam.nr-data.net m https://*.calendly.com https://npmcdn.com https://cdn.lr-ingest.io; script-src-elem 'self' 'nonce-c2lvMjAzTHRXenZJZk5qUA==' https://pixel.shp.so https://www.googletagmanager.com https://snap.licdn.com https://tracking.g2crowd.com https://cdn.lr-ingest.io http://*.heyoliver.com https://connect.facebook.net https://*.google-analytics.com https://pixel.shp.so https://sc.lfeeder.com https://tr.lfeeder.com https://pixel.shp.so https://www.google-analytics.com https://cdn.jwplayer.com https://connect.facebook.net https://www.youtube.com https://*.google-analytics.com http://*.google-analytics.com https://*.lfeeder.com https://polyfill.io https://*.driftt.com https://*.googleapis.com https://*.gstatic.com https://www.google.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://*.sentry-cdn.com https://cdn.logrocket.io https://js-agent.newrelic.com https://bam.nr-data.net https://*.iubenda.com ; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://*.heyoliver.com https://fonts.googleapis.com https://fonts.gstatic.com https://connect.facebook.net https://*.iubenda.com ; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.scite.ai data:; connect-src 'self' https://*.shp.so https://*.socialhp.com https://*.google.com https://*.facebook.com https://cdn.linkedin.oribi.io https://www.heyoliver.com https://analytics.google.com https://*.google-analytics.com http://*.google-analytics.com https://*.logrocket.io https://sentry.io https://*.sentry.io https://bam.nr-data.net https://*.doubleclick.net https://r.lr-ingest.io https://*.iubenda.com ; img-src *, data:*; media-src 'self' https://image.socialhp.com https://image-gs.socialhp.com https://res.cloudinary.com https://*.iubenda.com ; frame-src 'self' https://*.youtube.com https://js.driftt.com https://www.google.com https://calendly.com https://*.facebook.com https://*.iubenda.com ; object-src none; worker-src 'self' blob:; report-uri https://o266291.ingest.sentry.io/api/5647787/security/?sentry_key=a72999d558b84b939ee7095e8a8c18e3; 1 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.salesmanago.pl *.massivespace.rocks *.iconify.design cdn.mouseflow.com unpkg.com maps.googleapis.com *.wikimedia.org *.cloudflare.com *.twitter.com *.google-analytics.com *.google.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.contactvox.com *.addtoany.com *.pinterest.com *.tumblr.com *.syndigo.com *.pagosonline.net *.typekit.net https://fonts.gstatic.com https://www.google.com https://www.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.twitter.com *.google.com *.massivespace.rocks *.pagosonline.net *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.doubleclick.net www.facebook.com *.salesmanago.pl *.massivespace.rocks *.iconify.design cdn.mouseflow.com unpkg.com maps.googleapis.com *.wikimedia.org *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.contactvox.com *.addtoany.com *.pinterest.com *.tumblr.com *.syndigo.com *.pagosonline.net *.youtube.com/ connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.rimax.com.co *.salesmanago.pl *.massivespace.rocks *.iconify.design cdn.mouseflow.com unpkg.com maps.googleapis.com *.wikimedia.org *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.contactvox.com *.addtoany.com *.pinterest.com *.tumblr.com *.syndigo.com *.pagosonline.net *.salesmanago.es *.salesmanago.com *.klarna.com *.googleadservices.com *.paypal.com *.ytimg.com *.lightemporium.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.salesmanago.pl *.massivespace.rocks *.iconify.design cdn.mouseflow.com unpkg.com maps.googleapis.com *.wikimedia.org *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.contactvox.com *.addtoany.com *.pinterest.com *.tumblr.com *.syndigo.com *.pagosonline.net *.hotjar.com *.salesmanago.es *.salesmanago.com gateway.payulatam.com sandbox.api.payulatam.com maf.pagosonline.net devicefingerprinting.fraudvault.com *.trackedlink.net *.googleapis.com *.avada.io connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.salesmanago.pl *.massivespace.rocks *.iconify.design cdn.mouseflow.com unpkg.com maps.googleapis.com *.wikimedia.org *.cloudflare.com *.twitter.com *.google-analytics.com *.google.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.contactvox.com *.addtoany.com *.pinterest.com *.tumblr.com *.syndigo.com *.pagosonline.net *.typekit.net unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.google-analytics.com www.facebook.com *.facebook.net *.google.com *.salesmanago.pl *.massivespace.rocks *.iconify.design cdn.mouseflow.com unpkg.com maps.googleapis.com *.wikimedia.org *.cloudflare.com *.twitter.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.contactvox.com *.addtoany.com *.pinterest.com *.tumblr.com *.syndigo.com *.pagosonline.net *.hotjar.com *.salesmanago.es *.salesmanago.com maf.pagosonline.net devicefingerprinting.fraudvault.com *.paypal.com *.googleadservices.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.ampproject.org http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src 'self' epichttp:;script-src 'nonce-678851fa1ab44e81be8d5542430c6e0b' https://mijnolvg.nl 'self';img-src 'self' blob: data: https://www.mijnolvg.nl https://www.olvg.nl;style-src https://mijnolvg.nl 'self' 'unsafe-inline';form-action 'self'; 1 font-src *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.google.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.google.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com unsafe-inline *.googleapis.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src blob: https:; script-src 'self' *.google-analytics.com *.cloudflare.com *.bootstrapcdn.com *.googleapis.com *.twitter.com *.assets-yammer.com *.h5p.org h5p.org www.google.com *.instagram.com *.youtube.com *.issuu.com *.govt.nz *.ytimg.com *.gstatic.com *.jit.si *.jsdelivr.net 'unsafe-inline' 'unsafe-eval' data:;; font-src *.gstatic.com https: data:; style-src https: 'unsafe-inline'; img-src https: data:; worker-src blob:; media-src 'self' blob:; report-uri https://koawatealearn.co.nz/local/csp/collector.php 1 object-src 'none';base-uri 'self';script-src 'nonce-jVrEQcU6Q2moTai5_x3juQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://*.zappsusercontent.com https://*.zappsusercontent.eu https://*.zappsusercontent.in https://*.zappsusercontent.com.au https://*.zappsusercontent.com.cn https://*.localzappscontents.com https://*.zohostatic.com https://*.zoho.com https://h2js.zohocdn.com https://js.zohocdn.com https://desk.zoho.com https://salesiq.zoho.com https://js.zohostatic.com https://localjs.zohostatic.com https://media.twiliocdn.com/sdk/js/client/releases/1.7.7/twilio.min.js https://media.twiliocdn.com/sdk/js/client/v1.7/twilio.min.js https://cdn.pagesense.io https://pagesense-collect.zoho.com https://iplocation.zoho.com https://s.ytimg.com/yts/jsbin/ https://www.youtube.com/iframe_api https://dyjgaef5vuq51.cloudfront.net https://dtzpfzv31buvf.cloudfront.net https://d22czkv2r5ogmg.cloudfront.net https://d12h6dzwzn4m10.cloudfront.net https://d17nz991552y2g.cloudfront.net https://scripts.zohospotlight.com chrome-extension://* https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://js.localzohocdn.com https://js.stratuscdn.com https://cdn.pagesense.io https://zohotagmanager.cdn.pagesense.io https://static.zohocdn.com https://www.zohowebstatic.com/ https://scripts.zohospotlight.com https://widgets.zohosalesiq.com https://static.stratuscdn.com https://static.localzohocdn.com https://static.zohocdn.com.cn https://js.stripe.com https://connect.facebook.net; report-uri https://logsapi.zoho.com/csplog?service=crm 1 object-src 'none';base-uri 'self';script-src 'nonce-6b1Xa0ktMfDO_Fyxeta1Nw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 worker-src https://www.sakestore.nl https://dev.sakestore.nl blob:; font-src fonts.gstatic.com *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com *.alothemes.com *.magepow.com https://www.sakestore.nl https://use.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com https://script.hotjar.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com uc8.tv *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ uc8.tv c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.google.com *.doubleclick.net www.facebook.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com consentcdn.cookiebot.com consentcdn.cookiebot.eu connect.facebook.net graph.facebook.com business.facebook.com *.multisafepay.com https://pay.google.com https://www.sakestore.nl https://vars.hotjar.com https://nl.pinterest.com https://www.pinterest.com https://ct.pinterest.com https://www.youtube.com https://documents.riverty.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io cdn.myafterpay.com uc8.tv www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com 'self' data: *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com connect.facebook.net graph.facebook.com business.facebook.com *.alothemes.com *.magepow.com *.multisafepay.com https://www.sakestore.nl https://www.google.com https://www.google.nl https://www.googletagmanager.com https://script.hotjar.com https://ct.pinterest.com https://dev.visualwebsiteoptimizer.com https://cdn.myafterpay.com https://log.pinterest.com https://www.facebook.com https://scontent-ams4-1.cdninstagram.com https://scontent-amt2-1.cdninstagram.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ uc8.tv https://cdn.myafterpay.com cdn.ampproject.org raw.githubusercontent.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.google.com *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com www.apptrian.com pinterest.com www.pinterest.com s.pinimg.com consent.cookiebot.com consent.cookiebot.eu chimpstatic.com downloads.mailchimp.com *.list-manage.com connect.facebook.net graph.facebook.com business.facebook.com s7.addthis.com *.avada.io *.alothemes.com *.magepow.com *.multisafepay.com https://pay.google.com https://www.sakestore.nl https://www.googletagmanager.com https://static.hotjar.com http://static.hotjar.com https://script.hotjar.com https://s.pinimg.com https://dev.visualwebsiteoptimizer.com https://www.smartsuppchat.com https://rec.smartlook.com https://widget-v2.smartsuppcdn.com https://widget-v3.smartsuppcdn.com https://js-agent.newrelic.com https://bam.eu01.nr-data.net https://assets.pinterest.com https://maps.googleapis.com https://chimpstatic.com https://connect.facebook.net https://cdn.matomo.cloud http://172.17.0.2:15729 http://172.17.0.2:35729 http://127.0.0.1:35729 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com downloads.mailchimp.com *.fontawesome.com *.alothemes.com *.magepow.com *.multisafepay.com https://www.sakestore.nl https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com https://widget-v3.smartsuppcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://cdn.myafterpay.com https://documents.myafterpay.com/ https://documents.riverty.com/ https://www.afterpay.nl/ cdn.ampproject.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.google-analytics.com www.facebook.com *.facebook.net www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com consentcdn.cookiebot.com consentcdn.cookiebot.eu connect.facebook.net graph.facebook.com business.facebook.com ekr.zdassets.com/ https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com *.multisafepay.com https://www.sakestore.nl https://www.google-analytics.com https://maps.googleapis.com https://stats.g.doubleclick.net https://in.hotjar.com https://surveystats.hotjar.com https://surveystats.hotjar.io https://ct.pinterest.com https://bootstrap.smartsuppchat.com https://translations.smartsuppcdn.com https://widget-v2.smartsuppcdn.com https://widget-v3.smartsuppcdn.com wss://websocket-visitors.smartsupp.com https://websocket-visitors.smartsupp.com smartsupp.com *.smartsupp.com https://manager.smartlook.com https://web-writer.eu.smartlook.cloud https://bam.eu01.nr-data.net https://analytics.google.com https://graph.instagram.com https://sakestore.matomo.cloud http://172.17.0.2:35729 ws://172.17.0.2:35729 ws://127.0.0.1:35729 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com https://www.sakestore.nl https://dev.sakestore.nl http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.googleapis.com *.gstatic.com *.fontawesome.com 'self' data: https://widgets.trustedshops.com https://integrations.etrusted.com *.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.cleverreach.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com secure.pay1.de payments.amazon.de jsctool.com www.jsctool.com *.hotjar.com secure.pay1.de/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com *.cloudfront.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://api.mapbox.com cdn.pay1.de x.klarnacdn.net 'self' data: https://widgets.trustedshops.com https://integrations.etrusted.com widgets.trustedshops.com mcstagingmedia.carou.com mcprodmedia.carou.com *.google.com www.google.com.ua ct.pinterest.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com chimpstatic.com downloads.mailchimp.com *.list-manage.com widget.freshworks.com m2epro.freshdesk.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io https://widgets.trustedshops.com https://integrations.etrusted.com *.hotjar.com widgets.trustedshops.com bam.nr-data.net js-agent.newrelic *.ratepay.com js-agent.newrelic.com s.pinimg.com analytics.tiktok.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com downloads.mailchimp.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com d.ratepay.com d.payla.io dr.payla.io *.googleapis.com *.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com *.bootstrapcdn.com maxcdn.bootstrapcdn.com/ *.ratepay.com/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com widget.freshworks.com m2epro.freshdesk.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com payments.amazon.de d.ratepay.com jsctool.com autocomplete2.postdirekt.de t.elasticsuite.io *.google-analytics.com *.trustedshops.com *.etrusted.com *.hotjar.com wss://*.hotjar.com/ bam.nr-data.net www.carou.com stats.g.doubleclick.net vc.hotjar.io ct.pinterest.com analytics.tiktok.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.zopim.com *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com *.sirv.com static.dhlparcel.nl static.sizebay.technology data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com www.google.com www.gstatic.com https://www.google.com/recaptcha/ *.adyen.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com magento-cloudflare.jetrails.com www.youtube.com www.googletagmanager.com web.facebook.com policy.app.cookieinformation.com *.sendcloud.sc *.jsdelivr.net *.weltpixel.com *.yotpo.com *.trustpilot.com *.wesupply.xyz static.addtoany.com bid.g.doubleclick.net consentcdn.cookiebot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.adyen.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://at19.net https://bdt9.net https://ds1.nl https://dt51.net https://dt61.net https://fr135.net https://glp8.net https://jdt8.net https://jf79.net https://hs82.net https://lt45.net https://mt74.net https://ndt5.net https://rkn3.net ebizmarts-website.s3.amazonaws.com *.ytimg.com *.zopim.com *.zopim.io scontent.cdninstagram.com https://www.magezon.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com web.facebook.com maps.googleapis.com *.navipartner.dk t.raptorsmartadvisor.com *.amazonaws.com *.yotpo.com *.sirv.com *.youtube.com maps.gstatic.com *.gstatic.com www.google.mu www.google.com bat.bing.com scontent-cdt1-1.cdninstagram.com c.clarity.ms c.bing.com rrstatic.retailrocket.net www.google.nl data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com www.google.com www.gstatic.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.chimpstatic.com *.retailrocket.net *.zopim.com *.zdassets.com static.addtoany.com *.avada.io widgets.pinterest.com www.reddit.com api.tumblr.com player.vimeo.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com maps.googleapis.com policy.app.cookieinformation.com *.sendcloud.sc *.jsdelivr.net *.yotpo.com *.sirv.com *.trustpilot.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com instant.page d1pna5l3xsntoj.cloudfront.net www.clarity.ms v2.zopim.com browser-update.org static.zdassets.com static.cloudflareinsights.com www.dwin1.com bat.bing.com cdn.popt.in googleads.g.doubleclick.net cdnjs.cloudflare.com ajax.cloudflare.com i.clarity.ms g.clarity.ms k.clarity.ms js-agent.newrelic.com bam-eu01.nr-data.net consent.cookiebot.com bam.eu01.nr-data.net static.dhlparcel.nl static.sizebay.technology vfr-v3-production.sizebay.technology script.hotjar.com static.hotjar.com https://yes.this.is.wrong 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com *.sendcloud.sc *.jsdelivr.net *.yotpo.com *.googleapis.com *.sirv.com tagmanager.google.com aryaboy.nl a.clarity.ms f.clarity.ms rrstatic.retailrocket.net static.dhlparcel.nl static.sizebay.technology vfr-v3-production.sizebay.technology www.wamdenim.com www.wamdenim.nl www.wamdenim.be www.wamdenim.de 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.sirv.com static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.adyen.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.retailrocket.net *.zdassets.com *.zopim.com widget-mediator.zopim.com graph.instagram.com https://get.geojs.io *.avada.io stats.addtoany.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net policy.app.cookieinformation.com consent.app.cookieinformation.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com *.yotpo.com *.sirv.com vimeo.com https://www.google-analytics.com display.popt.in v2.zopim.com maxcdn.bootstrapcdn.com maps.googleapis.com f.clarity.ms www.google.com bam-eu01.nr-data.net b.clarity.ms bam.eu01.nr-data.net analytics.google.com wamdenim4982.zendesk.com wss://widget-mediator.zopim.com vfr-v3-production.sizebay.technology in.hotjar.com wss://wsp13.hotjar.com content.hotjar.io *.googlesyndication.com googleads.g.doubleclick.net www.google.nl 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.affirm.com *.affirm.ca www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com *.gstatic.com *.googleapis.com *.affirm.com *.affirm.ca ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.affirm.com *.affirm.ca chimpstatic.com downloads.mailchimp.com *.list-manage.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googletagmanager.com *.facebook.net *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com fonts.googleapis.com downloads.mailchimp.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline'; manifest-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com *.googleapis.com *.affirm.com *.affirm.ca www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google-analytics.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.bing.com *.clarity.ms *.google.com *.google.pl cgraphics.imgix.net *.adsrvr.org *.hubspotusercontent00.net *.hubspot.net store.paradoxlabs.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.crazyegg.com *.bing.com *.clarity.ms *.steelhousemedia.com *.hsforms.net *.hsforms.com *.getambassador.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.avada.io *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.hubspotusercontent20.net *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.crazyegg.com *.clarity.ms *.doubleclick.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://get.geojs.io *.avada.io *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'self' 'unsafe-inline'; child-src www.smarthomesounds.co.uk http: https: blob: 'self' 'unsafe-inline'; default-src www.bing.com www.smarthomesounds.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; font-src themes.googleusercontent.com github.com fonts.gstatic.com www.smarthomesounds.co.uk fonts.googleapis.com www.paypalobjects.com use.typekit.net static.klaviyo.com storage.googleapis.com assets.reviews.io https://fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.sirv.com *.boldr.dev *.typekit.net d1azc1qln24ryf.cloudfront.net/40686/revsglobal-pr-mod/ d19ayerf5ehaab.cloudfront.net/css/product-widget/fonts/ media.flixcar.com/delivery/ media.flixfacts.com/ data: data: 'self' 'unsafe-inline'; base-uri customerreviews.google.com www.youtube.com www.amazon.com play.google.com fonts.googleapis.com widget.reviews.co.uk www.amazon.co.uk consent.google.com 'self' 'unsafe-inline'; worker-src blob: www.smarthomesounds.co.uk; media-src data: ssl.gstatic.com www.bing.com beacon-v2.helpscout.net www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.sirv.com code.jivosite.com/ beacon-v2.helpscout.net/ www.smarthomesounds.co.uk 'self' 'unsafe-inline'; style-src translate.googleapis.com use.typekit.net p.typekit.net fonts.googleapis.com widget.reviews.co.uk services.postcodeanywhere.co.uk www.gstatic.com www.smarthomesounds.co.uk www.paypalobjects.com angus.finance-calculator.co.uk assets.reviews.io www.googletagmanager.com https://fonts.googleapis.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com *.cloudfront.net *.reviews.io widget.reviews.co.uk/ *.sirv.com *.klaviyo.com *.typekit.net d19ayerf5ehaab.cloudfront.net/css/product-widget/ d1azc1qln24ryf.cloudfront.net/40686/revsglobal-pr-mod/ code.jivosite.com/ data: widget.reviews.co.uk/ platform.twitter.com/ ton.twimg.com/ cdn-images.mailchimp.com/embedcode/ k3v2w4q6.stackpathcdn.com/survey/ media.flixcar.com/delivery/ media.flixfacts.com/ 'self' 'unsafe-inline'; frame-ancestors www.smarthomesounds.co.uk 'self'; form-action secure.dekopay.com www.smarthomesounds.co.uk www.facebook.com apply.dekopay.com data: pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com connect.facebook.net graph.facebook.com *.reviews.io *.reviews.co.uk syndication.twitter.com/ platform.twitter.com/ www.facebook.com/tr/ 'self' 'unsafe-inline'; manifest-src www.smarthomesounds.co.uk 'self' 'unsafe-inline'; frame-src tpc.googlesyndication.com open.spotify.com m.facebook.com mailto: m.youtube.com www.google.com www.youtube.com m.media-amazon.com widget.trustpilot.com google.com www.googletagmanager.com www.facebook.com bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.youtube.com/embed/ *.youtube-nocookie.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com connect.facebook.net graph.facebook.com https://www.googletagmanager.com/ platform.twitter.com js.mollie.com *.reviews.io *.reviews.co.uk www.google.com/recaptcha/ platform.twitter.com/ syndication.twitter.com/ media.flixcar.com/ td.doubleclick.net www.smarthomesounds.co.uk 'self' 'unsafe-inline'; script-src tpc.googlesyndication.com googleads.g.doubleclick.net www.google-analytics.com static-eu.payments-amazon.com analytics.webgains.io beacon-v2.helpscout.net www.google.com translate.google.com translate.googleapis.com translate-pa.googleapis.com www.googletagmanager.com connect.facebook.net bat.bing.com static.klaviyo.com data: apis.google.com smart11249.pcapredict.com services.postcodeanywhere.co.uk www.smarthomesounds.co.uk www.googleadservices.com platform.twitter.com static-tracking.klaviyo.com widget.reviews.co.uk angus.finance-calculator.co.uk analytics.google.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com/ https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com graph.facebook.com widget.usersnap.com resources.usersnap.com jquery.sellxed.com *.finance-calculator.co.uk *.dekopay.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io twitter.com js.mollie.com https://cdnjs.cloudflare.com *.reviews.io widget.reviews.co.uk/ *.sirv.com player.vimeo.com *.klaviyo.com js.datadome.co *.google-analytics.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ googleads.g.doubleclick.net/pagead/viewthroughconversion/ google.com/pagead/ *.usersnap.com chimpstatic.com downloads.mailchimp.com mc.us7.list-manage.com code.jivosite.com/ smart11249.pcapredict.com/js/sensor.js platform.twitter.com/ cdn.syndication.twimg.com qeryz.com/survey/ script.crazyegg.com js-agent.newrelic.com bam.nr-data.net media.flixcar.com/delivery/ media.flixfacts.com/js/ prod.flixgvid.flix360.io/ *.clarity.ms api.webgains.io 'self' 'unsafe-inline' 'unsafe-eval'; connect-src chatapi.helpscout.net www.google.com ws-helpscout.pusher.com www.googletagmanager.com sockjs-helpscout.pusher.com translate.googleapis.com properties: region1.analytics.google.com www.google.co.uk analytics.google.com translate.google.com fonts.googleapis.com use.typekit.net payments-eu.amazon.com www.google.cz static-eu.payments-amazon.com csp.withgoogle.com code.jquery.com www.smarthomesounds.co.uk api-cache.reviews.co.uk www.google.ro data: region1.google-analytics.com wedata.net p.typekit.net fonts.gstatic.com www.google-analytics.com insights.algolia.io pagead2.googlesyndication.com www.bing.com www.google.com.gt www.google.com.gh www.facebook.com www.google.com.mm q.clarity.ms www.google.lt www.google.com.br www.google.it bat.bing.com o268291.ingest.sentry.io www.google.com.ng www.google.nl www.google.fi www.google.com.au www.google.de www.google.com.pk www.google.be www.google.com.eg www.google.sk www.google.dk www.google.ca www.google.fr www.google.ch www.google.ee www.google.com.my www.google.es www.google.bg www.google.com.sg www.google.com.vn www.google.se www.google.pt www.google.pl www.google.ie www.google.com.cy www.google.com.sa www.google.com.ph www.google.com.tw www.google.no www.google.lk www.google.is www.google.hu www.google.rs www.google.com.hk www.google.com.lb www.google.hr www.google.je www.google.gr www.google.si www.google.im www.google.lv www.google.ge www.google.sn www.google.iq www.google.jo www.google.tt www.google.so www.google.md www.google.bs www.google.lu www.google.sc www.google.by www.google.ba www.google.kg www.google.ru www.google.com.pg www.google.cv services.postcodeanywhere.co.uk www.google.mk www.google.kz www.google.hn www.google.gg www.google.la www.google.dz www.google.tn www.google.mu www.google.mg www.googleadservices.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com connect.facebook.net graph.facebook.com widget.usersnap.com *.amazonaws.com *.finance-calculator.co.uk *.dekopay.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io *.cloudfront.net *.reviews.io *.reviews.co.uk *.sirv.com *.klaviyo.com api-js.datadome.co *.google-analytics.com stats.g.doubleclick.net bat.bing.com/actionp/ widget.reviews.co.uk/ api-cache.reviews.co.uk/ api.reviews.co.uk/ *.jivosite.com/ qeryz.com/survey/ script.crazyegg.com/ tracking.crazyegg.com/ d3hb14vkzrxvla.cloudfront.net/v1/ beaconapi.helpscout.net/v1/ bam.nr-data.net/events/ facebook.com/tr/ *.clarity.ms endpoint1.collection.us2.sumologic.com api.webgains.io 'self' 'unsafe-inline'; img-src www.google.it www.google.ch www.google.ca www.google.de www.google.com.sg www.gstatic.com www.google.je www.google.se www.google.com www.google.com.ph www.google.com.hk www.google.fr www.google.pl www.google.es www.google.ie www.google.com.eg smarthomesounds.sirv.com www.google.com.vn www.google.dk region1.google-analytics.com www.google.no www.google.si googleads.g.doubleclick.net www.google.com.mx www.google.be www.google.cz www.google.lt chatapi-prod.s3.amazonaws.com www.google.com.gh www.google.rs www.google.com.pr www.google.com.br www.google.hu www.google.ro www.google.com.cy www.google.com.pe www.google.pt www.google.sk translate.google.com www.google.com.co www.google.ee www.google.bg www.google.com.qa www.google.hr www.google.com.au www.google.com.ng www.google.com.jm www.google.com.tr www.google.gr translate.googleapis.com www.google.tn www.google.fi ssl.google-analytics.com www.google.com.ar www.google.la www.google.com.my www.google.mn www.google.com.pk www.google.is www.google.lv www.google.com.np www.google.com.mm www.google.com.kh www.google.sh www.google.ba www.google.com.bd www.google.md www.google.bj www.google.com.sa www.google.dz www.google.com.gt www.google.lu www.google.tt www.google.com.ua www.google.com.bh www.google.lk www.google.com.tw assets.reviews.io www.facebook.com m.media-amazon.com www.google.com.mt www.google.im www.google.so www.google.me storage.googleapis.com www.google.gg www.google.kz www.google.mk www.google.ge www.google.com.bn www.google.com.gi www.google.com.kw www.google.com.et www.google.rw www.google.bt www.google.com.om www.google.gm pagead2.googlesyndication.com www.google.com.lb www.google.hn www.google.com.na www.google.vg www.google.ht www.google.mu file: www.google.com.uy bat.bing.com www.google.com.ec www.google.bs www.google.co.uk www.google.sn www.google.com.do www.google.com.pg blob: www.google.com.bo www.google.com.bz www.google.com.af www.google.com.ag www.google.com.pa www.google.iq www.google.com.fj www.google.li www.google.com.py www.google.tg www.google.ms www.google.gy www.google.jo www.google.gl www.google.mv sozodesign.co.uk www.google.by www.google.bf www.google.ru cdn-images.mailchimp.com www.google.com.sv www.paypalobjects.com www.google.sr www.google.mw www.google.com.ni www.google.com.cu www.google.com.sl log.pinterest.com www.google.com.ly www.google.cv www.google.cd www.google.cg www.google.com.ai www.google.ps www.google.tm img.youtube.com www.google.sc www.google.bi www.google-analytics.com www.google.kg www.google.dm www.youtube.com www.google.ga www.google.mg www.smarthomesounds.co.uk apply.dekopay.com www.google.com.vc cdn.simplycodes.com www.google.st fonts.gstatic.com www.google.vu www.google.com.tj www.google.sm www.bing.com www.google.to www.google.ws media.reviews.co.uk www.google.com.sb c.clarity.ms www.google.ne www.google.tl payments.amazon.co.uk s3.amazonaws.com www.google.ml use.typekit.net tpc.googlesyndication.com beacon-v2.helpscout.net region1.analytics.google.com encrypted-tbn3.gstatic.com encrypted-tbn1.gstatic.com encrypted-tbn0.gstatic.com encrypted-tbn2.gstatic.com widgets.magentocommerce.com data: www.googleadservices.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com i.ytimg.com/ d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com www.apptrian.com facebook.com connect.facebook.net graph.facebook.com www.gravatar.com validate.fishpig.co.uk *.finance-calculator.co.uk *.dekopay.com 'self' data: https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ pinterest.com assets.pinterest.com syndication.twitter.com https://www.mollie.com *.cloudfront.net assets.reviews.io/img/ *.reviews.co.uk *.sirv.com *.youtube.com stats.g.doubleclick.net www.google.com/ads/ga-audiences www.google.co.uk/ads/ga-audiences www.google.co.uk/pagead/ www.google.nl/ads/ga-audiences www.google.nl/pagead/ s.ytimg.com data: *.smarthomesounds.co.uk data: *.sozowebdesign.com www.gravatar.com/ media.reviews.co.uk/ files.jivosite.com/ d23yuld0pofhhw.cloudfront.net/default/uk/ d23yuld0pofhhw.cloudfront.net/uk/live/en_gb/ platform.twitter.com/ syndication.twitter.com/ abs.twimg.com/ pbs.twimg.com/ ton.twimg.com/ c.bing.com smarthomesounds.co.uk api.ecologi.com/badges/ d3np41mctoibfu.cloudfront.net/p/images/ https://rt.flix360.com/ media.flixcar.com/ assets-jpcust.jwpsrv.com/ media.flixfacts.com/ *.clarity.ms data: 'self' 'unsafe-inline';report-uri https://www.smarthomesounds.co.uk/fl32csp/report/; 1 object-src 'none';base-uri 'self';script-src 'nonce-54KUnpyhSIzTg4Ceggxmhg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * ; style-src * 'unsafe-inline'; media-src * data:; report-uri https://www.blickle.com:9000/registercsp2; report-to cspreport; 1 font-src https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://cloudfront.s-a-g.fr/ https://www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://www.googletagmanager.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cloudfront.s-a-g.fr/ *.google.com *.gstatic.com *.avada.io maps.googleapis.com https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com t.elasticsuite.io *.google-analytics.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/StratoZone/4.15; 1 object-src 'none'; form-action 'self'; frame-ancestors 'self'; 1 font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com fonts.gstatic.com *.nagich.co.il *.fontawesome.com *.yotpo.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com gateway20.pelecard.biz *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com 'unsafe-inline' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.google.com *.facebook.com *.googleapis.com *.cloudfront.net paypal.com paypalobjects.com *.paypal.com *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.jp *.ssl-images-amazon.co.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.nagich.co.il gateway20.pelecard.biz *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com tagmanager.google.com https://www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.newrelic.com *.nr-data.net *.googleapis.com *.cloudfront.net paypal.com paypalobjects.com widgets.magentocommerce.com *.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.jp *.ssl-images-amazon.co.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.gstatic.com jquery.sellxed.com *.vimeo.com youtube.com *.nagich.co.il www.google.com 'unsafe-eval' data: connect.facebook.net *.doubleclick.net system.user-a.co.il *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com gateway20.pelecard.biz *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com fonts.googleapis.com/ *.nagich.co.il cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.google-analytics.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.nr-data.net *.doubleclick.net *.google-analytics.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com https://fonts.gstatic.com *.cloudflare.com *.typekit.net *.trustedshops.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.eewosecure.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://player.vimeo.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.addthis.com *.demdex.net *.authorize.net *.paypal.com *.google.com *.facebook.com *.facebook.net *.vimeo.com *.youtube-nocookie.com *.braintreegateway.com *.kaptcha.com *.yotpo.com *.eewosecure.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudflare.com *.paypal.com *.google.com *.youtube.com https://s.ytimg.com *.instagram.com *.cdninstagram.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.avada.io https://player.vimeo.com https://www.youtube.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.addthis.com *.addthisedge.com *.adobedtm.com *.authorize.net *.braintreegateway.com *.cardinalcommerce.com *.cloudflare.com *.google.com *.googleadservices.com *.googleapis.com *.google-analytics.com *.gstatic.com *.moatads.com *.paypal.com *.paypalobjects.com *.trustedshops.com *.usercentrics.eu *.instagram.com *.vimeo.com *.yotpo.com youtube.com *.facebook.com *.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com https://fonts.googleapis.com http://fonts.googleapis.com unsafe-inline *.cloudflare.com *.typekit.net *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://fonts.googleapis.com https://fonts.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cloudflare.com *.vimeo.com *.youtube.com *.google.com *.moatads.com *.paypal.com *.braintreegateway.com *.addthis.com *.cardinalcommerce.com *.paypalobjects.com *.amazonservices.com *.amazonservices.co.uk *.amazonservices.co.jp *.amazonservices.jp *.amazonservices.it *.amazonservices.fr *.amazonservices.es *.amazonservices.de *.google-analytics.com *.googleapis.com *.gstatic.com *.yotpo.com *.instagram.com *.cdninstagram.com *.facebook.net *.facebook.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src https://www.gstatic.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com fonts.gstatic.com https://maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self' *.maksekeskus.ee *.test.maksekeskus.ee 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com https://www.google.com/recaptcha/ https://www.google.com 'self' *.maksekeskus.ee *.test.maksekeskus.ee www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://accounts.google.com https://*.google.com https://*.hotjar.com https://vars.hotjar.com https://www.facebook.com https://*.criteo.com https://gum.criteo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.maksekeskus.ee *.test.maksekeskus.ee https://www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com public.montonio.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://www.google.com https://www.google.ee https://www.google-analytics.com rx.sudameapteek.ee data: http: https: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.polyfill.io https://browser.sentry-cdn.com https://www.google.com https://www.gstatic.com 'self' *.maksekeskus.ee *.test.maksekeskus.ee data: www.facebook.com https://connect.facebook.net graph.facebook.com business.facebook.com public.montonio.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.google-analytics.com https://www.googletagmanager.com rx.sudameapteek.ee http: https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com rx.sudameapteek.ee http: https: 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://*.ingest.sentry.io 'self' *.maksekeskus.ee *.test.maksekeskus.ee www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com https://stats.g.doubleclick.net rx.sudameapteek.ee http: https: 'self' 'unsafe-inline'; child-src 'self' *.maksekeskus.ee *.test.maksekeskus.ee assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://plumrocket.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.facebook.net *.facebook.com https://plumrocket.com amc.demdex.net www.facebook.com web.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io maps.googleapis.com maps.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.gstatic.com *.facebook.net connect.facebook.net www.google.com www.gstatic.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.gstatic.com maxcdn.bootstrapcdn.com *.fontawesome.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com maps.googleapis.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-Cz9BqxLJj4t6Virk4DQXgg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.fontawesome.com *.kueskipay.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.kueskipay.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com *.kueskipay.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.kueskipay.com *.google.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com js.braintreegateway.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.conekta.io conektaapi.s3.amazonaws.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.paypal.com *.sandbox.paypal.com *.paypalobjects.com *.kueskipay.com *.googletagmanager.com *.mxpnl.com *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.kueskipay.com *.googletagmanager.com *.mxpnl.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es api.conekta.io r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com *.paypal.com *.sandbox.paypal.com *.paypalobjects.com *.kueskipay.com *.doubleclick.net *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none'; script-src 'self' 'unsafe-eval' fonts.googleapis translate.google.com translate.googleapis.com translate-pa.googleapis.com *.gstatic.com siteimproveanalytics.com *.siteimprove.com svc.webspellchecker.net js-agent.newrelic.com bam.nr-data.net assets.pinterest.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://rebilly.github.io https://unpkg.com maps.googleapis.com platform.instagram.com platform.twitter.com; script-src-attr 'self'; script-src-elem 'self' fonts.googleapis translate.google.com translate.googleapis.com translate-pa.googleapis.com *.gstatic.com siteimproveanalytics.com *.siteimprove.com svc.webspellchecker.net js-agent.newrelic.com bam.nr-data.net assets.pinterest.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://rebilly.github.io https://unpkg.com maps.googleapis.com platform.instagram.com platform.twitter.com; style-src 'self' fonts.googleapis translate.google.com translate.googleapis.com translate-pa.googleapis.com *.gstatic.com siteimproveanalytics.com *.siteimprove.com svc.webspellchecker.net js-agent.newrelic.com bam.nr-data.net fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self'; frame-ancestors 'self' 1 default-src 'none'; connect-src 'self' wss://ws.goftino.com wss://ws2.goftino.com https://audience.yektanet.com https://*.google-analytics.com https://ua.yektanet.com; font-src 'self' https://cdn.goftino.com; img-src 'self' blob: data: www.googletagmanager.com https://www.google-analytics.com https://cdn.goftino.com; object-src 'none'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://cdn.yektanet.com https://cdn.goftino.com https://www.goftino.com; style-src 'self' 'unsafe-inline' https://cdn.goftino.com ; base-uri 'self'; form-action 'self'; media-src https://cdn.goftino.com; frame-src 'self'; 1 font-src *.anyday.io *.fontawesome.com *.klarnacdn.net maxcdn.bootstrapcdn.com www.searchanise.com *.searchserverapi.com https://widgets.trustedshops.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com www.searchanise.com *.searchserverapi.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.anyday.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.weltpixel.com *.klarna.com *.addthis.com *.facebook.com *.twitter.com www.searchanise.com *.searchserverapi.com *.wesupply.xyz https://wesupplylabs.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://d1pna5l3xsntoj.cloudfront.net *.anyday.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klarna.com *.klarnaevt.com *.klarnacdn.net *.addthisedge.com *.twitter.com *.twimg.com www.google.ru www.searchanise.com *.searchserverapi.com s3.amazonaws.com maps.gstatic.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.gstatic.com maps.googleapis.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://core.helloretail.com https://d1pna5l3xsntoj.cloudfront.net *.anyday.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klarna.com *.klarnaservices.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.net *.twitter.com searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com *.searchserverapi.com *.searchanise.com api.amplitude.com *.twimg.com maps.googleapis.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.cloudflare.com ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://d1pna5l3xsntoj.cloudfront.net *.anyday.io *.fontawesome.com https://static.klaviyo.com *.klarnacdn.net maxcdn.bootstrapcdn.com www.searchanise.com *.searchserverapi.com searchanise-ef84.kxcdn.com s3.amazonaws.com *.twitter.com ton.twimg.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://core.helloretail.com *.anyday.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klarnaevt.com *.klarnaservices.com api.amplitude.com stats.g.doubleclick.net *.trustedshops.com *.etrusted.com https://integrations.etrusted.site https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.klarnacdn.net static.lipscore.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com https://www.google.com/recaptcha/ www.googletagmanager.com *.klarna.com *.socialboards.com *.cookiebot.com *.youtube.com *.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com validator.swagger.io *.klarna.com *.klarnaevt.com *.klarnacdn.net static.lipscore.com blob: img.youtube.com *.ateles.se *.atelesaws.net *.bondekompaniet.no cdn.klarna.com 'self' data: 'unsafe-inline' data: *.cookiebot.com *.facebook.net *.facebook.com *.google.com bat.bing.com googleads.g.doubleclick.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com polyfill.io *.klarna.com *.klarnacdn.net *.klarnaservices.com static.lipscore.com *.socialboards.com *.newrelic.com *.nr-data.net *.cookiebot.com *.facebook.net bat.bing.com *.google.com *.google.se 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.klarnacdn.net static.lipscore.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.ateles.se *.atelesaws.net *.bondekompaniet.no 'self' data: 'unsafe-inline' data: *.cookiebot.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com wapi.lipscore.com users.lipscore.com *.ateles.se *.atelesaws.net *.socialboards.com *.bondekompaniet.no *.google-analytics.com *.google.com *.nr-data.net *.cookiebot.com *.g.doubleclick.net bat.bing.com *.facebook.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.atelesaws.net *.socialboards.com *.bondekompaniet.no *.klarna.com *.cookiebot.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com https://www.googletagmanager.com *.googleapis.com *.gstatic.com fonts.googleapis.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com 'unsafe-inline' data: https://* maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.twitter.com *.prediggo.net *.prediggo.io https://* c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'unsafe-inline' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.prediggo.net *.prediggo.io https://* www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ tagmanager.google.com https://www.googletagmanager.com jquery.sellxed.com *.plugins.emarsys.net *.scarabresearch.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.prediggo.net *.prediggo.io *.avada.io 'unsafe-inline' data: https://* js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com *.cloudflare.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu 'unsafe-inline' data: https://* maxcdn.bootstrapcdn.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.google-analytics.com *.scarabresearch.com *.eservice.emarsys.net *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.prediggo.net *.prediggo.io https://get.geojs.io *.avada.io https://* api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://aeschbach.com/; report-to report-endpoint; 1 default-src https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https:; report-uri /_csp 1 object-src 'none'; script-src * 'unsafe-inline'; style-src * 'unsafe-inline'; frame-ancestors 'self' 1 font-src *.klevu.com *.ksearchnet.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com *.hotjar.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: *.xsmanguasjad.ee *.google.com *.google.lv *.klevu.com *.ksearchnet.com https://omnisnippet1.com https://wt.soundestlink.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.newrelic.com *.hotjar.com *.doubleclick.net *.googletagmanager.com *.nr-data.net *.zdassets.com *.klevu.com *.ksearchnet.com https://omnisnippet1.com https://forms.soundestlink.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.klevu.com *.ksearchnet.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.hotjar.com *.doubleclick.net *.nr-data.net *.zdassets.com *.zendesk.com *.zopim.com *.klevu.com *.ksearchnet.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.googleapis.com fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com https://www.google.com/recaptcha/ www.facebook.com platform.twitter.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com validator.swagger.io maps.googleapis.com maps.gstatic.com https://static.buckaroo.nl validate.fishpig.co.uk ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl chimpstatic.com downloads.mailchimp.com *.list-manage.com *.avada.io connect.facebook.net twitter.com platform.twitter.com *.googletagmanager.com tagmanager.google.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl downloads.mailchimp.com *.fontawesome.com maxcdn.bootstrapcdn.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl *.hyperstack.nl https://get.geojs.io *.avada.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' 'nonce-m4wHh/zC5Z/qEtcxTF0u+g==' 1 default-src 'self' https://www.google-analytics.com; child-src 'self'; object-src 'self'; style-src 'unsafe-eval' 'unsafe-inline' 'self'; script-src 'unsafe-eval' 'unsafe-inline' *; manifest-src 'self'; form-action 'self'; block-all-mixed-content; 1 report-uri https://www.sharemoney.com/csplog.do; default-src 'self' 'unsafe-inline' 'unsafe-eval' js2ios: data: blob: https://*.osano.com https://*.googleapis.com https://*.jsdelivr.net https://*.cloudflare.com https://*.bootstrapcdn.com https://*.gstatic.com https://*.fontawesome.com https://*.googletagmanager.com https://*.google.com https://*.krxd.net https://*.googleadservices.com https://*.facebook.com https://*.facebook.net https://*.doubleclick.net https://*.freshchat.com https://*.taboola.com https://*.ensighten.com https://*.google-analytics.com https://*.adsrvr.org https://*.cloudfront.net https://fasttiger.io https://*.kaptcha.com https://*.maxmind.com https://*.mmapiws.com https://*.googlesyndication.com https://*.twitter.com https://*.bing.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.intentiq.com https://*.tsdtocl.com https://tsdtocl.com https://*.onfido.com https://*.sentry.io https://*.trustpilot.com; img-src * data: blob:; 1 object-src 'none';base-uri 'self';script-src 'nonce-_87tD5GK-dS1T6tQLS3bpA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com www.lochfynewhiskies.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.scarabresearch.com *.emarsys.net *.luigisbox.com *.freshrelevance.com *.termly.io *.feefo.com www.lochfynewhiskies.com 'self' 'unsafe-inline'; frame-ancestors www.lochfynewhiskies.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.doubleclick.net *.facebook.com *.scarabresearch.com *.emarsys.net *.luigisbox.com *.freshrelevance.com *.termly.io *.feefo.com *.mention-me.com www.lochfynewhiskies.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com maps.googleapis.com *.scarabresearch.com *.emarsys.net *.luigisbox.com *.freshrelevance.com *.termly.io *.feefo.com www.lochfynewhiskies.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com maps.googleapis.com *.scarabresearch.com *.emarsys.net *.luigisbox.com *.freshrelevance.com *.termly.io *.feefo.com s7.addthis.com *.avada.io *.mention-me.com www.lochfynewhiskies.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.luigisbox.com *.freshrelevance.com *.feefo.com *.fontawesome.com www.lochfynewhiskies.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.lochfynewhiskies.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.facebook.com *.facebook.net *.google.com maps.googleapis.com *.scarabresearch.com *.emarsys.net *.luigisbox.com *.freshrelevance.com wss://am.freshrelevance.com *.termly.io *.feefo.com ekr.zdassets.com/ *.mention-me.com t.elasticsuite.io www.lochfynewhiskies.com 'self' 'unsafe-inline'; child-src www.lochfynewhiskies.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com www.lochfynewhiskies.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-ziv8fqecs5T1YhLX9Y0vIQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src 'self' data: js.klevu.com fonts.gstatic.com *.klevu.com *.ksearchnet.com *.narvar.com *.narvar.qa data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de 'self' www.google.com 'self' *.affirm.com 'self' *.vimeo.com 'self' *.sharethis.mgr.consensu.org 'self' *.sharethis.com drive.google.com *.wufoo.com *.paypal.com *.braintreegateway.com *.dnky.co *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com hello.zonos.com js.klevu.com *.paypal.com cdn.datamanager.arinet.com *.trackedlink.net *.klevu.com *.ksearchnet.com *.narvar.com *.narvar.qa www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de chimpstatic.com *.adroll.com *.adroll.mgr.consensu.org *.facebook.net *.affirm.com *.gstatic.com www.google.com *.sharethis.com *.wufoo.com *.linkedin.com *.licdn.com js.klevu.com hello.zonos.com cdn.iglobalstores.com assets.shipperhq.com *.paypal.com *.trackedlink.net *.dnky.co js-agent.newrelic.com bam.nr-data.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.ksearchnet.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com 'self' *.sharethis.com *.licdn.com js.klevu.com assets.shipperhq.com fonts.googleapis.com *.dnky.co cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klevu.com *.ksearchnet.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.narvar.com *.narvar.qa 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.affirm.com *.adroll.com *.doubleclick.net 'self' *.sharethis.com hello.zonos.com rms.shipperhq.com wss://rms.shipperhq.com *.braintree-api.com *.paypal.com *.braintreegateway.com *.dotdigital.com *.ksearchnet.com bam.nr-data.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klevu.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.google.com google.com ovs.shipperhq.com wss://rms.shipperhq.com/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.example.com/; report-to report-endpoint; 1 font-src *.gstatic.com maxcdn.bootstrapcdn.com fonts.gstatic.com https://fonts.gstatic.com 'self' data: *.typekit.net data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de www.facebook.com platform.twitter.com https://player.vimeo.com https://www.youtube-nocookie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * checkout.sezzle.com sandbox.checkout.sezzle.com checkout.eu.sezzle.com sandbox.checkout.eu.sezzle.com tracking.sezzle.com tracking.eu.sezzle.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io blueskytechmage.com mageblueskytech.com placehold.jp ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.doubleclick.net www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com flagpedia.net blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com media.sezzle.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com s7.addthis.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.googletagmanager.com *.doubleclick.net connect.facebook.net twitter.com platform.twitter.com maps.googleapis.com https://player.vimeo.com https://www.youtube.com *.authorize.net assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com checkout-sdk.sezzle.com sandbox.checkout-sdk.sezzle.com checkout-sdk.eu.sezzle.com sandbox.checkout-sdk.eu.sezzle.com widget.sezzle.com widget.eu.sezzle.com widget.sezzle.in www.xtento.com cdn.xtento.com d1qfms639rfa0y.cloudfront.net https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.googleapis.com *.googletagmanager.com maxcdn.bootstrapcdn.com *.gstatic.com https://fonts.googleapis.com http://fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.typekit.net *.sezzle.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ekr.zdassets.com/ *.google-analytics.com *.google.com www.gstatic.com maps.googleapis.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.sezzle.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src use.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.weltpixel.com *.multisafepay.com https://pay.google.com *.addthis.com *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * self 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.multisafepay.com *.gstatic.com https://www.magezon.com quickchart.io img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.hsforms.net *.hsforms.com 'self' data: self secure.adnxs.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.multisafepay.com https://pay.google.com https://www.googletagmanager.com tagmanager.google.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com *.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.gstatic.com app.aiden.cx ar.configwise.io *.criteo.com *.criteo.net *.google-analytics.com *.googletagmanager.com static.widget.trengo.eu *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.multisafepay.com tagmanager.google.com *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com fonts.google.com 'self' 'unsafe-inline'; object-src none 'self' 'unsafe-inline'; media-src *.adobe.com self 'self' 'unsafe-inline'; manifest-src self 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.multisafepay.com https://www.google-analytics.com ekr.zdassets.com/ *.addthis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com ar.configwise.io *.googleapis.com api.widget.trengo.eu *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com self 'self' 'unsafe-inline' 'unsafe-eval'; base-uri self 'self' 'unsafe-inline'; 1 font-src *.gstatic.com maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.weltpixel.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.google.com/ https://www.youtube.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com www.google.com.ua https://www.magezon.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.doubleclick.net *.cdninstagram.com *.fbcdn.net maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.gstatic.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.googletagmanager.com *.doubleclick.net *.google.com/ ajax.googleapis.com *.instagram.com maps.googleapis.com iijarszw.eug.stape.io https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com www.gstatic.com https://static.klaviyo.com *.googleapis.com *.googletagmanager.com maxcdn.bootstrapcdn.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google-analytics.com *.google.com *.doubleclick.net *.googlesyndication.com *.instagram.com *.googleusercontent.com iijarszw.eug.stape.io https: 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com fonts.googleapis.com *.googleapis.com https://www.google.com https://www.gstatic.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.google.com *.youtube.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.twitter.com *.google.com *.youtube.com maps.googleapis.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.addthis.com *.facebook.com *.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.google.com maps.googleapis.com lightwidget.com *.maps.gstatic.com *.wesupply.xyz *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.addthisedge.com *.twitter.com * www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.google.com *.youtube.com maps.googleapis.com s7.addthis.com *.addthis.com *.moatads.com *.facebook.com *.googleapis.com *.placeholder.com *.maps.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.googleapis.com *.google.com *.gstatic.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.net *.twitter.com *.avada.io * assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cloudflare.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.youtube.com maps.googleapis.com cdn.lightwidget.com *.instagram.com *.cdninstagram.com s7.addthis.com *.placeholder.com *.maps.gstatic.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com unsafe-inline *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.youtube.com maps.googleapis.com *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.placeholder.com *.maps.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google.com *.youtube.com maps.googleapis.com facebook.net *.maps.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.googleapis.com *.gstatic.com *.hotjar.com *.orbitvu.co *.adyen.com *.app-us1.com fonts.gstatic.com https://fonts.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.googleapis.com *.facebook.com *.app-us1.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.adyen.com *.googleapis.com *.hotjar.com *.belco.io *.facebook.com *.app-us1.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.adyen.com https://images.unsplash.com *.googleapis.com *.facebook.com www.google-analytics.com www.google.com www.googletagmanager.com www.google.nl *.doubleclick.net *.orbitvu.co orbitvu.co blob: amazonaws.com *.app-us1.com *.hubspot.com *.bing.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.googleapis.com www.google-analytics.com *.facebook.com *.facebook.net *.hotjar.com *.belco.io *.createsend1.com *.orbitvu.co orbitvu.co www.google.com *.gstatic.com *.googleadservices.com *.doubleclick.net *.app-us1.com *.hs-scripts.com *.hscollectedforms.com *.hscollectedforms.net *.hs-banner.com *.hs-analytics.com *.hs-analytics.net *.bing.com *.googletagmanager.com tagmanager.google.com *.hsforms.net *.hsforms.com *.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.orbitvu.co *.adyen.com *.app-us1.com *.bing.com tagmanager.google.com fonts.google.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.googleapis.com *.belco.io *.adyen.com *.app-us1.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.googleapis.com *.belco.io wss://*.belco.io *.orbitvu.cloud *.app-us1.com www.google-analytics.com *.doubleclick.net *.google.com *.hotjar.com *.hotjar.io *.hubspot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.googleapis.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com 'self' data: *.cloudflare.com *.bootstrapcdn.com *.twitter.com *.typekit.net *.easypack24.net *.google.pl *.google.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://www.googletagmanager.com/ secure.payu.com merch-prod.snd.payu.com *.ceneo.pl *.dpd.com.pl *.cookiebot.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://images.unsplash.com *.googleapis.com *.gstatic.com https://ssl.ceneo.pl http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ static.payu.com 'self' data: *.amazonaws.com *.imgur.com *.ekomiapps.de *.tile.osm.org *.cloudflare.com *.githubusercontent.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.facebook.com *.magentocommerce.com *.salesmanago.pl *.salesmanago.com *.salesmanago.es *.sysadvisors.pl *.google.pl *.google.com *.cookiebot.com/ data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ apis.google.com *.gstatic.com https://ssl.ceneo.pl http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io https://cdnjs.cloudflare.com *.payu.com secure.snd.payu.com *.google.pl *.ekomiapps.de *.hotjar.com *.sysadvisors.pl *.magentocommerce.com *.braintreegateway.com *.githubusercontent.com *.paypall.com *.cardinalcommerce.com *.authorize.net *.salesmanago.pl *.salesmanago.com *.salesmanago.es *.googletagmanager.com *.facebook.net *.facebook.com *.cloudflare.com *.twitter.com *.fontawesome.com *.google-analytics.com *.trustedshops.com *.addthis.com s7.addthis.com m.addthis.com z.moatads.com *.addthisedge.com graph.facebook.com *.ekomiapss.de *.easypack24.net *.allekurier.pl *.google.com *.cookiebot.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.googleapis.com *.gstatic.com *.ekomiapps.de *.sysadvisors.pl *.cloudflare.com *.bootstrapcdn.com *.ekomiapss.de *.easypack24.net *.google.pl *.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io secure.payu.com merch-prod.snd.payu.com t.elasticsuite.io *.google-analytics.com *.ekomiapps.de *.cloudflare.com *.tile.osm.org *.openstreetmap.org *.twitter.com *.paypal.com *.sysadvisors.pl *.salesmanago.pl *.googleadservices.com *.google.pl *.google.com *.googlesyndication.com/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com *.openstreetmap.org *.paypal.com *.google.pl *.google.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /zsteam_csp; report-to report-endpoint; 1 font-src https://www.gstatic.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com fonts.gstatic.com https://maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self' *.maksekeskus.ee *.test.maksekeskus.ee 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com https://www.google.com/recaptcha/ https://www.google.com 'self' *.maksekeskus.ee *.test.maksekeskus.ee c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://accounts.google.com https://*.google.com https://*.hotjar.com https://vars.hotjar.com https://www.facebook.com https://*.criteo.com https://gum.criteo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.maksekeskus.ee *.test.maksekeskus.ee public.montonio.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://www.facebook.com https://www.google.com https://www.google.ee https://www.google-analytics.com rx.upitech.ee data: http: https: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.polyfill.io https://browser.sentry-cdn.com https://www.google.com https://www.gstatic.com 'self' *.maksekeskus.ee *.test.maksekeskus.ee data: public.montonio.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net rx.upitech.ee http: https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com rx.upitech.ee http: https: 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://*.ingest.sentry.io 'self' *.maksekeskus.ee *.test.maksekeskus.ee api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com https://stats.g.doubleclick.net rx.upitech.ee http: https: 'self' 'unsafe-inline'; child-src 'self' *.maksekeskus.ee *.test.maksekeskus.ee assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.cloudflare.com *.bootstrapcdn.com *.googleapis.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.youtube.com *.g.doubleclick.net *.facebook.com *.facebook.net 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.g.doubleclick.net *.facebook.com *.facebook.net *.awoo.org *.tigerfly.tw *.awoo.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://mas.astralweb.com.tw *.facebook.com *.facebook.net *.cloudflare.com *.ytimg.com *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.magentocommerce.com *.gstatic.com *.cloudfront.net *.google.com *.google.com.tw data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.facebook.net *.cloudflare.com *.twitter.com *.fontawesome.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.google.com *.zdassets.com *.g.doubleclick.net *.facebook.com *.awoo.org *.tigerfly.tw *.awoo.com *.avada.io https://www.googletagmanager.com tagmanager.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cloudflare.com *.google-analytics.com *.googletagmanager.com *.zendesk.com *.zopim.com *.zdassets.com *.gstatic.com wss://widget-mediator.zopim.com *.cardinalcommerce.com *.awoo.org *.tigerfly.tw *.awoo.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.google.com *.google.com.tw *.facebook.com *.facebook.net *.awoo.org *.tigerfly.tw *.awoo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com *.gstatic.com 'self' data: fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.alternatifbank.com.tr *.akbank.com.tr *.asseco-see.com.tr *.bkm.com.tr *.card-plus.net *.crediteurope.ro *.denizbank.com *.e-tahsildar.com.tr *.est.com.tr *.fbwebpos.com *.garanti.com.tr *.halkbank.com.tr *.halkbank.mk *.ingbank.com.tr *.innova.com.tr *.inter-vpos.com.tr *.isbank.com.tr *.kombank.com *.kuveytturk.com.tr *.sanalakpos.com *.sekerbank.com.tr *.teb.com.tr *.turkiyefinans.com.tr *.vakifbank.com.tr *.yapikredi.com.tr *.ykb.com *.ziraatbank.com.tr *.iyzico.com *.iyzipay.com *.moka.com *.testmoka.com 3dsecure.garanti.com.tr *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.alternatifbank.com.tr *.akbank.com.tr *.asseco-see.com.tr *.bkm.com.tr *.card-plus.net *.crediteurope.ro *.denizbank.com *.e-tahsildar.com.tr *.est.com.tr *.fbwebpos.com *.garanti.com.tr *.halkbank.com.tr *.halkbank.mk *.ingbank.com.tr *.innova.com.tr *.inter-vpos.com.tr *.isbank.com.tr *.kombank.com *.kuveytturk.com.tr *.sanalakpos.com *.sekerbank.com.tr *.teb.com.tr *.turkiyefinans.com.tr *.vakifbank.com.tr *.yapikredi.com.tr *.ykb.com *.ziraatbank.com.tr *.iyzico.com *.iyzipay.com *.moka.com *.testmoka.com *.modirum.com www.paypal.com www.sandbox.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.paypal.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.alternatifbank.com.tr *.akbank.com.tr *.asseco-see.com.tr *.bkm.com.tr *.card-plus.net *.crediteurope.ro *.denizbank.com *.e-tahsildar.com.tr *.est.com.tr *.fbwebpos.com *.garanti.com.tr *.halkbank.com.tr *.halkbank.mk *.ingbank.com.tr *.innova.com.tr *.inter-vpos.com.tr *.isbank.com.tr *.kombank.com *.kuveytturk.com.tr *.sanalakpos.com *.sekerbank.com.tr *.teb.com.tr *.turkiyefinans.com.tr *.vakifbank.com.tr *.yapikredi.com.tr *.ykb.com *.ziraatbank.com.tr *.iyzico.com *.iyzipay.com *.moka.com *.testmoka.com 3dsecure.garanti.com.tr https://cdn.polyfill.io https://browser.sentry-cdn.com s7.addthis.com *.avada.io www.paypal.com www.sandbox.paypal.com www.paypalobjects.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.google.com *.gstatic.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline *.googleapis.com *.gstatic.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.alternatifbank.com.tr *.akbank.com.tr *.asseco-see.com.tr *.bkm.com.tr *.card-plus.net *.crediteurope.ro *.denizbank.com *.e-tahsildar.com.tr *.est.com.tr *.fbwebpos.com *.garanti.com.tr *.halkbank.com.tr *.halkbank.mk *.ingbank.com.tr *.innova.com.tr *.inter-vpos.com.tr *.isbank.com.tr *.kombank.com *.kuveytturk.com.tr *.sanalakpos.com *.sekerbank.com.tr *.teb.com.tr *.turkiyefinans.com.tr *.vakifbank.com.tr *.yapikredi.com.tr *.ykb.com *.ziraatbank.com.tr *.iyzico.com *.iyzipay.com *.moka.com *.testmoka.com 3dsecure.garanti.com.tr https://*.ingest.sentry.io ekr.zdassets.com/ https://get.geojs.io *.avada.io www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com t.elasticsuite.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src https://*.gstatic.com *.googleapis.com *.gstatic.com data: https://client.crisp.chat *.fontawesome.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com https://www.googletagmanager.com/ *.multisafepay.com https://pay.google.com https://consentcdn.cookiebot.com https://www.salesmanago.pl https://app3.salesmanago.pl https://www.salesmanago.com https://consent.cookiefirst.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://*.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.googleapis.com https://www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://image.crisp.chat ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.multisafepay.com https://www.google.es https://www.google.com https://artero.com/media https://*.vimeocdn.com https://i.ytimg.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.googleapis.com *.gstatic.com https://connect.facebook.net connect.facebook.net graph.facebook.com business.facebook.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://client.crisp.chat chimpstatic.com downloads.mailchimp.com *.list-manage.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ s7.addthis.com *.avada.io *.multisafepay.com https://pay.google.com cdn.scalapay.com b2c-cdn.scalapay.com https://cdn.doofinder.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.google-analytics.com https://www.google.com https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.connectif.cloud https://www.smartsuppchat.com https://rec.smartlook.com https://widget-v2.smartsuppcdn.com https://cdn.scalapay.com https://consent.cookiefirst.com https://svht.tradedoubler.com https://datar.tradedoubler.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com/ unsafe-inline fonts.googleapis.com https://client.crisp.chat downloads.mailchimp.com *.fontawesome.com *.multisafepay.com https://consent.cookiefirst.com https://fonts.googleapis.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com https://vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://client.crisp.chat wss://client.relay.crisp.chat https://plugins.crisp.chat http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ ekr.zdassets.com/ https://get.geojs.io *.avada.io *.multisafepay.com https://consentcdn.cookiebot.com https://www.google-analytics.com https://www.youtube.com https://youtu.be https://eu6-api.connectif.cloud https://web-writer.eu.smartlook.cloud https://assets-proxy.smartlook.cloud https://manager.smartlook.com/ https://bootstrap.smartsuppchat.com https://widget-v2.smartsuppcdn.com https://translations.smartsuppcdn.com wss://websocket-visitors.smartsupp.com https://consent.cookiefirst.com https://edge.cookiefirst.com https://datar.tradedoubler.com https://pagead2.googlesyndication.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com *.gstatic.com 'self' data: *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: https://plumrocket.com https://cache.addthiscdn.com/ *.hsforms.net *.hsforms.com *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.avada.io *.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com https://fonts.googleapis.com *.googleapis.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.termsfeed.com *.adobe.com *.adobedtm.com *.googleadservices.com *.googleapis.com *.gstatic.com *.google.com *.facebook.com *.facebook.net *.atcb2b.gr *.cloudflare.com *.typekit.net *.trustedshops.com *.fontawesome.com fonts.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com youtu.be *.vimeo.com *.addthis.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.termsfeed.com *.googleadservices.com *.googleapis.com *.gstatic.com *.google.com *.facebook.com *.facebook.net *.atcb2b.gr ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.cloudflare.com https://cdn.klarna.com *.paypal.com https://s.ytimg.com *.usercentrics.eu blob: 'self' data: data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.termsfeed.com *.googleadservices.com *.googleapis.com *.gstatic.com *.google.com *.facebook.com *.facebook.net *.atcb2b.gr chimpstatic.com downloads.mailchimp.com *.list-manage.com *.cloudflare.com *.google-analytics.com *.trustedshops.com *.usercentrics.eu *.addthis.com *.addthisedge.com *.moatads.com s7.addthis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.termsfeed.com *.adobedtm.com *.googleadservices.com *.googleapis.com *.gstatic.com *.google.com *.facebook.com *.facebook.net *.atcb2b.gr downloads.mailchimp.com *.cloudflare.com *.typekit.net *.trustedshops.com *.usercentrics.eu fonts.googleapis.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.termsfeed.com *.adobe.com *.adobedtm.com *.googleadservices.com *.googleapis.com *.gstatic.com *.google.com *.facebook.com *.facebook.net *.atcb2b.gr *.cloudflare.com *.paypal.com ekr.zdassets.com/ t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://staging.atcb2b.gr/; report-to report-endpoint; 1 font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://seo.mageplaza.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ https://www.googletagmanager.com/ *.pagaleve.io *.pagaleve.com.br www.paypal.com www.sandbox.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.pagaleve.com.br https://cdn.mundipagg.com https://api.pagar.me www.paypal.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.pagseguro.com.br *.pagaleve.com.br www.paypal.com www.sandbox.paypal.com www.paypalobjects.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com https://viacep.com.br https://www.viacep.com.br http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://api.mundipagg.com https://api.pagar.me www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.gstatic.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com https://accounts.google.com https://www.google.com https://www.gstatic.com https://cookie-cdn.cookiepro.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de content.holmbank.ee www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://www.google.com https://www.google.ee https://www.google-analytics.com https://www.facebook.com https://cookie-cdn.cookiepro.com https://*.cookiepro.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://www.google.com https://www.gstatic.com https://cookie-cdn.cookiepro.com https://geolocation.onetrust.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com unsafe-inline https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cookie-cdn.cookiepro.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com https://www.google-analytics.com https://cookie-cdn.cookiepro.com https://geolocation.onetrust.com https://stats.g.doubleclick.net https://privacyportal.cookiepro.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com *.cloudflare.com *.massivespace.rocks *.iconify.design cdn.mouseflow.com maps.googleapis.com unpkg.com *.adobedtm.com *.doubleclick.net *.newrelic.com *.fontawesome.com *.alothemes.com *.magepow.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.twitter.com *.massivespace.rocks *.adobedtm.com *.doubleclick.net *.youtube.com *.newrelic.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.twitter.com *.massivespace.rocks *.iconify.design maps.googleapis.com unpkg.com *.demdex.net *.adobedtm.com *.doubleclick.net *.newrelic.com cdn.dnky.co webchat.dotdigital.com *.weltpixel.com *.google.com *.woxo.tech *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com validator.swagger.io camo.githubusercontent.com *.googleapis.com *.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.salesmanago.pl *.massivespace.rocks *.iconify.design cdn.mouseflow.com maps.googleapis.com unpkg.com *.adobedtm.com *.doubleclick.net *.youtube.com *.newrelic.com *.alothemes.com *.magepow.com *.facebook.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com amcglobal.sc.omtrdc.net use.typekit.net commerce.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.googleapis.com *.gstatic.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.salesmanago.pl *.massivespace.rocks *.iconify.design cdn.mouseflow.com maps.googleapis.com *.adobedtm.com *.doubleclick.net *.youtube.com youtube.com *.newrelic.com cdn.dnky.co webchat.dotdigital.com *.alothemes.com *.magepow.com https://www.googletagmanager.com tagmanager.google.com analytics.google.com *.facebook.net *.woxo.tech *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudflare.com *.massivespace.rocks *.iconify.design cdn.mouseflow.com maps.googleapis.com unpkg.com *.adobedtm.com *.doubleclick.net *.youtube.com *.newrelic.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.alothemes.com *.magepow.com tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com performance.typekit.net commerce.adobe.net qa-api.magedevteam.com *.adobe.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.salesmanago.pl *.massivespace.rocks *.iconify.design cdn.mouseflow.com maps.googleapis.com unpkg.com *.adobedtm.com *.doubleclick.net *.youtube.com *.newrelic.com webchat.dotdigital.com *.alothemes.com *.magepow.com *.google-analytics.com analytics.google.com *.facebook.net *.cloudfunctions.net *.nr-data.net *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.cookielaw.org analytics.google.com *.facebook.net www.google.com.pe www.googletagmanager.com cdnjs.cloudflare.com *.clarity.ms stackpath.bootstrapcdn.com cdn.jsdelivr.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 font-src *.fontawesome.com *.googleapis.com *.facebook.com *.facebook.net *.gstatic.com *.cloudfront.net *.pizunalinens.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.facebook.net *.facebook.com *.wigzo.com *.webgains.io *.wigzopush.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'unsafe-inline' data: *.google.com *.facebook.net *.facebook.com *.razorpay.com *.paypal.com *.paypalobjects.com *.doubleclick.net *.googletagmanager.com *.wigzo.com *.webgains.io *.wigzopush.com api.razorpay.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.razorpay.com *.cloudfront.net *.google.com *.facebook.net *.facebook.com *.googleadservices.com *.google-analytics.com *.paypalobjects.com *.googletagmanager.com *.google.co.in *.clarity.ms cdn.razorpay.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google-analytics.com *.gstatic.com *.google.com *.razorpay.com *.facebook.com *.facebook.net *.cloudfront.net *.googleadservices.com *.paypalobjects.com *.googletagmanager.com *.doubleclick.net *.clarity.ms *.pinimg.com *.zestmoney.in *.wigzo.com *.webgains.io *.wigzopush.com *.googleapis.com *.avada.io checkout.razorpay.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.bootstrapcdn.com *.cloudfare.com *.googleapis.com *.facebook.com *.facebook.net *.gstatic.com *.cloudfront.net *.wigzo.com *.google.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudfront.net *.facebook.net *.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudfront.net *.pizunalinens.com *.facebook.com *.facebook.net *.google-analytics.com *.doubleclick.net *.razorpay.com *.paypal.com *.clarity.ms *.webgains.io *.wigzopush.com wss://ray.wigzopush.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io lumberjack.razorpay.com lumberjack-metrics.razorpay.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.googleapis.com *.gstatic.com *.fontawesome.com https://oct8necdneu.azureedge.net https://widgets.trustedshops.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com https://sandbox.sequracdn.com https://live.sequracdn.com https://consentcdn.cookiebot.com https://www.salesmanago.pl https://app3.salesmanago.pl https://www.salesmanago.com https://backoffice-eu.oct8ne.com https://sandbox.sequrapi.com https://live.sequrapi.com https://eu1-search.doofinder.com https://eu1-layer.doofinder.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.googleapis.com *.gstatic.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com https://sandbox.sequracdn.com https://live.sequracdn.com https://www.google.com https://www.google.es https://oct8necdneu.azureedge.net https://www.bazarelregalo.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.googletagmanager.com *.google-analytics.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.googleapis.com *.gstatic.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.avada.io https://sandbox.sequracdn.com https://live.sequracdn.com http://media.flixfacts.com https://prod.flixgvid.flix360.io http://media.flixcar.com https://cdn.doofinder.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.google-analytics.com https://www.google.com https://js-agent.newrelic.com https://bam.nr-data.net https://static-eu.oct8ne.com https://sandbox.sequrapi.com https://live.sequrapi.com https://eu1-search.doofinder.com https://app3.salesmanago.pl https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com http://media.flixcar.com https://cdn.doofinder.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com https://get.geojs.io *.avada.io https://sandbox.sequracdn.com https://live.sequracdn.com https://consentcdn.cookiebot.com https://www.google-analytics.com https://www.youtube.com https://youtu.be https://vimeo.com https://frontal-eu.oct8ne.com https://js-agent.newrelic.com https://bam.nr-data.net https://eu1-layer.doofinder.com wss://eu1-layer.doofinder.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.bazaropolis.gr data: *.facebook.net *.facebook.com *.fbcdn.net *.google.gr *.google.com *.googletagmanager.com *.googleadservices.com *.googleapis.com *.gstatic.com *.analytics.google.com *.google-analytics.com *.youtube.com *.vimeo.com *.tiktok.com *.doubleclick.net *.cloudflare.com *.twitter.com *.bootstrapcdn.com *.jsdelivr.net *.adman.gr *.list-manage.com https://chimpstatic.com *.moosend.com *.contactpigeon.com *.imgix.net https://snapppt.com *.addsauce.com *.polyfill.io *.designer-images.com *.m-pages.com *.pinimg.com *.pinterest.com *.stat-track.com *.livechatinc.com *.livechat-files.com *.yotpo.com *.typekit.net *.eortologio.net *.skroutz.gr *.bestprice.gr *.find.gr *.glami.gr *.linkwi.se *.paypal.com *.piraeusbank.gr *.eurocommerce.gr *.alphaecommerce.gr *.vivapayments.gr *.simplify.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.bazaropolis.gr *.facebook.net *.facebook.com *.fbcdn.net *.google.gr *.google.com *.googletagmanager.com *.googleadservices.com *.googleapis.com *.gstatic.com *.analytics.google.com *.google-analytics.com *.youtube.com *.vimeo.com *.tiktok.com *.doubleclick.net *.cloudflare.com *.twitter.com *.bootstrapcdn.com *.jsdelivr.net *.adman.gr *.list-manage.com https://chimpstatic.com *.moosend.com *.contactpigeon.com *.imgix.net https://snapppt.com *.addsauce.com *.polyfill.io *.designer-images.com *.m-pages.com *.pinimg.com *.pinterest.com *.stat-track.com *.livechatinc.com *.livechat-files.com *.yotpo.com *.typekit.net *.eortologio.net *.skroutz.gr *.bestprice.gr *.find.gr *.glami.gr *.linkwi.se *.paypal.com *.piraeusbank.gr *.eurocommerce.gr *.alphaecommerce.gr *.vivapayments.gr *.simplify.com 'self' 'unsafe-inline'; frame-ancestors *.bazaropolis.gr *.facebook.net *.facebook.com *.fbcdn.net *.google.gr *.google.com *.googletagmanager.com *.googleadservices.com *.googleapis.com *.gstatic.com *.analytics.google.com *.google-analytics.com *.youtube.com *.vimeo.com *.tiktok.com *.doubleclick.net *.cloudflare.com *.twitter.com *.bootstrapcdn.com *.jsdelivr.net *.adman.gr *.list-manage.com https://chimpstatic.com *.moosend.com *.contactpigeon.com *.imgix.net https://snapppt.com *.addsauce.com *.polyfill.io *.designer-images.com *.m-pages.com *.pinimg.com *.pinterest.com *.stat-track.com *.livechatinc.com *.livechat-files.com *.yotpo.com *.typekit.net *.eortologio.net *.skroutz.gr *.bestprice.gr *.find.gr *.glami.gr *.linkwi.se *.paypal.com *.piraeusbank.gr *.eurocommerce.gr *.alphaecommerce.gr *.vivapayments.gr *.simplify.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com https://widget.boxnow.gr *.bazaropolis.gr *.facebook.net *.facebook.com *.fbcdn.net *.google.gr *.google.com *.googletagmanager.com *.googleadservices.com *.googleapis.com *.gstatic.com *.analytics.google.com *.google-analytics.com *.vimeo.com *.tiktok.com *.doubleclick.net *.cloudflare.com *.twitter.com *.bootstrapcdn.com *.jsdelivr.net *.adman.gr *.list-manage.com https://chimpstatic.com *.moosend.com *.contactpigeon.com *.imgix.net https://snapppt.com *.addsauce.com *.polyfill.io *.designer-images.com *.m-pages.com *.pinimg.com *.pinterest.com *.stat-track.com *.livechatinc.com *.livechat-files.com *.yotpo.com *.typekit.net *.eortologio.net *.skroutz.gr *.bestprice.gr *.find.gr *.glami.gr *.linkwi.se *.paypal.com *.piraeusbank.gr *.eurocommerce.gr *.alphaecommerce.gr *.vivapayments.gr *.simplify.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.bazaropolis.gr *.facebook.net *.facebook.com *.fbcdn.net *.google.gr *.google.com *.googletagmanager.com *.googleadservices.com *.googleapis.com *.gstatic.com *.analytics.google.com *.google-analytics.com *.youtube.com *.vimeo.com *.tiktok.com *.doubleclick.net *.cloudflare.com *.twitter.com *.bootstrapcdn.com *.jsdelivr.net *.adman.gr *.list-manage.com https://chimpstatic.com *.moosend.com *.contactpigeon.com *.imgix.net https://snapppt.com *.addsauce.com *.polyfill.io *.designer-images.com *.m-pages.com *.pinimg.com *.pinterest.com *.stat-track.com *.livechatinc.com *.livechat-files.com *.yotpo.com *.typekit.net *.eortologio.net *.skroutz.gr *.bestprice.gr *.find.gr *.glami.gr *.linkwi.se *.paypal.com *.piraeusbank.gr *.eurocommerce.gr *.alphaecommerce.gr *.vivapayments.gr *.simplify.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com maps.googleapis.com *.bazaropolis.gr *.facebook.net *.facebook.com *.fbcdn.net *.google.gr *.google.com *.googletagmanager.com *.googleadservices.com *.googleapis.com *.gstatic.com *.analytics.google.com *.google-analytics.com *.youtube.com *.tiktok.com *.doubleclick.net *.cloudflare.com *.twitter.com *.bootstrapcdn.com *.jsdelivr.net *.adman.gr *.list-manage.com chimpstatic.com *.moosend.com *.contactpigeon.com *.imgix.net https://snapppt.com *.addsauce.com *.polyfill.io *.designer-images.com *.m-pages.com *.pinimg.com *.pinterest.com *.stat-track.com *.livechatinc.com *.livechat-files.com *.yotpo.com *.typekit.net *.eortologio.net *.skroutz.gr *.bestprice.gr *.find.gr *.glami.gr *.linkwi.se *.paypal.com *.piraeusbank.gr *.eurocommerce.gr *.alphaecommerce.gr *.vivapayments.gr *.simplify.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline *.bazaropolis.gr *.facebook.net *.facebook.com *.fbcdn.net *.google.gr *.google.com *.googletagmanager.com *.googleadservices.com *.googleapis.com *.gstatic.com *.analytics.google.com *.google-analytics.com *.youtube.com *.vimeo.com *.tiktok.com *.doubleclick.net *.cloudflare.com *.twitter.com *.bootstrapcdn.com *.jsdelivr.net *.adman.gr *.list-manage.com https://chimpstatic.com *.moosend.com *.contactpigeon.com *.imgix.net https://snapppt.com *.addsauce.com *.polyfill.io *.designer-images.com *.m-pages.com *.pinimg.com *.pinterest.com *.stat-track.com *.livechatinc.com *.livechat-files.com *.yotpo.com *.typekit.net *.eortologio.net *.skroutz.gr *.bestprice.gr *.find.gr *.glami.gr *.linkwi.se *.paypal.com *.piraeusbank.gr *.eurocommerce.gr *.alphaecommerce.gr *.vivapayments.gr *.simplify.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.bazaropolis.gr *.facebook.net *.facebook.com *.fbcdn.net *.google.gr *.google.com *.googletagmanager.com *.googleadservices.com *.googleapis.com *.gstatic.com *.analytics.google.com *.google-analytics.com *.youtube.com *.vimeo.com *.tiktok.com *.doubleclick.net *.cloudflare.com *.twitter.com *.bootstrapcdn.com *.jsdelivr.net *.adman.gr *.list-manage.com https://chimpstatic.com *.moosend.com *.contactpigeon.com *.imgix.net https://snapppt.com *.addsauce.com *.polyfill.io *.designer-images.com *.m-pages.com *.pinimg.com *.pinterest.com *.stat-track.com *.livechatinc.com *.livechat-files.com *.yotpo.com *.typekit.net *.eortologio.net *.skroutz.gr *.bestprice.gr *.find.gr *.glami.gr *.linkwi.se *.paypal.com *.piraeusbank.gr *.eurocommerce.gr *.alphaecommerce.gr *.vivapayments.gr *.simplify.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.bazaropolis.gr *.facebook.net *.facebook.com *.fbcdn.net *.google.gr *.google.com *.googletagmanager.com *.googleadservices.com *.googleapis.com *.gstatic.com *.analytics.google.com *.google-analytics.com *.youtube.com *.vimeo.com *.tiktok.com *.doubleclick.net *.cloudflare.com *.twitter.com *.bootstrapcdn.com *.jsdelivr.net *.adman.gr *.list-manage.com https://chimpstatic.com *.moosend.com *.contactpigeon.com *.imgix.net *.polyfill.io *.designer-images.com https://snapppt.com *.addsauce.com *.m-pages.com *.pinimg.com *.pinterest.com *.stat-track.com *.livechatinc.com *.livechat-files.com *.yotpo.com *.typekit.net *.eortologio.net *.skroutz.gr *.bestprice.gr *.find.gr *.glami.gr *.linkwi.se *.paypal.com *.piraeusbank.gr *.eurocommerce.gr *.alphaecommerce.gr *.vivapayments.gr *.simplify.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.digitalup.gr/domain/endpoint; report-to report-endpoint; 1 font-src https://cdn.jsdelivr.net *.fontawesome.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com assets.ottu.net *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de http://www.googleapis.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.freshchat.com https://static.addtoany.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://bdfc-commerce-images-prod.s3.me-south-1.amazonaws.com https://bdfc.experiences.digital https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com commerce.adobedtm.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.freshchat.com *.freshworks.com https://js-agent.newrelic.com https://static.addtoany.com https://ipinfo.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ assets.ottu.net assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.freshchat.com *.freshworks.com https://cdn.jsdelivr.net/npm/bootstrap-icons@1.8.1/font/bootstrap-icons.css cdn.dnky.co webchat.dotdigital.com https://static.klaviyo.com *.fontawesome.com *.googleapis.com *.addtoany.com maxcdn.bootstrapcdn.com assets.ottu.net unsafe-inline *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net api.magento.com commerce.adobe.io www.google-analytics.com commerce.adobedtm.com commerce.adobedc.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.freshworks.com https://bam.eu01.nr-data.net https://bam.nr-data.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://dpm.demdex.net pay.bdutyfree.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com *.fontawesome.com data: www.belametais.com.br www.casinhabonita.com.br www.casinhabela.com.br webfonts.huggy.cloud data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com www.belametais.com.br www.casinhabonita.com.br www.casinhabela.com.br 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com www.belametais.com.br www.casinhabonita.com.br www.casinhabela.com.br 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com cdn.dnky.co *.hotjar.com *.google.com *.facebook.com *.trustpilot.com *.criteo.com https://www.googletagmanager.com/ *.mercadolibre.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://assets.moip.com.br www.belametais.com.br www.casinhabonita.com.br www.casinhabela.com.br ct.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.google.com *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com *.gstatic.com *.linkedin.com *.googletagmanager.com gallery.mailchimp.com *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net www.xtento.com cdn.xtento.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com *.caravelx.com www.belametais.com.br www.casinhabonita.com.br www.casinhabela.com.br www.casinhabonita.com.br bo-mvp.casinhabonita.com.br www.belametais.com.br bo-mvp.belametais.com.br www.google.com.br ct.pinterest.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.paypal.com *.google.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytics.com *.trustpilot.com *.newrelic.com *.nr-data.net cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com cdn.mouseflow.com www.xtento.com cdn.xtento.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.mlstatic.com *.mercadopago.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.pagseguro.com.br downloads.mailchimp.com *.list-manage.com js.huggy.chat s7.addthis.com *.avada.io https://chimpstatic.com www.belametais.com.br www.casinhabonita.com.br www.casinhabela.com.br s.pinimg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net downloads.mailchimp.com fonts.googleapis.com webfonts.huggy.cloud www.belametais.com.br www.casinhabonita.com.br www.casinhabela.com.br 'self' 'unsafe-inline'; object-src www.belametais.com.br www.casinhabonita.com.br www.casinhabela.com.br 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ www.belametais.com.br www.casinhabonita.com.br www.casinhabela.com.br 'self' 'unsafe-inline'; manifest-src www.belametais.com.br www.casinhabonita.com.br www.casinhabela.com.br 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.nr-data.net *.clarity.ms connect.facebook.net *.datatrics.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.mercadopago.com *.mercadolibre.com www.facebook.com graph.facebook.com business.facebook.com wss://ct-socket.huggy.app widget.huggy.io viacep.com.br ekr.zdassets.com/ https://get.geojs.io *.avada.io www.belametais.com.br www.casinhabonita.com.br www.casinhabela.com.br analytics.google.com ct.pinterest.com 'self' 'unsafe-inline'; child-src www.belametais.com.br www.casinhabonita.com.br www.casinhabela.com.br http: https: blob: 'self' 'unsafe-inline'; default-src www.belametais.com.br www.casinhabonita.com.br www.casinhabela.com.br 'self' 'unsafe-inline' 'unsafe-eval'; base-uri www.belametais.com.br www.casinhabonita.com.br www.casinhabela.com.br 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.google.com *.addthis.com *.pinterest.com *.weltpixel.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.facebook.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io *.googletagmanager.com *.google-analytics.com *.facebook.net *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.googleapis.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.google-analytics.com *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com fonts.googleapis.com fonts.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io * www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.googleapis.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ * js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com account.fetchify.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com *.gstatic.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com s7.addthis.com *.avada.io https://www.googletagmanager.com tagmanager.google.com analytics.google.com *.facebook.net unpkg.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com cc-cdn.com *.fontawesome.com tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk ekr.zdassets.com/ *.google-analytics.com analytics.google.com *.facebook.net *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com https://get.geojs.io *.avada.io *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com *.gstatic.com 'self' data: *.tawk.to fonts.gstatic.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.tawk.to 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.hotjar.com *.tawk.to 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://images.unsplash.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: *.hotjar.com maps.gstatic.com *.trustedshops.com *.etrusted.com *.tawk.to cdn.jsdelivr.net https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.google.com *.gstatic.com *.hotjar.com maps.googleapis.com *.trustedshops.com *.etrusted.com *.tawk.to cdn.jsdelivr.net https://widgets.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com unsafe-inline *.googleapis.com *.gstatic.com *.trustedshops.com *.etrusted.com *.tawk.to fonts.googleapis.com cdn.jsdelivr.net https://widgets.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google-analytics.com *.doubleclick.net *.hotjar.com *.tawk.to wss://*.tawk.to *.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 facebook-src *.facebook.net *.facebook.com; doubleclick-src *.doubleclick.net; google-src *.google.it *.google.com; font-src https://*.gstatic.com fonts.gstatic.com https://widgets.trustedshops.com v2.zopim.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de consentcdn.cookiebot.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://*.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.seisnet.it https://widgets.trustedshops.com https://widgets-qa.trustedshops.com *.gstatic.com *.facebook.com www.xtento.com cdn.xtento.com v2.zopim.com *.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de consent.cookiebot.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com www.xtento.com cdn.xtento.com consentcdn.cookiebot.com https://*.zopim.com https://*.zendesk.com static.zdassets.com zendesk-eu.my.sentry.io js-agent.newrelic.com bam.nr-data.net *.googleapis.com *.noibu.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com/ *.fonts.net fonts.googleapis.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.seisnet.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.plyr.io customerbomboogie.zendesk.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.google-analytics.com *.facebook.net ekr.zdassets.com wss://*.zopim.com wss://*.zendesk.com bam.nr-data.net consentcdn.cookiebot.com *.googleapis.com wss://*.noibu.com https://*.noibu.com https://region1.google-analytics.com https://pagead2.googlesyndication.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.noibu.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com *.facebook.net *.adsrvr.org *.googleapis.com s.yimg.com *.doubleclick.net www.googletagmanager.com cdn.cookielaw.org analytics.google.com *.clarity.ms wabrahmasebajodelverano-prd.azurewebsites.net in.treasuredata.com *.mimecast.com trk.clinch.co cdn.treasuredata.com *.gstatic.com *.facebook.com sp.analytics.yahoo.com beacon.krxd.net cdn.krxd.net www.google.com.ar *.windows.net *.onetrust.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 font-src *.gstatic.com 'self' data: stats.g.doubleclick.net *.facebook.com *.cloudflare.com *.twitter.com *.typekit.net *.googleapis.com *.fontawesome.com *.bootstrapcdn.com https://int-ecommerce.nexi.it/ecomm/XPayBuild/ *.klarnacdn.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.doubleclick.net *.facebook.com *.twitter.com *.addthis.com https://int-ecommerce.nexi.it/ https://hal9000.redintelligence.net/ https://ad4m.at/frame.html *.hotjar.com *.criteo.com *.klarna.com int-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.bird.eu *.cloudflare.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com https://ecommerce.nexi.it/ecomm/payment/img/visa.svg https://ecommerce.nexi.it/ecomm/payment/img/mastercard.svg https://ecommerce.nexi.it/ecomm/payment/img/logoNexiLarge.png https://ecommerce.nexi.it/ecomm/payment/img/maestro.svg https://form.jotform.com/ https://www.google.it/ https://as.ad4m.at/ad/ https://r.adserver01.de/rt/ *.taboola.com/ https://track.adform.net/ https://ads.creative-serving.com/ https://adservice.google.it/ https://secure.adnxs.com/ https://events.jotform.com/jsform/ *.favicon.ico https://cdn.jotfor.ms/assets/img/logo/logo-new@1x.png https://cdn.jotfor.ms/favicon.ico https://tr.outbrain.com/unifiedPixel https://criteo-partners.tremorhub.com/ https://contextual.media.net/ https://ad.360yield.com/ https://jadserve.postrelease.com https://simage2.pubmatic.com/ https://ib.adnxs.com/ https://pixel.rubiconproject.com/ https://rtb-csync.smartadserver.com/ https://criteo-sync.teads.tv/ https://eb2.3lift.com/ https://visitor.omnitagjs.com/ https://s.thebrighttag.com *.criteo.com/ *.analytics.yahoo.com/ https://beacon.krxd.net/ https://x.bidswitch.net/ https://e1.emxdgt.com/ *.ads.yieldmo.com https://ad.yieldlab.net/ https://match.sharethrough.com/ https://sync.outbrain.com/ https://exchange.mediavine.com/ https://matching.ivitrack.com/ https://id5-sync.com *.klarna.com *.klarnaevt.com *.klarnacdn.net int-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com cdn.klarna.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.cloudflare.com *.twitter.com googletagmanager.com *.trustedshops.com *.fontawesome.com *.addthis.com s7.addthis.com m.addthis.com z.moatads.com *.addthisedge.com apis.google.com graph.facebook.com widgets.pinterest.com *.nr-data.net js-agent.newrelic.com cdn.scalapay.com int-ecommerce.nexi.it form.jotform.com www.dwin1.com ad4m.at *.taboola.com *.hotjar.com *.outbrain.com static.criteo.net static.hotjar.com cdn.jotfor.ms dynamic.criteo.com *.smct.io *.smct.co https://smct.co/ *.iubenda.com hits-i.iubenda.com *.mainadv.com *.klarna.com *.klarnacdn.net ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com www.google.com www.gstatic.com *.klarnaservices.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.cloudflare.com *.twitter.com *.typekit.net *.fontawesome.com *.bootstrapcdn.com https://form.jotform.com/ *.jotfor.ms *.klarnacdn.net unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.cloudflare.com *.twitter.com *.paypal.com *.nr-data.net https://int-ecommerce.nexi.it/ *.hotjar.com https://stats.g.doubleclick.net/j/collect *.criteo.com https://trc-events.taboola.com/1052370/log/3/unip https://firehose.eu-west-1.amazonaws.com https://hits-i.iubenda.com/write https://cognito-identity.eu-west-1.amazonaws.com/ https://tr.outbrain.com/ https://www.wepowerconnections.com/ *.klarnaevt.com int-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com *.klarnacdn.net *.klarna.com *.klarnaservices.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://integration-5ojmyuq-zgzvw2kr4mr5m.eu-5.magentosite.cloud/italiano; report-to report-endpoint; 1 font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com maxcdn.bootstrapcdn.com 'self' data: *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.twitter.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://redchamps.com *.hsforms.net *.hsforms.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net *.google.com *.google.fr *.google.ie www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://unpkg.com *.avada.io maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.hsforms.net *.hsforms.com *.google.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.fr *.google.ie *.googletagmanager.com *.googleadservices.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com unsafe-inline *.googleapis.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.cloudflare.com *.twitter.com *.twimg.com *.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1 form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; frame-ancestors unsafe-inline 'self' 'unsafe-inline'; font-src 'sha256-keF69NhAk6XfL4yR7tsZ+SeuNA+0Imei73OrJUBY+lU=' *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; frame-src https://connect.facebook.net/en_US/fbevents.js fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://plumrocket.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src pagead/1p-user-list/971745409/ ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-18538453-1&cid=1597756521.1673348298&jid=1920477836&_u=QACAAAAAAAAAAC~&z=681759532 /ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-18538453-1&cid=1597756521.1673348298&jid=1920477836&_u=QACAAAAAAAAAAC~&z=681759532 assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ebizmarts-website.s3.amazonaws.com https://redchamps.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; connect-src https://stats.g.doubleclick.net/j/collect https://region1.analytics.google.com/g/collect?v=2&tid=G-QZPNG1SQCN>m=45je38l0&_p=898921088&cid=1597756521.1673348298&ul=en-gb&sr=1920x1080&uaa=x86&uab=64&uafvl=Chromium%3B116.0.5845.97%7CNot)A%253BBrand%3B24.0.0.0%7CGoogle%2520Chrome%3B116.0.5845.97&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&_s=1&sid=1692691239&sct=34&seg=1&dl=https%3A%2F%2Fcampingrocks.bg%2F&dr=https%3A%2F%2Fcampingrocks.bg%2Fcheckout%2Fcart%2F&dt=%D0%A1%D0%BF%D0%B5%D1%86%D0%B8%D0%B0%D0%BB%D0%B8%D0%B7%D0%B8%D1%80%D0%B0%D0%BD%20%D0%BC%D0%B0%D0%B3%D0%B0%D0%B7%D0%B8%D0%BD%20%D0%B7%D0%B0%20%D0%BA%D1%8A%D0%BC%D0%BF%D0%B8%D0%BD%D0%B3%2C%20%D1%82%D1%83%D1%80%D0%B8%D1%81%D1%82%D0%B8%D1%87%D0%B5%D1%81%D0%BA%D0%B0%20%D0%B8%20%D0%B7%D0%B8%D0%BC%D0%BD%D0%B0%20%D0%B5%D0%BA%D0%B8%D0%BF%D0%B8%D1%80%D0%BE%D0%B2%D0%BA%D0%B0%20%7C%20Campingrocks&en=page_view dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com https://*.ingest.sentry.io https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; script-src https://googleads.g.doubleclick.net/ assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.chimpstatic.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.avada.io https://www.googletagmanager.com tagmanager.google.com *.yotpo.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; 1 font-src *.retailrocket.net *.embluemail.com stackpath.bootstrapcdn.com snapwidget.com widget.freshworks.com https://www.gstatic.com https://fonts.gstatic.com fonts.gstatic.com data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.retailrocket.net *.embluemail.com stackpath.bootstrapcdn.com snapwidget.com widget.freshworks.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.retailrocket.net *.embluemail.com stackpath.bootstrapcdn.com snapwidget.com widget.freshworks.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * cdn.dnky.co amc.demdex.net www.google.com youtube.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.retailrocket.net *.embluemail.com stackpath.bootstrapcdn.com snapwidget.com widget.freshworks.com www.google.co.in cannonhome.cl www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com maps.googleapis.com accounts.google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.retailrocket.net *.embluemail.com stackpath.bootstrapcdn.com snapwidget.com widget.freshworks.com unpkg.com wchat.freshchat.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google.com/ https://www.gstatic.com s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com player.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.retailrocket.net *.embluemail.com stackpath.bootstrapcdn.com snapwidget.com widget.freshworks.com fonts.googleapis.com wchat.freshchat.com www.gstatic.com unsafe-inline assets.braintreegateway.com *.googletagmanager.com *.cookielaw.org cdn.dnky.co 'self' 'unsafe-inline'; object-src *.retailrocket.net *.embluemail.com stackpath.bootstrapcdn.com snapwidget.com widget.freshworks.com 'self' 'unsafe-inline'; media-src *.adobe.com *.retailrocket.net *.embluemail.com stackpath.bootstrapcdn.com snapwidget.com widget.freshworks.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.retailrocket.net *.embluemail.com stackpath.bootstrapcdn.com snapwidget.com widget.freshworks.com stats.g.doubleclick.net videelect.icu regtech.sbs www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cookielaw.org api.comapi.com bam.nr-data.net 'self' 'unsafe-inline'; child-src *.retailrocket.net *.embluemail.com stackpath.bootstrapcdn.com snapwidget.com widget.freshworks.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.retailrocket.net *.embluemail.com stackpath.bootstrapcdn.com snapwidget.com widget.freshworks.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' *.googleapis.com *.gstatic.com www.openstreetmap.org secure.ogone.com *.youtube.com player.vimeo.com *.vimeocdn.com ; report-uri /WebResource.axd?cspReport=true; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com ajax.aspnetcdn.com *.google-analytics.com translate.google.com *.readspeaker.com *.googleapis.com www.openlayers.org openlayers.org *.openstreetmap.org *.typekit.net www.googletagmanager.com centrada.ucsnet.nl; connect-src 'self' *.typekit.net *.google-analytics.com *.stats.g.doubleclick.net *.umbraco.org *.openstreetmap.org *.googleapis.com ws://centrada.nl matomoembraceklantportaal.azurewebsites.net; img-src 'self' *.umbraco.org umbraco.tv www.gravatar.com pbs.twimg.com cdn.jsdelivr.net *.typekit.net *.google-analytics.com placehold.it *.gstatic.com www.google.com translate.googleapis.com *.googleapis.com *.openstreetmap.org www.openlayers.org openlayers.org api.maptiler.com ; media-src 'self' ; font-src 'self' data: *.typekit.net *.gstatic.com ; style-src 'self' 'unsafe-inline' *.typekit.net *.googleapis.com www.openlayers.org openlayers.org www.gstatic.com ; frame-ancestors 'self' ; 1 font-src *.gstatic.com/ *.fontawesome.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cetelem.es 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.avis-verifies.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.cetelem.es *.google.com/ *.youtube.com/ cdn.doofinder.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.cetelem.es *.googletagmanager.com/ *.cdn.cookielaw.org/ *.youtube.com/ cdn.doofinder.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cetelem.es *.googleapis.com/ *.doofinder.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.cetelem.es *.doofinder.com wss://*.doofinder.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.gstatic.com 'self' data: *.fontawesome.com *.cloudflare.com *.bootstrapcdn.com *.googleapis.com *.hotjar.com *.typekit.net *.feedbackcompany.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com *.feedbackcompany.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.multisafepay.com https://pay.google.com 'self'; frame-src www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.youtube-nocookie.com www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.chatra.io *.hotjar.com *.facebook.com *.trustpilot.com *.kiyoh.com *.pinterest.com *.criteo.com *.cookiefirst.com *.weltpixel.com *.multisafepay.com https://pay.google.com www.xtento.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.gstatic.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com * *.feedbackcompany.com 'self' data: *.multisafepay.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.chimpstatic.com downloads.mailchimp.com *.list-manage.com *.cloudflare.com *.twitter.com *.fontawesome.com *.elfsight.com *.chatra.io *.jsdelivr.net chimpstatic.com *.facebook.com *.doubleclick.net *.trustpilot.com s.pinimg.com *.zdassets.com *.google-analytics.com *.feedbackcompany.com *.facebook.net *.hotjar.com *.mailchimp.com *.curator.io *.typekit.net *.clarity.ms *.leadinfo.net *.criteo.com *.googleadservices.com *.cookiefirst.com www.gstatic.com s7.addthis.com *.multisafepay.com https://pay.google.com www.google.com https://www.googletagmanager.com tagmanager.google.com analytics.google.com unpkg.com www.xtento.com cdn.xtento.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src downloads.mailchimp.com *.fontawesome.com *.cloudflare.com *.bootstrapcdn.com *.mailchimp.com *.jsdelivr.net *.googleapis.com 'unsafe-inline' data: *.curator.io *.cookiefirst.com maxcdn.bootstrapcdn.com *.multisafepay.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com curatorio.s3.amazonaws.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cloudflare.com *.elfsight.com *.instacloud.io *.google-analytics.com *.google.com *.doubleclick.net *.hotjar.com *.hotjar.io ct.pinterest.com *.paypal.com *.zdassets.com *.zendesk.com *.feedbackcompany.com *.curator.io *.clarity.ms *.leadinfo.net *.cookiefirst.com ekr.zdassets.com/ *.multisafepay.com analytics.google.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.gstatic.com use.typekit.net *.gstatic.com data: *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.googleapis.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com polyfill.io *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.gstatic.com maps.googleapis.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com cdn.scalapay.com b2c-cdn.scalapay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.snplow.net commerce.adobedc.net api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.algolia.net *.algolia.com *.algolianet.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.facebook.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://seo.mageplaza.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com www.google.com *.google.com *.doubleclick.net *.facebook.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com platform.twitter.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://cdn.clerk.io flagpedia.net pinterest.com assets.pinterest.com syndication.twitter.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://api.clerk.io https://cdn.clerk.io upstream.heidipay.com *.avada.io twitter.com platform.twitter.com tracking.trovaprezzi.it www.trovaprezzi.it 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://api.clerk.io https://cdn.clerk.io *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com upstream.heidipay.com https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.g.doubleclick.net https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.google.com *.google.com.ar *.googlesyndication.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.facebook.com blob: https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.g.doubleclick.net *.googlesyndication.com *.google.com.ar *.googleadservices.com *.googleapis.com *.nr-data.net *.facebook.net *.newrelic.com *.google.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googlesyndication.com *.g.doubleclick.net *.googleapis.com *.nr-data.net *.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 report-uri https://chaletmanager.report-uri.com/r/d/csp/reportOnly; 1 font-src *.gstatic.com data: maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com *.klarnacdn.net *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.awin1.com *.zenaps.com *.fls.doubleclick.net *.klarna.com https://*.criteo.com https://*.mainadv.com https://*.hotjar.com https://sandbox.gestpay.net https://ecomm.sella.it https://www.googletagmanager.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.awin1.com *.zenaps.com https://maps.googleapis.com https://maps.gstatic.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://*.cdninstagram.com https://*.google.com https://*.google.it https://*.criteo.com https://*.yahoo.com https://*.bidswitch.net https://*.doubleclick.net https://*.adnxs.com https://*.adscale.de https://*.omnitagjs.com https://*.casalemedia.com https://*.360yield.com https://*.media.net https://*.mediavine.com https://*.outbrain.com https://*.pubmatic.com https://*.rubiconproject.com https://*.sharethrough.com https://*.smartadserver.com https://*.taboola.com https://*.teads.tv https://*.3lift.com https://*.yieldlab.net https://*.yieldmo.com https://*.smartclip.net https://*.tremorhub.com https://*.rlcdn.com https://*.elfsightcdn.com https://*.adform.net https://*.krxd.net https://www.drezzy.it ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com https://maps.googleapis.com https://maps.gstatic.com *.klarna.com *.klarnacdn.net https://*.criteo.com https://*.smartlook.com https://*.elfsight.com https://*.hotjar.com https://*.tiktok.com https://sandbox.gestpay.net https://ecomm.sella.it chimpstatic.com downloads.mailchimp.com *.list-manage.com *.klarnaservices.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.google.com *.gstatic.com *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com downloads.mailchimp.com *.klarnacdn.net *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://*.claytonitalia.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://the.sciencebehindecommerce.com https://maps.googleapis.com *.klarnaevt.com https://stats.g.doubleclick.net https://*.criteo.com https://*.smartlook.cloud https://*.elfsight.com https://*.hotjar.com https://*.tiktok.com https://*.google.com https://www.wepowerconnections.com *.klarnacdn.net *.klarna.com *.klarnaservices.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.clickmayora.com maxcdn.bootstrapcdn.com *.googleapis.com clickmayora.com *.gstatic.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 font-src maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://script.hotjar.com https://fonts.gstatic.com https://use.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://www.facebook.com https://www.paypal.com https://www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ ipinfo.io www.facebook.com platform.twitter.com https://vars.hotjar.com https://4914179.fls.doubleclick.net https://pixel.mathtag.com https://www.facebook.com https://bid.g.doubleclick.net https://www.paypal.com https://www.sandbox.paypal.com https://ssl.widgets.webengage.com https://zc2ab3220.webengage.co https://z2024bb90.webengage.co 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com https://www.google.com https://www.google.co.in https://ds0rwwup944qj.cloudfront.net https://www.googletagmanager.com https://www.facebook.com https://script.hotjar.com https://images.notifications-icommkt.com https://www.gstatic.com https://www.paypal.com https://www.sandbox.paypal.com https://www.e-compreahora.com https://connect.facebook.net https://ssl.widgets.webengage.com https://cdn.cookielaw.org https://dgn3cmgewqdgl.cloudfront.net https://afiles.webengage.com https://maps.gstatic.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ ipinfo.io connect.facebook.net twitter.com platform.twitter.com https://d12zyq17vm1xwx.cloudfront.net https://static.hotjar.com https://script.hotjar.com https://www.google.com https://js-agent.newrelic.com https://bam-cell.nr-data.net https://script.crazyegg.com https://connect.facebook.net https://googleads.g.doubleclick.net https://storage.cdn.braindw.com https://s.braindw.com https://www.paypal.com https://www.sandbox.paypal.com https://externalassets.icommarketing.com https://ssl.widgets.webengage.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://c.webengage.com https://static.zdassets.com https://bam.nr-data.net https://use.fontawesome.com https://maps.googleapis.com https://polyfill.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://use.fontawesome.com 'self' 'unsafe-inline'; object-src ipinfo.io 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ipinfo.io https://s.braindw.com https://stats.g.doubleclick.net https://notifications-icommkt.com https://in.hotjar.com wss://ws14.hotjar.com https://script.crazyegg.com https://www.facebook.com https://bam-cell.nr-data.net https://www.google-analytics.com https://unileverbrazil.demdex.net https://surveystats.hotjar.io https://u.braindw.com https://track-icommkt.com https://gstatic.com https://vc.hotjar.io wss://ws12.hotjar.com wss://ws2.hotjar.com https://ws12.hotjar.com https://ws2.hotjar.com https://www.paypal.com https://www.sandbox.paypal.com https://p.braindw.com https://connect.facebook.net https://cdn.cookielaw.org https://c.webengage.com https://ekr.zdassets.com https://martech2364.zendesk.com https://bam.nr-data.net https://maps.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.gstatic.com *.fontawesome.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com player.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' construmarques.com.br *.construmarques.com.br construmarques.fbitsstatic.net fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com wss://signalr.fbits.net k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br dzpxyxks1bfmb.cloudfront.net *.gstatic.com *.soclminer.com.br *.egoi.site egoi.site *.e-goi.com *.btg360.com.br *.socialminer.com signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.azurewebsites.net *.blob.core.windows.net *.boletoflex.com samuraiexpertsstorage.blob.core.windows.net boletoflexhom.azurewebsites.net boletoflex.azurewebsites.net *.bflx.com.br *.google.com analytics.google.com *.g.doubleclick.net *.googleadservices.com *.com.au service.smarthint.co *.google.com.br *.fbits.store *.adyen.com ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.construmarques.com.br construmarques.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.facebook.com cdnjs.cloudflare.com www.googletagmanager.com *.doubleclick.net analytics.google.com *.gstatic.com *.hotjar.com www.google.com.co cdn.polyfill.io *.facebook.net *.msecnd.net *.googleapis.com www.google.com www.google.com.br dc.services.visualstudio.com adservice.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 font-src fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com *.fontawesome.com 'self' data: *.skroutz.gr *.moosend.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.bing.com *.zdassets.com *.google.com *.google.gr use.typekit.net *.converse.com *.soundestlink.com *.pennie.gr *.googletagmanager.com *.adobe.com www.googleadservices.com www.google-analytics.com *.googleapis.com vimeo.com *.facebook.net *.doubleclick.net *.contactpigeon.com *.newrelic.com *.nr-data.net data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.google.gr *.facebook.com *.skroutz.gr *.zopim.com *.moosend.com *.cloudflare.com *.converse.com *.contactpigeon.com *.pennie.gr 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com cdn.dnky.co *.hotjar.com *.google.com *.trustpilot.com *.criteo.com *.skroutz.gr *.zopim.com *.moosend.com *.cloudflare.com *.google.gr *.sandbox.paypal.com *.twitter.com *.converse.com td.doubleclick.net *.soundestlink.com widget-v3.boxnow.gr *.contactpigeon.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google.gr *.google.com *.google.nl *.google.co.in connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com *.gstatic.com *.linkedin.com *.googletagmanager.com gallery.mailchimp.com *.trustedshops.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net *.skroutz.gr *.moosend.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.bing.com *.zopim.io *.doubleclick.net *.converse.com *.soundestlink.com *.mastercard.com https://trustmark.gr *.tiktok.com *.contactpigeon.com *.pennie.gr https://omnisnippet1.com https://wt.soundestlink.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.paypal.com *.google.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytic.com *.trustpilot.com *.newrelic.com *.nr-data.net cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com *.youtube.com cdn.mouseflow.com *.skroutz.gr *.moosend.com *.adobedtm.com *.cloudflare.com *.google.gr *.vimeo.com *.converse.com *.soundestlink.com 'self' data: *.tiktok.com *.pennie.gr *.doubleclick.net *.google-analytics.com *.contactpigeon.com https://trustmark.gr/badge/dist/index.js https://static.adman.gr/adman.js https://greca.adman.gr *.avada.io https://omnisnippet1.com https://forms.soundestlink.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net *.skroutz.gr *.zopim.com *.moosend.com *.cloudflare.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.bing.com *.converse.com *.soundestlink.com *.googletagmanager.com www.googleadservices.com www.google-analytics.com vimeo.com *.pennie.gr *.facebook.net *.facebook.com *.doubleclick.net *.google-analytics.com *.contactpigeon.com *.newrelic.com *.nr-data.net *.hotjar.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.google.gr *.zopim.com *.skroutz.gr *.moosend.com *.cloudflare.com *.converse.com 'self' data: *.contactpigeon.com *.pennie.gr 'self' 'unsafe-inline'; manifest-src *.pennie.gr 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com *.facebook.com graph.facebook.com business.facebook.com *.google.gr *.paypal.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net https://stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.nr-data.net *.clarity.ms *.datatrics.com *.skroutz.gr *.moosend.com *.cloudflare.com *.converse.com *.soundestlink.com *.googleadservices.com *.googleapis.com *.gstatic.com *.mastercard.com *.google.com *.googletagmanager.com *.tiktok.com *.contactpigeon.com *.pennie.gr https://googleads.g.doubleclick.net/ api.zevioo.com https://pagead2.googlesyndication.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.googleapis.com fonts.gstatic.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.cloudflare.com *.twitter.com *.typekit.net https://fonts.gstatic.com *.fontawesome.com *.bootstrapcdn.com maxcdn.bootstrapcdn.com https://www.google.com https://www.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com *.twitter.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.google.com/ *.doubleclick.net www.facebook.com *.twitter.com *.google.com *.addthis.com connect.facebook.net graph.facebook.com business.facebook.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://www.youtube.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com *.weltpixel.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: maps.googleapis.com maps.gstatic.com 'self' data: *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.cloudflare.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.cloudfront.net *.cdninstagram.com google.com google.ro *.google.ro *.coriolan.ro connect.facebook.net graph.facebook.com business.facebook.com https://www.magezon.com https://api.mapbox.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.google.com/ *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.cloudflare.com *.twitter.com googletagmanager.com *.trustedshops.com *.fontawesome.com *.addthis.com s7.addthis.com m.addthis.com z.moatads.com *.addthisedge.com apis.google.com graph.facebook.com widgets.pinterest.com *.chimpstatic.com www.googleadsservices.com *.cardinalcommerce.com *.paypal.com *.zdassets.com connect.facebook.net business.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.googleapis.com *.google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.cloudflare.com *.twitter.com *.typekit.net *.fontawesome.com *.bootstrapcdn.com maxcdn.bootstrapcdn.com cdn.dnky.co webchat.dotdigital.com *.google.com *.trustpilot.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com profiles.coriolan.ro geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com google-analytics.com www.facebook.com *.facebook.net *.google.com *.cloudflare.com *.twitter.com *.paypal.com *.cardinalcommerce.com *.amazon.com *.yotpo.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonservices.com *.amazonservices.co.uk *.amazonservices.co.jp *.amazonservices.jp *.amazonservices.it *.amazonservices.fr *.amazonservices.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.stripe.com x.klarnacdn.net *.klarna.com *.klarnaevt.com *.playground.klarna.com *.coriolan.ro odoo.coriolan.ro:8443 profile.coriolan.ro *.doubleclick.net *.google-analytics.com *.zdassets.com *.zendesk.com *.zopim.com wss://widget-mediator.zopim.com connect.facebook.net graph.facebook.com business.facebook.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com autocomplete2.postdirekt.de klarna.com *.klarnacdn.net yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src d.digsgogo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.gstatic.com data: fonts.googleapis.com fonts.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.googletagmanager.com *.facebook.net *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.fontawesome.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google-analytics.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.googleapis.com *.gstatic.com *.fontawesome.com *.klarnacdn.net maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.klarna.com *.google.com/ *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://www.magezon.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://api.mapbox.com *.cdninstagram.com *.fbcdn.net maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.klarna.com *.klarnacdn.net *.klarnaservices.com *.avada.io *.google.com/ ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com maps.googleapis.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.fontawesome.com *.klarnacdn.net maxcdn.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com api.friendlycaptcha.com eu-api.friendlycaptcha.eu *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://get.geojs.io *.avada.io autocomplete2.postdirekt.de https://www.google-analytics.com *.instagram.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://www.paypalobjects.com 'self' 'unsafe-inline'; 1 font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.youtube.com/ eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.paytabs.com *.paytabs.sa 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.nr-data.net *.newrelic.com *.trackedlink.net *.jsdelivr.net *.google.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.facebook.net *.googletagmanager.com *.avada.io eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.googleadservices.com *.google-analytics.com *.equiti.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.ampproject.org https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1 font-src https://*.gstatic.com *.fontawesome.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com https://www.googletagmanager.com/ js.mollie.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://belco-prod.s3-eu-central-1.amazonaws.com *.curopayments.net https://images.unsplash.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.magezon.com https://www.mollie.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://cdn.belco.io polyfill.io *.googleoptimize.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://cdn.polyfill.io https://browser.sentry-cdn.com *.avada.io js.mollie.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://*.googleapis.com *.fontawesome.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com wss://chat.belco.io https://cdn.belco.io http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://*.ingest.sentry.io https://get.geojs.io *.avada.io t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.sagepay.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.sagepay.com *.google.com/ https://www.youtube.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://www.magezon.com https://redchamps.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.sagepay.com *.google.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.sagepay.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 frame-ancestors 'none'; report-uri https://endpoint3.collection.us2.sumologic.com/receiver/v1/http/ZaVnC4dhaV30Tj5vtZfuZ0tYPfqb8xOSxI9TJ5CbQ_ZE4W4aGoGW8HViqViD0nttCcDqHOZNNhObvJtSbYn1XDP7uSjlITCzSLlNsuSdwZ46El5dcVC6kg== 1 font-src *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com https://geowidget.easypack24.net 'self' data: data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ pay.google.com pay-accept.bm.pl pay.bm.pl cards-accept.bm.pl cards.bm.pl *.klarna.com https://www.googletagmanager.com/ *.packeta.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com * secure.payu.com merch-prod.snd.payu.com https://geowidget-app.inpost.pl/ consentcdn.cookiebot.com *.facebook.com web.facebook.com trustmate.io 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io platnosci.bm.pl www.gstatic.com *.klarna.com *.klarnaevt.com *.klarnacdn.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com static.payu.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org 'self' data: *.facebook.com/ *.google.pl bat.bing.com cdn.klarna.com *.analytics.google.com *.googleapis.com *.mapbox.com trustmate.io cdn.trustmate.io *.facebook.com www.google.pl *.wp.pl data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cards-accept.bm.pl cards.bm.pl pay.google.com *.klarna.com *.klarnacdn.net *.klarnaservices.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.packeta.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com secure.payu.com secure.snd.payu.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.google.com *.gstatic.com www.googletagmanager.com d3bo67muzbfgtl.cloudfront.net consent.cookiebot.com consentcdn.cookiebot.com connect.facebook.net googleads.g.doubleclick.net bat.bing.com clarity.ms static.payu.com nominatim.openstreetmap.org cdngazeta.pl gazeta.pl google.pl mail.desportivo.pl ga.getresponse.com us-an.gr-cdn.com popups1-show.getresponse.com us-wbe.gr-cdn.com *.recostream.com trustmate.io trustmate.tech ga2.getresponse.com mail.desportivo.pl/de/rocz/sk wbe1.getresponse.com mail.desportivo.de mail.desportivo.ro mail.desportivo.cz mail.desportivo.sk recostream.com js-agent.newrelic.com/ *.wp.pl wp.pl pixel.wp.pl 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com pay-accept.bm.pl pay.bm.pl cards-accept.bm.pl cards.bm.pl *.googleapis.com *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com https://geowidget.easypack24.net https://geowidget.inpost.pl *.gstatic.com secure.przelewy24.pl static.payu.com trustmate.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io *.packeta.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com secure.payu.com merch-prod.snd.payu.com *.easypack24.net *.inpost.pl *.openstreetmap.org t.elasticsuite.io *.google-analytics.com api.edrone.me stream.cloud.witbee.com j.clarity.ms google.pl *.analytics.google.com consentcdn.cookiebot.com googleads.g.doubleclick.net static.payu.com *.facebook.net *.facebook.com app2.recostream.com ga2.getresponse.com/ bam.nr-data.net clk.leadexpert.pl 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; frame-src td.doubleclick.net/ fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://plumrocket.com *.meetanshi.com *.facebook.net *.facebook.com *.weltpixel.com 'self' 'unsafe-inline'; frame-ancestors unsafe-inline www.gstatic.com *.meetanshi.com *.facebook.com https://www.facebook.com 'self'; connect-src www.google-analytics.com stats.g.doubleclick.net/j/ pagead2.googlesyndication.com/pagead/buyside_topics/set/ region1.analytics.google.com/g/ dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://get.geojs.io *.avada.io *.meetanshi.com t.elasticsuite.io *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; img-src data: www.google.bg/pagead/ www.google.com/pagead/ www.facebook.com/tr/ maps.googleapis.com www.google.bg/ads/ga-audiences www.google.com/ads/ga-audiences assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.gstatic.com *.gstatic.com *.googleapis.com https://images.unsplash.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.meetanshi.com 'self' data: *.facebook.com data: 'self' 'unsafe-inline'; style-src maxcdn.bootstrapcdn.com fonts.googleapis.com *.adobe.com downloads.mailchimp.com *.fontawesome.com https://fonts.googleapis.com *.googleapis.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; font-src maxcdn.bootstrapcdn.com fonts.gstatic.com googleapis.com fonts.googleapis.com *.googleapis.com *.gstatic.com data: *.fontawesome.com https://fonts.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; script-src connect.facebook.com connect.facebook.net facebook.com googleads.g.doubleclick.net www.google-analytics.com www.google.com/pagead/ www.google.bg/pagead/ www.facebook.com/tr/ maps.googleapis.com ajax.cloudflare.com/cdn-cgi/scripts/ ssets.adobedtm.com secure.authorize.net test.authorize.net js.braintreegateway.com bimg.abv.bg/GDPR/GDPR.js dmp.adwise.bg chimpstatic.com cdn.onesignal.com/sdks/OneSignalSDK.js static.zdassets.com/ekr/asset_composer.js v2.zopim.com/ cdn.onesignal.com/ onesignal.com/ assets.adobedtm.com *.adobe.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com www.facebook.com graph.facebook.com downloads.mailchimp.com *.list-manage.com *.avada.io *.meetanshi.com *.facebook.net *.facebook.com *.google.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; form-action https://3dsgate.borica.bg/cgi-bin/cgi_link geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://plumrocket.com *.facebook.net *.facebook.com 'self' 'unsafe-inline'; 1 unsafe-inline https://*.zopim.com https://static.zdassets.com https://rockstarsolutions.zendesk.com wss://*.zopim.com https://connect.facebook.net https://externalassets.icommarketing.com; self *.zopim.com *.zdassets.com *.zendesk.com wss://*.zopim.com https://connect.facebook.net https://externalassets.icommarketing.com; font-src *.gstatic.com *.fontawesome.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.google.com *.youtube.com *.vimeo.com maps.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.twitter.com *.google.com *.youtube.com *.vimeo.com maps.googleapis.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.mercadolibre.com https://pagseguro.uol.com.br https://sandbox.pagseguro.uol.com.br *.twitter.com *.youtube.com *.vimeo.com *.facebook.com maps.googleapis.com lightwidget.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es ebizmarts-website.s3.amazonaws.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.doubleclick.net https://connect.facebook.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar https://pagseguro.uol.com.br https://sandbox.pagseguro.uol.com.br https://stc.pagseguro.uol.com.br https://sandbox.stc.pagseguro.uol.com.br *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com 'self' data: *.lightemporium.com *.usercentrics.eu *.youtube.com *.vimeo.com maps.googleapis.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.chimpstatic.com *.google.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.gstatic.com *.googletagmanager.com *.doubleclick.net *.avada.io *.zopim.com *.zdassets.com *.zendesk.com wss://*.zopim.com https://js-agent.newrelic.com https://bam.nr-data.net https://connect.facebook.net https://externalassets.icommarketing.com *.mlstatic.com https://live.decidir.com https://stc.pagseguro.uol.com.br https://stc.sandbox.pagseguro.uol.com.br *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.youtube.com *.vimeo.com maps.googleapis.com *.facebook.net cdn.lightwidget.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.googleapis.com *.googletagmanager.com *.fontawesome.com *.cloudflare.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.google.com *.youtube.com *.vimeo.com maps.googleapis.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zopim.com *.zdassets.com *.zendesk.com wss://*.zopim.com https://connect.facebook.net https://externalassets.icommarketing.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.google-analytics.com *.google.com https://get.geojs.io *.avada.io *.zdassets.com *.zopim.com *.zopim.io https://rockstarsolutions.zendesk.com wss://widget-mediator.zopim.com https://stats.g.doubleclick.net https://js-agent.newrelic.com https://bam.nr-data.net https://connect.facebook.net https://externalassets.icommarketing.com *.mercadopago.com https://developers.decidir.com/ *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.youtube.com *.vimeo.com maps.googleapis.com facebook.net yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com instantcredit.net test.instantcredit.net https://oct8necdneu.azureedge.net *.gstatic.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.paycomet.com api.paycomet.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.paycomet.com api.paycomet.com instantcredit.net test.instantcredit.net https://sandbox.sequracdn.com https://live.sequracdn.com https://sandbox.sequrapi.com https://live.sequrapi.com https://consentcdn.cookiebot.com https://www.salesmanago.pl https://app3.salesmanago.pl https://www.salesmanago.com https://backoffice-eu.oct8ne.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io cdn.doofinder.com instantcredit.net test.instantcredit.net https://sandbox.sequracdn.com https://live.sequracdn.com https://sandbox.sequrapi.com https://live.sequrapi.com https://www.google.com https://www.google.es https://rt.flix360.com https://oct8necdneu.azureedge.net http://media.flixcar.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.doofinder.com *.avada.io www.paycomet.com api.paycomet.com instantcredit.net test.instantcredit.net code.jquery.com https://sandbox.sequracdn.com https://live.sequracdn.com https://sandbox.sequrapi.com https://live.sequrapi.com https://cdn.doofinder.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.google-analytics.com https://www.google.com https://js-agent.newrelic.com https://bam.nr-data.net http://media.flixfacts.com https://prod.flixgvid.flix360.io http://media.flixcar.com https://cdn.loadbee.com http://widgets.trustedshops.com https://cdn.connectif.cloud https://static-eu.oct8ne.com https://cdn.aplazame.com *.trustpilot.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.doofinder.com *.fontawesome.com instantcredit.net test.instantcredit.net https://integrations.etrusted.com http://media.flixcar.com *.trustpilot.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net https://vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.doofinder.com wss://*.doofinder.com https://get.geojs.io *.avada.io instantcredit.net *.instantcredit.net https://sandbox.sequracdn.com https://live.sequracdn.com https://sandbox.sequrapi.com https://live.sequrapi.com https://consentcdn.cookiebot.com https://www.google-analytics.com https://www.youtube.com https://youtu.be https://js-agent.newrelic.com https://bam.nr-data.net https://api.aplazame.com https://frontal-eu.oct8ne.com https://backoffice-eu.oct8ne.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com *.facebook.com rt.flix360.com dsp.om-meta.com adservice.google.com www.google.hn *.stackpathcdn.com *.doubleclick.net images.salsify.com use.fontawesome.com rtb.om-meta.com *.googleapis.com secure.gravatar.com www.googletagmanager.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 font-src *.fontawesome.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.fontawesome.com *.googleapis.com *.gstatic.com *.google.com/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.boria.cl *.farmaciaabba.cl *.anticipa.cl *.disqueriachilena.cl *.calstiendavirtual.cl *.farmaciamapuche.cl *.korb.cl *.kxcdn.com *.cloudflare.com www.google-analytics.com www.googleadservices.com fonts.googleapis.com/ *.googleapis.com fonts.gstatic.com *.google.com https://www.gstatic.com stats.g.doubleclick.net www.paypalobjects.com *.payments-amazon.com www.paypal.com www.sandbox.paypal.com t.paypal.com assets.adobedtm.com *.authorize.net *.braintreegateway.com *.mailchimp.com *.list-manage.com *.avada.io *.freshchat.com *.newrelic.com https://bam.nr-data.net s.ytimg.com video.google.com *.vimeo.com www.youtube.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.weltpixel.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com *.boria.cl *.farmaciaabba.cl *.anticipa.cl *.disqueriachilena.cl *.calstiendavirtual.cl *.farmaciamapuche.cl *.korb.cl *.kxcdn.com *.cloudflare.com www.google-analytics.com www.googleadservices.com fonts.googleapis.com/ *.googleapis.com fonts.gstatic.com *.google.com https://www.gstatic.com stats.g.doubleclick.net www.paypalobjects.com *.payments-amazon.com www.paypal.com www.sandbox.paypal.com t.paypal.com assets.adobedtm.com *.authorize.net *.braintreegateway.com *.mailchimp.com *.list-manage.com *.avada.io *.freshchat.com *.newrelic.com https://bam.nr-data.net s.ytimg.com video.google.com *.vimeo.com www.youtube.com data: fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://a.klaviyo.com *.cdninstagram.com *.fbcdn.net *.gstatic.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net *.boria.cl *.farmaciaabba.cl *.anticipa.cl *.disqueriachilena.cl *.calstiendavirtual.cl *.farmaciamapuche.cl *.korb.cl *.kxcdn.com *.cloudflare.com www.google-analytics.com www.googleadservices.com fonts.googleapis.com/ *.googleapis.com fonts.gstatic.com *.google.com https://www.gstatic.com stats.g.doubleclick.net www.paypalobjects.com *.payments-amazon.com www.paypal.com www.sandbox.paypal.com t.paypal.com *.authorize.net *.braintreegateway.com *.mailchimp.com *.list-manage.com *.avada.io *.freshchat.com *.newrelic.com https://bam.nr-data.net s.ytimg.com video.google.com vimeo.com www.youtube.com data: js.braintreegateway.com www.vimeo.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com cdn.ampproject.org raw.githubusercontent.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com chimpstatic.com downloads.mailchimp.com *.retailrocket.net https://static.klaviyo.com https://fast.a.klaviyo.com https://www.googletagmanager.com tagmanager.google.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.boria.cl *.farmaciaabba.cl *.anticipa.cl *.disqueriachilena.cl *.calstiendavirtual.cl *.farmaciamapuche.cl *.korb.cl *.kxcdn.com *.cloudflare.com www.google-analytics.com www.googleadservices.com fonts.googleapis.com/ *.googleapis.com fonts.gstatic.com *.google.com https://www.gstatic.com stats.g.doubleclick.net www.paypalobjects.com *.payments-amazon.com www.paypal.com www.sandbox.paypal.com t.paypal.com assets.adobedtm.com *.authorize.net *.braintreegateway.com *.mailchimp.com *.list-manage.com *.avada.io *.freshchat.com *.newrelic.com https://bam.nr-data.net s.ytimg.com video.google.com *.vimeo.com www.youtube.com data: getfirebug.com fonts.googleapis.com downloads.mailchimp.com tagmanager.google.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.boria.cl *.farmaciaabba.cl *.anticipa.cl *.disqueriachilena.cl *.calstiendavirtual.cl *.farmaciamapuche.cl *.korb.cl *.kxcdn.com *.cloudflare.com www.google-analytics.com www.googleadservices.com fonts.googleapis.com/ *.googleapis.com fonts.gstatic.com *.google.com https://www.gstatic.com stats.g.doubleclick.net www.paypalobjects.com *.payments-amazon.com www.paypal.com www.sandbox.paypal.com t.paypal.com assets.adobedtm.com *.authorize.net *.braintreegateway.com *.mailchimp.com *.list-manage.com *.avada.io *.freshchat.com *.newrelic.com https://bam.nr-data.net s.ytimg.com video.google.com *.vimeo.com www.youtube.com data: geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com cdn.ampproject.org *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.retailrocket.net https://static.klaviyo.com https://fast.a.klaviyo.com https://www.google-analytics.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src *.boria.cl *.farmaciaabba.cl *.anticipa.cl *.disqueriachilena.cl *.calstiendavirtual.cl *.farmaciamapuche.cl *.korb.cl *.kxcdn.com *.cloudflare.com www.google-analytics.com www.googleadservices.com fonts.googleapis.com/ *.googleapis.com fonts.gstatic.com *.google.com https://www.gstatic.com stats.g.doubleclick.net www.paypalobjects.com *.payments-amazon.com www.paypal.com www.sandbox.paypal.com t.paypal.com assets.adobedtm.com *.authorize.net *.braintreegateway.com *.mailchimp.com *.list-manage.com *.avada.io *.freshchat.com *.newrelic.com https://bam.nr-data.net s.ytimg.com video.google.com *.vimeo.com www.youtube.com data: hyper2pay.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 worker-src blob:; font-src fonts.gstatic.com *.kxcdn.com *.gstatic.com *.stape.io *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.google.com *.addthis.com int-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.stape.io c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com landofcoder.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cdninstagram.com *.kxcdn.com *.twitter.com *.googleapis.com *.google.com *.gstatic.com *.fbcdn.net cdn.doofinder.com int-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com cdn.klarna.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net *.stape.io *.smartsuppcdn.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.google.it www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googleapis.com *.google.com *.gstatic.com cdn.ampproject.org googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com cdn.doofinder.com widget.freshworks.com m2epro.freshdesk.com int-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com www.google.com www.gstatic.com s7.addthis.com *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.googletagmanager.com *.doubleclick.net *.stape.io *.avada.io *.smartsuppcdn.com *.smartsuppchat.com *.smartlook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflareinsights.com *.kk-resources.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com tracking.trovaprezzi.it www.trovaprezzi.it landofcoder.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.google.com *.kxcdn.com *.gstatic.com *.doofinder.com widget.freshworks.com m2epro.freshdesk.com *.googletagmanager.com *.stape.io *.fontawesome.com *.smartsuppchat.com *.smartsuppcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com *.doofinder.com wss://*.doofinder.com widget.freshworks.com m2epro.freshdesk.com int-ecommerce.nexi.it ecommerce.nexi.it stg-ta.nexigroup.com xpay.nexigroup.com ekr.zdassets.com/ *.google-analytics.com *.google.com *.stape.io https://get.geojs.io *.avada.io *.smartsuppchat.com *.smartsuppcdn.com wss://*.smartsuppchat.com *.smartsupp.com *.smartlook.cloud *.smartlook.com wss://*.smartsupp.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.googlesyndication.com *.kk-resources.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com landofcoder.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1 font-src *.fontawesome.com *.gstatic.com 'self' data: use.fontawesome.com fonts.gstatic.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de js.mollie.com *.sendcloud.sc https://consentcdn.cookiebot.com *.trustpilot.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://images.unsplash.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de maps.gstatic.com maps.googleapis.com *.eu-west-1.amazonaws.com https://www.mollie.com 'self' data: *.googletagmanager.com *.google-analytics.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de maps.googleapis.com s7.addthis.com https://cdn.polyfill.io https://browser.sentry-cdn.com js.mollie.com *.sendcloud.sc *.google.com *.gstatic.com *.trustpilot.com *.googletagmanager.com tagmanager.google.com *.yotpo.com https://consent.cookiebot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.googleapis.com *.gstatic.com use.fontawesome.com *.trustpilot.com tagmanager.google.com fonts.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de ekr.zdassets.com/ https://*.ingest.sentry.io t.elasticsuite.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co webchat.dotdigital.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://player.vimeo.com https://www.youtube-nocookie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com s7.addthis.com *.avada.io https://player.vimeo.com https://www.youtube.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.googleapis.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com ekr.zdassets.com/ https://get.geojs.io *.avada.io https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.myfatoorah.com data: checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.myfatoorah.com checkout.tabby.ai *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.visa.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.myfatoorah.com checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com maps.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.visa.com *.mastercard.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.myfatoorah.com checkout.tabby.ai widgets.tabby.ai cdn.segment.com www.googletagmanager.com www.google.com cdn.sift.com score.jcsc.online seondf.com deviceinf.com getdeviceinf.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline cdn.dnky.co webchat.dotdigital.com *.myfatoorah.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.myfatoorah.com checkout.tabby.ai widgets.tabby.ai cdn.segment.com api.segment.com api.segment.io api.amplitude.com *.seondfresolver.com *.deviceinfresolver.com *.getdeviceinfresolver.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.seondnsresolve.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com maxcdn.bootstrapcdn.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.youtube.com https://www.google.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com www.2wheelshop.eu maps.gstatic.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.google.com widget.freshworks.com m2epro.freshdesk.com *.avada.io maps.googleapis.com www.gstatic.com https://www.gstatic.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.fontawesome.com widget.freshworks.com m2epro.freshdesk.com maxcdn.bootstrapcdn.com www.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com stats.g.doubleclick.net widget.freshworks.com m2epro.freshdesk.com https://get.geojs.io *.avada.io https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.googleapis.com *.fontawesome.com *.bootstrapcdn.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.twitter.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es connect.xpayments.com *.xpayments.com *.twitter.com *.google.com *.addthis.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.cloudflare.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com data: sealserver.trustwave.com widget.tochat.be yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.cloudflare.com *.twitter.com *.google-analytics.com googletagmanager.com *.google.com *.gstatic.com *.trustedshops.com *.fontawesome.com *.addthis.com s7.addthis.com m.addthis.com z.moatads.com *.addthisedge.com apis.google.com graph.facebook.com widgets.pinterest.com *.authorize.net *.cardinalcommerce.com *.avada.io maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval' widget.tochat.be www.trustlogo.com chimpstatic.com sealserver.trustwave.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.googleapis.com *.twitter.com *.gstatic.com *.typekit.net *.fontawesome.com *.bootstrapcdn.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.cloudflare.com *.twitter.com *.paypal.com services.tochat.be www.google-analytics.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.mercadolibre.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://live.decidir.com *.avada.io *.mlstatic.com *.mercadopago.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://developers.decidir.com/ https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolibre.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com https://static.handbookonline.com.br https://media.handbookonline.com.br *.gstatic.com *.google.com *.google.com.br *.googleapis.com *.doubleclick.net *.googletagmanager.com *.googleadservices.com *.dinamize.com *.smarthint.co *.facebook.net *.facebook.com data: *.yotpo.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://static.handbookonline.com.br https://media.handbookonline.com.br *.doubleclick.net *.googletagmanager.com *.dinamize.com *.smarthint.co https://accounts.google.com https://www.facebook.com https://login.live.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.meetanshi.com https://static.handbookonline.com.br https://media.handbookonline.com.br *.google.com *.google.com.br *.doubleclick.net *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.dinamize.com *.smarthint.co *.lightwidget.com *.facebook.net *.facebook.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.meetanshi.com https://static.handbookonline.com.br https://media.handbookonline.com.br *.googleadservices.com *.google-analytics.com *.paypal.com *.google.com *.google.com.br *.doubleclick.net *.gstatic.com *.googletagmanager.com *.smarthint.co *.dinamize.com *.facebook.net *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.meetanshi.com https://static.handbookonline.com.br https://media.handbookonline.com.br *.google.com *.google.com.br *.google-analytics.com *.gstatic.com *.doubleclick.net *.googleapis.com *.googletagmanager.com *.googleadservices.com *.lightwidget.com *.smarthint.co *.dinamize.com *.facebook.net *.facebook.com *.pagseguro.com.br https://www.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com https://static.handbookonline.com.br https://media.handbookonline.com.br *.googleapis.com *.doubleclick.net *.google.com *.google.com.br *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.smarthint.co *.dinamize.com https://connect.facebook.net *.facebook.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.meetanshi.com https://static.handbookonline.com.br https://media.handbookonline.com.br *.paypal.com *.google.com *.google.com.br *.doubleclick.net *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.lightwidget.com *.dinamize.com *.smarthint.co *.facebook.net *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.fontawesome.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.googlesyndication.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com *.google.com *.doubleclick.net *.googlesyndication.com *.multisafepay.com https://pay.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' data: bat.bing.com *.google.com *.google.nl *.google.bg *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.highleytall.nl ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.multisafepay.com assets.myparcel.nl *.koongo.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com instant.page *.instant.page bat.bing.com *.mailcampaigns.nl *.google.bg *.googletagmanager.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.multisafepay.com https://pay.google.com cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com *.mailcampaigns.nl downloads.mailchimp.com *.fontawesome.com *.multisafepay.com cdnjs.cloudflare.com cdnjs.cloudflare.com/ajax/libs/highlight.js/9.3.0/styles/darkula.min.css unsafe-inline assets.braintreegateway.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google-analytics.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com *.multisafepay.com api.myparcel.nl *.koongo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de htakip.test operator-test.hisarustuinsaat.com.tr operator.hisarustuinsaat.com.tr *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de htakip.test operator-test.hisarustuinsaat.com.tr operator.hisarustuinsaat.com.tr *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.google.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com unsafe-inline *.googleapis.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://*.ingest.sentry.io https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com t.elasticsuite.io *.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.googleapis.com *.gstatic.com redlinerc.hudsonstaging.co.uk www.redlinerc.co.uk *.typekit.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com maxcdn.bootstrapcdn.com fonts.gstatic.com https://cdnjs.cloudflare.com *.cloudfront.net *.reviews.io *.reviews.co.uk data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://maps.google.com/ www.facebook.com platform.twitter.com *.reviews.io *.reviews.co.uk *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com zasimo.pk readline.test http://redlinerc.hudsonstaging.co.uk https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com *.cloudfront.net *.reviews.io *.reviews.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.googleapis.com *.gstatic.com widget.freshworks.com m2epro.freshdesk.com paypal.com paypalobjects.com google-analytics.com googleadservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ connect.facebook.net twitter.com platform.twitter.com https://cdnjs.cloudflare.com *.reviews.io *.reviews.co.uk *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline fonts.googleapis.com widget.freshworks.com m2epro.freshdesk.com www.redlinerc.co.uk *.typekit.net maxcdn.bootstrapcdn.com https://static.klaviyo.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.cloudfront.net *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.googleapis.com widget.freshworks.com m2epro.freshdesk.com stats.g.doubleclick.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cloudfront.net *.reviews.io *.reviews.co.uk *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.gstatic.com use.typekit.net *.fontawesome.com *.cloudflare.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com *.trustpilot.com *.cookiebot.com *.facebook.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org *.trackedlink.net *.cloudflare.com *.bing.com *.gstatic.com *.google.com *.clarity.ms *.facebook.com *.googleapis.com *.google.fr *.tdimage.nl *.metaffiliation.com *.visualwebsiteoptimizer.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net * plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com unpkg.com commerce.adobedtm.com assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal *.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.fontawesome.com *.cloudflare.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io p13n.adobe.io p13n-mr.adobe.io * plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com commerce.adobedtm.com commerce.adobedc.net *.snplow.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.cloudflare.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' sentry.io; connect-src 'self' https://talent-assets.hubstaff.com hubstaff-talent.s3.amazonaws.com maps.googleapis.com securepubads.g.doubleclick.net pagead2.googlesyndication.com www.woopra.com cdn.segment.com api.segment.io account.hubstaff.com talent.hubstaff.com; font-src hubstafftalent.net https://talent-assets.hubstaff.com maxcdn.bootstrapcdn.com fonts.gstatic.com; frame-src ce93406be74f076c50a1ab98df46ab11.safeframe.googlesyndication.com 6efff8b413465a56cd65dbacc9fcc677.safeframe.googlesyndication.com www.google.com securepubads.g.doubleclick.net tpc.googlesyndication.com 009ecd1d81bde479329585a574ab3d71.safeframe.googlesyndication.com 6eaa55ce8af5e813fa5149457c1752a9.safeframe.googlesyndication.com f9fce61dba8cc71fecb2db746665728d.safeframe.googlesyndication.com hubstafftalent.net; img-src 'self' data: https: https://talent-assets.hubstaff.com maps.googleapis.com pagead2.googlesyndication.com; script-src 'unsafe-eval' 'unsafe-inline' https://talent-assets.hubstaff.com maps.googleapis.com cdn.segment.com securepubads.g.doubleclick.net static.woopra.com tpc.googlesyndication.com www.woopra.com cdnjs.cloudflare.com; script-src-attr 'unsafe-inline'; script-src-elem 'unsafe-inline' https://talent-assets.hubstaff.com maps.googleapis.com tpc.googlesyndication.com securepubads.g.doubleclick.net ajax.cloudflare.com cdn.segment.com static.woopra.com www.woopra.com; style-src 'unsafe-inline' https://talent-assets.hubstaff.com fonts.googleapis.com maxcdn.bootstrapcdn.com; style-src-attr 'unsafe-inline'; style-src-elem 'unsafe-inline' hubstafftalent.net https://talent-assets.hubstaff.com fonts.googleapis.com maxcdn.bootstrapcdn.com adblockers.opera-mini.net; report-uri https://a6d99c1bbddfc76a2aed3e75a1697b26.report-uri.com/r/d/csp/reportOnly 1 worker-src blob:; font-src fonts.gstatic.com *.kxcdn.com *.fontawesome.com *.bootstrapcdn.com *.googleapis.com *.hotjar.com *.hotjar.io https://fonts.gstatic.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com *.nitrocdn.com *.yotpo.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.piraeusbank.gr *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com google.com *.skroutz.gr www.skroutz.gr skroutz.gr *.bestprice.gr googleads.g.doubleclick.net *.facebook.com google.gr www.google.gr www.google.com *.hotjar.com *.hotjar.io *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://www.googletagmanager.com/ nitropack.io c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com scontent.cdninstagram.com *.kxcdn.com *.twitter.com *.googleapis.com google.com *.gstatic.com www.google.gr www.google.com *.bestprice.gr *.google-analytics.com https://cdn.klarna.com/1.0/shared/image/generic/badge/en_us/pay_later/descriptive/pink.svg stats.g.doubleclick.net trustmark.gr *.contactpigeon.com https://bitmyjob.gr https://www.bitmyjob.gr https://www.facebook.com *.skroutz.gr skroutza.skroutz.gr *.hotjar.com *.hotjar.io www.googletagmanager.com googletagmanager.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.nitrocdn.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.googleapis.com google.com *.gstatic.com cdn.ampproject.org www.googletagmanager.com googletagmanager.com *.kxcdn.com platform.twitter.com *.cloudflare.com *.google-analytics.com *.fontawesome.com *.google.com *.youtube.com maps.googleapis.com *.chimpstatic.com *.mailchimp.com https://chimpstatic.com *.googletagmanager.com *.skroutz.gr www.skroutz.gr skroutza.skroutz.gr *.bestprice.gr r1-t.trackedlink.net *.doubleclick.net *.adman.gr trustmark.gr *.hotjar.com *.hotjar.io https://static.hotjar.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.zdassets.com *.nitrocdn.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com www.gstatic.com *.piraeusbank.gr *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com google.com *.kxcdn.com *.gstatic.com *.fontawesome.com *.cloudflare.com *.bootstrapcdn.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com *.google.com maxcdn.bootstrapcdn.com *.nitrocdn.com unsafe-inline www.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.google-analytics.com *.doubleclick.net *.google.com *.hotjar.com *.hotjar.io wss://*.hotjar.com maps.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io *.getnitropack.com nitropack.zendesk.com *.zdassets.com *.nitrocdn.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com maxcdn.bootstrapcdn.com 'self' data: *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.twitter.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com https://redchamps.com *.hsforms.net *.hsforms.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net *.google.com *.google.fr *.google.ie www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.avada.io *.hsforms.net *.hsforms.com *.google.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.fr *.google.ie *.googletagmanager.com *.googleadservices.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com *.googleapis.com *.gstatic.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com https://get.geojs.io *.avada.io t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1 font-src *.fontawesome.com *.alothemes.com *.magepow.com *.adobe.com *.facebook.com *.facebook.net *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.addthis.com *.facebook.com *.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.apptrian.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://meetanshi.com/media/logo.png *.addthisedge.com *.twitter.com *.alothemes.com *.magepow.com *.facebook.net *.fontawesome.com *.googleapis.com *.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com gateway.payulatam.com sandbox.api.payulatam.com maf.pagosonline.net devicefingerprinting.fraudvault.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.net *.twitter.com *.avada.io *.alothemes.com *.magepow.com *.fontawesome.com *.googleapis.com *.gstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.alothemes.com *.magepow.com *.facebook.com *.facebook.net *.googleapis.com *.gstatic.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com maf.pagosonline.net devicefingerprinting.fraudvault.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com ekr.zdassets.com/ https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com *.adobe.com *.facebook.net *.fontawesome.com *.googleapis.com *.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: https://*.isbn.gov.in/ *.isbn.gov.in https://fonts.googleapis.com/ https://fonts.gstatic.com/; script-src 'unsafe-hashes' 'self' 'unsafe-eval' https://fonts.gstatic.com/ http://www.w3.org/2000/svg *.isbn.gov.in blob: isbn.gov.in; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com/ https://isbn.gov.in/ *.node.js *.page-style.js ; img-src * data: blob: 'unsafe-inline'; connect-src * 'unsafe-inline' https://fonts.googleapis.com/; object-src 'none'; frame-src *; base-uri 'none'; manifest-src 'self' 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com.br analytics.google.com www.google.com *.gstatic.com www.itausaude.com.br *.doubleclick.net ; script-src 'unsafe-eval' 'unsafe-hashes' 'report-sample' ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 font-src https://fonts.gstatic.com fonts.gstatic.com 'self' data: *.fontawesome.com www.searchanise.com *.searchserverapi.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com www.facebook.com www.searchanise.com *.searchserverapi.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.weltpixel.com https://player.vimeo.com https://www.youtube-nocookie.com https://www.googletagmanager.com/ web.facebook.com www.facebook.com bid.g.doubleclick.net consentcdn.cookiebot.com www.searchanise.com *.searchserverapi.com *.twitter.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.googleapis.com maps.gstatic.com storage.googleapis.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com forms-eu1.hsforms.com track-eu1.hubspot.com www.google.be www.google.es www.google.com.ar googleads.g.doubleclick.net www.facebook.com connect.facebook.net scontent-cdt1-1.cdninstagram.com scontent-cdt2-1.cdninstagram.com scontent-cdg2-1.cdninstagram.com *.twitter.com *.twimg.com www.google.com www.google.ru www.searchanise.com *.searchserverapi.com s3.amazonaws.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://player.vimeo.com https://www.youtube.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io cdn.jsdelivr.net connect.facebook.net js-eu1.hs-scripts.com js-eu1.hs-analytics.net js-eu1.hsadspixel.net js-eu1.hscollectedforms.net js-eu1.hs-banner.com js-eu1.hsleadflows.net googleads.g.doubleclick.net searchserverapi.com pixel.convertize.io consent.cookiebot.com consentcdn.cookiebot.com searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com *.searchserverapi.com *.searchanise.com api.amplitude.com *.twitter.com *.twimg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline fonts.googleapis.com https://fonts.googleapis.com http://fonts.googleapis.com *.fontawesome.com cdn.jsdelivr.net www.searchanise.com *.searchserverapi.com searchanise-ef84.kxcdn.com s3.amazonaws.com *.twitter.com ton.twimg.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api-eu1.hubapi.com forms-eu1.hubspot.com graph.instagram.com maps.googleapis.com forms-eu1.hscollectedforms.net analytics.google.com consentcdn.cookiebot.com api.amplitude.com stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com *.facebook.net *.yotpo.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com *.youtube.com *.paypal.com *.yotpo.com *.creditguard.co.il *.vimeo.com *.googletagmanager.com *.google.com *.xtento.com *.doubleclick.net *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.xtento.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.gstatic.com *.googleadservices.com *.facebook.com *.yotpo.com *.cdninstagram.com *.google-analytics.com *.google.com *.google.com.vn *.google.co.il https://www.google *.magentocommerce.com *.paypal.com *.paypalobjects.com *.ytimg.com *.web-view.net *.googleapis.com *.nagich.co.il *.vimeo.com www.xtento.com cdn.xtento.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com *.vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google-analytics.com *.googleapis.com *.google.com *.fontawesome.com *.googleadservices.com *.googletagmanager.com *.facebook.net *.doubleclick.net *.analytics.com *.rawgit.com *.nagich.co.il *.luckyorange.com *.youtube.com *.xtento.com *.paypal.com *.paypalobjects.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com *.googleapis.com *.bootstrapcdn.com cdn.dnky.co webchat.dotdigital.com tagmanager.google.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.doubleclick.net *.analytics.com *.facebook.com *.google-analytics.com *.nagich.co.il vimeo.com player.vimeo.com *.luckyorange.com *.googleapis.com wss://realtime.luckyorange.com wss://in.visitors.live/socket.io wss://in.visitors.live/socket.io/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com https://www.google-analytics.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' *.a-fs.me gs://f.a-fs.me/ cdnjs.cloudflare.com/ajax/libs/ unpkg.com/@zxing/library@ cdn.jsdelivr.net/phaser/ google-analytics.com *.googletagmanager.com *.googleapis.com *.google.com *.gstatic.com plus.codes/api trackjs.com; script-src 'self' connect.facebook.net *.a-fs.me gs://f.a-fs.me/ google-analytics.com *.googletagmanager.com *.googleapis.com *.google.com *.gstatic.com plus.codes/api platform.twitter.com connect.facebook.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com *.a-fs.me gs://f.a-fs.me/ 'unsafe-inline'; img-src 'self' *.trackjs.com *.a-fs.me gs://f.a-fs.me/ google-analytics.com *.googletagmanager.com *.googleapis.com *.google.com *.gstatic.com plus.codes/api *.facebook.com *.fbcdn.net data:; font-src 'self' *.gstatic.com *.a-fs.me gs://f.a-fs.me/ data:; connect-src 'self' *.google-analytics.com *.googleapis.com *.a-fs.me gs://f.a-fs.me/; object-src 'none'; frame-src 'self' *.google.com platform.twitter.com www.facebook.com; frame-ancestors 'none'; base-uri 'self'; report-uri /api/csp-report; report-to csp-endpoint 1 font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.multisafepay.com https://pay.google.com 'self'; frame-src bid.g.doubleclick.net player.vimeo.com *.youtube.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.youtube-nocookie.com www.google.com https://*.dpdconnect.nl youtube.com *.multisafepay.com https://pay.google.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com flagpedia.net 'self' data: *.multisafepay.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://*.dpdconnect.nl https://cdn.polyfill.io https://browser.sentry-cdn.com *.avada.io player.vimeo.com *.gstatic.com maps.googleapis.com *.multisafepay.com https://pay.google.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com *.googleapis.com *.multisafepay.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com https://*.ingest.sentry.io https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com *.google-analytics.com *.doubleclick.net *.multisafepay.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com data: 'self' 'unsafe-inline'; form-action *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.paypal.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.google.com *.gstatic.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' karcher-center-altex.com.br *.karcher-center-altex.com.br karchercenteraltex.fbitsstatic.net fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com doubleclick.net addthis.com hertzen.com cartstack.com moatads.com alphassl.com googleadservices.com online-metrix.net cloudflare.com cartstack.com.br ebit.com.br traycheckout.com.br *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com *.alphassl.com *.googleadservices.com *.online-metrix.net *.cloudflare.com *.addthis.com *.hertzen.com *.doubleclick.net *.cartstack.com *.moatads.com *.cartstack.com.br *.ebit.com.br *.traycheckout.com.br wss://signalr.fbits.net *.yapay.com.br *.clearsale.com.br k-analytix.com *.k-analytix.com i.konduto.com *.yapay.com.br *.traycheckout.com.br *.conectiva.io *.sunset.systems app.cartstack.com.br *.performa.ai *.cupom.social *.conectiva.app conectiva.io *.hotjar.com dzpxyxks1bfmb.cloudfront.net *.gstatic.com *.soclminer.com.br *.btg360.com.br *.socialminer.com samuraiexpertsstorage.blob.core.windows.net boletoflex.azurewebsites.net boletoflex.com *.boletoflex.com *.azurewebsites.net *.blob.core.windows.net signalrcore.fbits.net wss://signalrcore.fbits.net *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.fbits.store google.com.br *.google.com.br translate.googleapis.com *.googleapis.com *.google.com google.com *.adyen.com google.com.co *.com.co google.es *.google.es *.googletagmanager.com googletagmanager.com google.fr *.google.fr ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.karcher-center-altex.com.br karcher-center-altex.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho 1 img-src 'self' data: https://secure.gravatar.com https://i.ytimg.com https://pagead2.googlesyndication.com https://fundingchoicesmessages.google.com https://lh3.googleusercontent.com https://csi.gstatic.com https://www.google.dz https://analytics.google.com ; default-src 'self'; script-src 'self' 'unsafe-inline' data: https://pagead2.googlesyndication.com https://fundingchoicesmessages.google.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ; style-src-elem 'self' 'unsafe-inline'; report-uri https://www.karemfouad.com/wp-json/rsssl/v1/csp?rsssl_apitoken=479554513; 1 font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.feedaty.com *.zopim.com fonts.gstatic.com data: static.criteo.net *.fontawesome.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.feedaty.com *.criteo.com *.criteo.net *.hotjar.com *.google.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://cdn.clerk.io *.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.feedaty.com *.google.com *.google.it *.zopim.com *.clerk.io *.advertising.com *.doubleclick.net *.openx.net *.rubiconproject.com *.yahoo.com *.smaato.net *.yieldmo.com *.tapad.com *.addthis.com *.outbrain.com *.criteo.com *.criteo.net *.adnxs.com *.adtpd.com *.tpmn.co.kr *.socdm.com *.adingo.jp *.revcontent.com *.kargo.com *.3lift.com *.media.net *.rlcdn.com *.turn.com *.smartadserver.com *.mediawallahscript.com *.360yield.com *.pubmatic.com *.casalemedia.com *.taboola.com *.adform.net *.teads.tv *.bidswitch.net *.dable.io *.sharethrough.com *.liadm.com *.postrelease.com *.mgid.com *.nate.com *.yandex.ru *.rambler.ru *.meba.kr *.admixer.co.kr id5-sync.com *.mail.ru *.adscale.de *.aralego.com *.tremorhub.com *.omnitagjs.com trusted.ro *.kvstore.it *.googletagmanager.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com *.cdninstagram.com *.fbcdn.net maps.googleapis.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://api.clerk.io https://cdn.clerk.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.facebook.net connect.facebook.net graph.facebook.com business.facebook.com *.feedaty.com *.zoorate.com *.iubenda.com *.soisy.it *.criteo.com static.criteo.net *.doubleclick.net *.hotjar.com *.zopim.com *.zdassets.com *.clerk.io partner-events.favicdn.net *.google.com *.gstatic.com *.avada.io https://cdnjs.cloudflare.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://api.clerk.io https://cdn.clerk.io cdn.dnky.co webchat.dotdigital.com *.feedaty.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src static.criteo.net *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.feedaty.com *.soisy.it *.google.com *.google-analytics.com *.hotjar.com vc.hotjar.io/ *.zdassets.com *.zopim.com *.iubenda.com *.doubleclick.net *.criteo.com *.criteo.net wss://*.zopim.com/ wss://*.hotjar.com/ partner-events.favicdn.net partner-events.favi.sk partner-events.favi.cz partner-events.favi.ro *.googlesyndication.com *.zendesk.com https://get.geojs.io *.avada.io www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com https://www.google-analytics.com *.instagram.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-IRNi72bCgk1dWn1cvtBg_g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src https:; script-src 'self' cdn.jsdelivr.net *.youtube.com 'unsafe-inline' 'unsafe-eval'; font-src https: data:; style-src https: 'unsafe-inline'; img-src https: data:; report-uri https://learnonline.health.nz/local/csp/collector.php 1 font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.zopim.com *.zopim.io fonts.googleapis.com fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.tpc.googlesyndication.com *.google.com *.googleads.g.doubleclick.net *.google.co.in https://click.onatrack.in/ https://www.youtube.com http://www.sandbox.paypal.com *.twitter.com *.googletagmanager sandbox.cashfree.com *.dotdigital-pages.com *.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com api.razorpay.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.sp.analytics.yahoo.com *.twitter.com *.twimg.com *.ytimg.com *.bing.com *.zopim.com *.zopim.io *.doubleclick.net *.google.com *.google.co.in *.mastercard.com https://sp.analytics.yahoo.com maps.googleapis.com maps.gstatic.com cashfreelogo.cashfree.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.lightemporium.com *.usercentrics.eu www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com cdn.razorpay.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://tpc.googlesyndication.com/sodar/1s9mPOHO.js *.cloudflare.com https://s.yimg.com/wi/ytc.js *.twitter.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.paypal.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bing.com *.zopim.com *.zdassets.com *.google.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com sdk.cashfree.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal chimpstatic.com downloads.mailchimp.com *.list-manage.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com checkout.razorpay.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.fontawesome.com *.bing.com fonts.googleapis.com downloads.mailchimp.com *.usercentrics.eu *.google.com maxcdn.bootstrapcdn.com unsafe-inline tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com *.zopim.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://s.yimg.com/wi/config/10155487.json *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.zdassets.com *.zopim.com *.zopim.io wss://widget-mediator.zopim.com *.google-analytics.com https://stats.g.doubleclick.net *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com lumberjack.razorpay.com lumberjack-metrics.razorpay.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com maxcdn.bootstrapcdn.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.meetanshi.com *.mercadolibre.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com *.meetanshi.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com 'self' data: *.google.com *.google.fr *.google.ie www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.mgt.com *.meetanshi.com *.mlstatic.com *.mercadopago.com *.google.com www.gstatic.com *.google.fr *.google.ie *.googletagmanager.com *.googleadservices.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com *.googleapis.com *.gstatic.com www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com https://get.geojs.io *.mgt.com *.meetanshi.com *.mercadopago.com *.mercadolibre.com t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.gstatic.com use.typekit.net *.cloudflare.com 'unsafe-inline' data: *.googleapis.com *.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.mercadolibre.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com *.gstatic.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.googleapis.com *.gstatic.com *.avada.io *.mlstatic.com *.mercadopago.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.cloudflare.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io *.googleapis.com *.mercadopago.com *.mercadolibre.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self'; font-src https://themes.googleusercontent.com/ 'self'; frame-src https://s-static.ak.facebook.com http://static.ak.facebook.com https://www.facebook.com; img-src *; object-src 'none'; script-src https://connect.facebook.net/ http://connect.facebook.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ http://browser-update.org/ https://www.google.com/ https://www.gstatic.com/recaptcha/ http://www.google.com/recaptcha/ 'unsafe-inline' 'unsafe-eval' 'self'; style-src https://www.google.com/ https://ajax.googleapis.com/ 'unsafe-inline' 'self'; report-uri /nelmio/csp/report 1 font-src fonts.gstatic.com use.typekit.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com https://h.online-metrix.net *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com https://h.online-metrix.net *.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://h.online-metrix.net *.d.aa.online-metrix.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com commerce.adobedtm.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://h.online-metrix.net *.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.magento.com commerce.adobe.io commerce.adobedtm.com commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net *.bolt.com qa-api.magedevteam.com https://h.online-metrix.net https://mpisandbox.braspag.com.br/v2/3ds/validate https://writer.cardinalcommerce.com/stag/log https://mpisandbox.braspag.com.br/v2/3ds/enroll https://centinelapistag.cardinalcommerce.com/V1/Order/JWT/Continue *.amazonaws.com *.braspag.com.br www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-iG5OcBgzntt3lPVLsyZaRQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.twitter.com *.facebook.net *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ *.youtube.com/ *.facebook.net *.facebook.com https://ipgtest.monri.com/ https://ipg.monri.com/ landofcoder.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.facebook.com https://redchamps.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.cloudflare.com *.twitter.com *.google-analytics.com *.googleapis.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.nr-data.net *.newrelic.com *.trackedlink.net *.googletagmanager.com *.facebook.net *.facebook.com https://ipgtest.monri.com/ https://ipg.monri.com/ landofcoder.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.nr-data.net *.newrelic.com *.ampproject.org *.facebook.net *.facebook.com landofcoder.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://www.google.com api.razorpay.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de cdn.razorpay.com *.gstatic.com *.cdninstagram.com *.fbcdn.net *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://www.google.com https://www.gstatic.com s7.addthis.com *.avada.io checkout.razorpay.com https://www.googletagmanager.com tagmanager.google.com *.instagram.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com maxcdn.bootstrapcdn.com tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de ekr.zdassets.com/ lumberjack.razorpay.com lumberjack-metrics.razorpay.com https://www.google-analytics.com *.instagram.com *.googleusercontent.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src d.digsgogo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com https://www.gstatic.com https://fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://www.google.com *.doubleclick.net *.facebook.com *.addthis.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.google.gr ebizmarts-website.s3.amazonaws.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://www.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.addthis.com *.addthisedge.com *.moatads.com *.chimpstatic.com s7.addthis.com *.avada.io https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.addthis.com *.doubleclick.net ekr.zdassets.com/ https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.googleapis.com fonts.gstatic.com *.fontawesome.com *.abtasty.com *.googleapis.com *.gstatic.com oct8necdneu.azureedge.net/ *.peppermoneytest.es *.peppermoney.es 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com www.google.com *.cookiebot.com *.pinterest.com *.hotjar.com *.hotjar.io *.facebook.com *.facebook.net *.bing.com *.oct8ne.com *.peppermoneytest.es *.peppermoney.es *.pepperfinance.es fledge-eu.creativecdn.com ams.creativecdn.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.adyen.com maps.googleapis.com maps.gstatic.com https://img.youtube.com www.google.com www.google.es www.googletagmanager.com stats.g.doubleclick.net googleads.g.doubleclick.net *.pinterest.com *.facebook.com *.facebook.net *.bing.com *.clarity.ms tracker.metricool.com *.abtasty.com *.amazonaws.com *.oct8ne.com oct8necdneu.azureedge.net/ gstatic.com *.peppermoneytest.es oct8necdneu.azureedge.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com s7.addthis.com *.cookiebot.com *.google.com www.google.es www.gstatic.com sl.google-analytics.com googleads.g.doubleclick.net *.googleapis.com s.pinimg.com *.pinterest.com *.hotjar.com *.hotjar.io *.facebook.com *.facebook.net *.bing.com *.fittingbox.com js-agent.newrelic.com bam.nr-data.net *.clarity.ms tracker.metricool.com *.abtasty.com *.oct8ne.com *.peppermoneytest.es *.peppermoney.es assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.abtasty.com *.googleapis.com *.gstatic.com *.peppermoneytest.es *.peppermoney.es *.pepperfinance.es *.oct8ne.com oct8necdneu.azureedge.net tags.creativecdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com ekr.zdassets.com/ *.cookiebot.com www.google.com *.google.com www.google.es *.googleapis.com www.gstatic.com www.googletagmanager.com sl.google-analytics.com *.g.doubleclick.net s.pinimg.com *.pinterest.com *.hotjar.com *.hotjar.io *.facebook.com *.facebook.net *.bing.com *.fittingbox.com js-agent.newrelic.com bam.nr-data.net *.clarity.ms *.abtasty.com *.oct8ne.com *.peppermoneytest.es *.peppermoney.es ams.creativecdn.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.googlesyndication.com *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.mattca.ro *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.googlesyndication.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.doubleclick.net *.facebook.com/ *.googlesyndication.com cdn.dnky.co webchat.dotdigital.com *.innoship.ro https://www.google.com/ *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.tile.openstreetmap.org *.openstreetmap.org *.mattca.ro *.google.com/ads/ *.google.ro *.google.ro/ads/ *.trusted.ro/ trusted.ro/ *.profitshare.ro *.omtrdc.net *.salofarm.ro maps.googleapis.com maps.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.googlesyndication.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.googleapis.com *.avada.io *.cloudflare.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.jivosite.com *.profitshare.ro profitshare.ro *.7w.ro *.aptrinsic.com *.mattca.ro maps.googleapis.com widget.trusted.ro *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.googlesyndication.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.google.com *.jivosite.com *.aptrinsic.com *.mattca.ro *.salofarm.ro *.stormers.ro *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.jivosite.com *.mattca.ro 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net *.googlesyndication.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io https://stats.g.doubleclick.net/ *.jivosite.com *.7w.ro *.aptrinsic.com maps.googleapis.com socialplugin.facebook.net wss://chat-eu1-4.jivosite.com *.mattca.ro *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.googleapis.com fonts.gstatic.com *.googleapis.com *.gstatic.com data: *.fontawesome.com maxcdn.bootstrapcdn.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.apptrian.com facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.google.com www.apptrian.com facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.apptrian.com facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com *.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.apptrian.com facebook.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com t.elasticsuite.io *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /csp_report; 1 default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-ed25abfded774617b70d00737e11c668' https://MeinLUKS.ch 'self';img-src https://* 'self' blob: data:;style-src https://MeinLUKS.ch 'self' 'unsafe-inline';form-action 'self';media-src https://* 'self'; 1 font-src *.fontawesome.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.mercadolibre.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.googleapis.com *.google.com *.gstatic.com *.avada.io *.mlstatic.com *.mercadopago.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com unsafe-inline *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com *.mercadopago.com *.mercadolibre.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.varisan-smapp.com *.iadvize.com *.cartsguru.io *.github.com github.com *.fontawesome.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src 'none'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.varisan-smapp.com *.iadvize.com *.cartsguru.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ secure-gateway.hipay-tpp.com *.hipay.com mpsnare.iesnare.com *.sendcloud.sc *.varisan-smapp.com *.iadvize.com static.axept.io *.cartsguru.io s7.addthis.com *.avada.io https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.hipay.com *.varisan-smapp.com *.iadvize.com *.cartsguru.io *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com data: mpsnare.iesnare.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.hipay.com wss://mpsnare.iesnare.com *.varisan-smapp.com *.iadvize.com *.cartsguru.io *.carts.guru ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com www.googleapis.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.klarnacdn.net fonts.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnaevt.com *.zopim.com *.iyzipay.com www.mesoestetic.es data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * sandbox.przelewy24.pl secure.przelewy24.pl https://sandbox.payfast.co.za https://www.payfast.co.za/eng/process *.google.com www.mesoestetic.es 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com www.mesoestetic.es 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.google.com *.fls.doubleclick.net *.facebook.com *.awin1.com *.zenaps.com magento-cloudflare.jetrails.com www.youtube.com *.klarna.com https://player.vimeo.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.pagantis.com *.instagram.com *.youtube-nocookie.com *.vimeo.com *.ups.com *.addthis.com *.hotjar.com *.hotjar.io www.mesoestetic.es 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.awin1.com *.zenaps.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.ytimg.com *.klarna.com *.klarnaevt.com *.klarnacdn.net blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com static.przelewy24.pl www.gstatic.com gstatic.com maps.gstatic.com *.google.es *.google.nl cdn.digitalorigin.com d23yuld0pofhhw.cloudfront.net *.zopim.io *.zopim.com *.nosto.com bat.bing.com *.mesoestetic.com *.cookielaw.org https://sandbox-static.iyzipay.com www.mesoestetic.es data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com connect.facebook.net *.facebook.net *.doubleclick.net *.google-analytics.com *.awin1.com www.dwin1.com *.zenaps.com https://the.sciencebehindecommerce.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.klarna.com *.klarnacdn.net *.klarnaservices.com https://player.vimeo.com https://www.youtube.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com sandbox.przelewy24.pl secure.przelewy24.pl cdn.scalapay.com b2c-cdn.scalapay.com *.stripe.com klarna.com *.klarnaevt.com maps.googleapis.com *.instagram.com *.zdassets.com *.doofinder.com *.cookielaw.org *.pagantis.com static-eu.payments-amazon.com *.onetrust.com *.nosto.com *.zopim.com *.cardinalcommerce.com *.bing.com g990421675.co g792337340.co g990421676.co g792337342.co g9508048080.co g10300385420.co geotargetly-api-2.com *.microsoft.com bam.eu01.nr-data.net *.addthis.com *.moatads.com *.addthisedge.com *.cloudflare.com mc.yandex.ru *.hotjar.com *.hotjar.io *.qly.site1.sibs.pt *.iyzipay.com lantern.roeyecdn.com https://sandbox-api.iyzipay.com https://sandbox-static.iyzipay.com www.mesoestetic.es https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com downloads.mailchimp.com *.klarnacdn.net https://fonts.googleapis.com http://fonts.googleapis.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com/ www.bing.com *.iyzipay.com www.mesoestetic.es 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: *.zdassets.com www.mesoestetic.es 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.facebook.com *.facebook.net google.com https://the.sciencebehindecommerce.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com *.stripe.com klarna.com wss://*.zopim.com *.zendesk.com *.zdassets.com *.doofinder.com *.cookielaw.org *.amazon.es *.amazon.com *.amazon.de *.amazon.fr *.amazon.pt *.amazon.it *.onetrust.com *.nosto.com *.doubleclick.net *.bing.com bam.eu01.nr-data.net *.addthis.com api-public.addthis.com s7.addthis.com *.zopim.com mc.yandex.ru *.hotjar.com ws.hotjar.com *.hotjar.io pagead2.googlesyndication.com/ *.iyzipay.com https://sandbox-api.iyzipay.com https://stg.iyzipay.com www.mesoestetic.es 'self' 'unsafe-inline'; child-src *.awin1.com *.zenaps.com assets.braintreegateway.com c.paypal.com *.paypal.com www.mesoestetic.es http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com www.mesoestetic.es 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /contact; report-to report-endpoint; 1 default-src 'self' https: 'unsafe-inline' data: 'unsafe-eval'; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=modnipeklo 1 script-src-attr 'unsafe-inline'; img-src 'self' https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'strict-dynamic' 'unsafe-eval' 'nonce-ERyBQV8hlH8bWA/gQGYOGQ=='; font-src 'self' https: data:; frame-ancestors 'none'; default-src 'self' https: wss:; report-uri https://sentry.olc.cz/api/19/security/?sentry_key=58622d10e65d4510b8947a9e685d8e4f&sentry_environment=production_ro&sentry_release=5.3.85 1 object-src 'none';base-uri 'self';script-src 'nonce-5YscVXNoA7LGG4meJyBAjQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src fonts.gstatic.com use.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com *.demdex.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com www.paypalobjects.com js.braintreegateway.com www.paypal.com assets.adobedtm.com commerce.adobe.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://adobedc.demdex.net/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.at https://www.myheritage.de 'unsafe-eval' 'nonce-386ffad85513978948e646edca130b20' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.at;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1 default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.ch https://www.myheritage.de 'unsafe-eval' 'nonce-25b938722d34d965b94c36bf1fb18128' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.ch;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1 default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.gr https://www.myheritage.gr 'unsafe-eval' 'nonce-f371276d67cc3e601c7bf249c4245905' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.gr;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1 default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.hu https://www.myheritage.hu 'unsafe-eval' 'nonce-fac29728366eb5e57f5858587d41dbeb' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.hu;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1 default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.lt https://www.myheritage.lt 'unsafe-eval' 'nonce-f7be1863f97cad657498df0ef50a1c1d' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.lt;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1 default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.lv https://www.myheritage.lv 'unsafe-eval' 'nonce-7644146369719097ccaea388fc6b789d' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.lv;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=report&canonical_page_id=/company/home/ 1 default-src 'self';base-uri 'self';frame-ancestors 'self';frame-src https://* 'self' epichttp:;script-src 'nonce-c03e1cae57b743bc8f5f6800769beb09' https://www.myuthealthhouston.org 'self';img-src https://* 'self' blob: data:;style-src https://www.myuthealthhouston.org 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action 'self';media-src https://* 'self' blob:; 1 font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google.com/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.neumamerica.cl https://www.magezon.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.zdassets.com *.zendesk.com wss://pod-27.zendesk.com tracking.bciplus.cl *.google.com/ *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.fontawesome.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.zdassets.com *.zendesk.com wss://pod-27.zendesk.com neumamericahelp.zendesk.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 worker-src blob:; font-src fonts.gstatic.com *.kxcdn.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com scontent.cdninstagram.com data: *.kxcdn.com amcglobal.sc.omtrdc.net *.twitter.com *.googleapis.com google.com *.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.googleapis.com google.com *.gstatic.com cdn.ampproject.org connect.facebook.net www.googletagmanager.com googletagmanager.com *.kxcdn.com platform.twitter.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com google.com *.kxcdn.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com dpm.demdex.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1 font-src *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com player.vimeo.com *.mercadolibre.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.hydroflask.com.co *.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net js.authorize.net jstest.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com cdn-scripts.signifyd.com www.youtube.com s7.addthis.com *.avada.io *.mlstatic.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com maxcdn.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com ekr.zdassets.com/ *.mercadopago.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 child-src https://*.adyen.com https://paymentacceptsample.cloud.dynamics.com https://*.clarity.ms 'self';connect-src https://*.adyen.com https://*.usercentrics.eu https://*.clarity.ms https://www.google-analytics.com https://analytics.google.com 'self' https://login.microsoftonline.com https://*.commerce.dynamics.com https://*.dynamics365commerce.ms https://dc.services.visualstudio.com https://images-eu-prod.cms.commerce.dynamics.com https://images-eu-prod.cms.commerce.dynamics.com https://www.nile.ch https://scuweijazq811630098-rs.su.retail.dynamics.com/;font-src https://*.typekit.net/ https://*.sharepointonline.com/ 'self' https://*.commerce.dynamics.com https://*.dynamics365commerce.ms https://use.fontawesome.com data:;frame-src https://*.adyen.com https://*.dynamics.com https://niletestadb2c.b2clogin.com https://nileuatadb2c.b2clogin.com https://*.usercentrics.eu https://*.googletagmanager.com https://*.clarity.ms;img-src https://*.adyen.com https://*.usercentrics.eu https://*.blob.core.windows.net 'self' data: https://*.commerce.dynamics.com https://*.dynamics365commerce.ms https://images-eu-prod.cms.commerce.dynamics.com https://images-eu-prod.cms.commerce.dynamics.com;media-src https://*.clarity.ms 'self' https://ppe-streaming-video-mr-microsoft-com.akamaized.net https://*.streaming.media.azure.net https://*.commerce.dynamics.com https://*.dynamics365commerce.ms https://images-eu-prod.cms.commerce.dynamics.com https://images-eu-prod.cms.commerce.dynamics.com;object-src https://*.clarity.ms 'self';script-src https://*.adyen.com https://*.typekit.net/ https://*.googletagmanager.com/ https://*.google.com/ https://*.gstatic.com/ https://*.clarity.ms https://*.usercentrics.eu 'self' 'unsafe-inline' 'unsafe-eval' https://*.commerce.dynamics.com https://*.dynamics365commerce.ms https://*.vo.msecnd.net https://dc.services.visualstudio.com https://dev.virtualearth.net https://www.nile.ch https://js.monitor.azure.com/scripts/b/ai.2.min.js;style-src https://*.adyen.com https://*.typekit.net/ 'self' 'unsafe-inline' https://*.commerce.dynamics.com https://*.dynamics365commerce.ms https://www.nile.ch ;default-src 'self' https://*.commerce.dynamics.com https://*.dynamics365commerce.ms;base-uri 'self'; 1 font-src *.fontawesome.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.gstatic.com *.googleapis.com stackpath.bootstrapcdn.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.twitter.com *.facebook.com *.google.com *.snapchat.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.twitter.com *.doubleclick.net *.facebook.com/ *.cookiebot.com *.viabill.com *.trustpilot.com *.snapchat.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.google.com *.google.com.sg *.google.com.ph *.twitter.com *.ytimg.com *.youtube.com *.facebook.com *.bing.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com https://chimpstatic.com downloads.mailchimp.com *.list-manage.com *.avada.io *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.fontawesome.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net connect.facebook.net *.trustpilot.com *.emaerket.dk *.cookiebot.com code.jquery.com *.viabill.com *.bing.com sc-static.net *.leadfamly.com *.zdassets.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com *.fontawesome.com maxcdn.bootstrapcdn.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com stackpath.bootstrapcdn.com *.freshchat.com/ *.myfonts.net unsafe-inline tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.cloudflare.com *.twitter.com *.paypal.com *.doubleclick.net *.google-analytics.com *.leadfamly.com *.zdassets.com *.zendesk.com *.zopim.com wss://widget-mediator.zopim.com *.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com *.google.com *.google.com.sg 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com maxcdn.bootstrapcdn.com https://widgets.trustedshops.com https://integrations.etrusted.com fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com data: app.probefahrtenbutler.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.facebook.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.googletagmanager.com cdn.dnky.co www.youtube.com *.hotjar.com *.google.com *.facebook.com *.trustpilot.com *.criteo.com inoa.de www.jsctool.com *.awin1.com secure.pay1.de payments.amazon.de jsctool.com https://plumrocket.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com https://api.mapbox.com https://widgets.trustedshops.com https://integrations.etrusted.com *.pixriot.com *.storeimaging.com *.nova-motors.de www.google.de www.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com *.gstatic.com www.linkedin.com linkedin.com googletagmanager.com gallery.mailchimp.com *.trustedshops.com www.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net *.ytimg.com *.awin1.com cdn.pay1.de x.klarnacdn.net *.cloudfront.net www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com https://cdn.jsdelivr.net/npm/@ryangjchandler/spruce@2.x.x/dist/spruce.umd.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de widget.freshworks.com m2epro.freshdesk.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com https://widgets.trustedshops.com https://integrations.etrusted.com google.com www.google.com gstatic.com www.gstatic.com *.googleapis.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.trustpilot.com *.newrelic.com *.nr-data.net cdn.jsdelivr.net www.googleoptimize.com www.clarity.ms *.datatrics.com *.criteo.net *.criteo.com cdn.mouseflow.com www.dwin1.com/ *.awin1.com the.sciencebehindecommerce.com secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com maxcdn.bootstrapcdn.com https://widgets.trustedshops.com https://integrations.etrusted.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net d.ratepay.com d.payla.io dr.payla.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com static.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de widget.freshworks.com m2epro.freshdesk.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net *.trustedshops.com *.etrusted.com *.pixriot.com *.storeimaging.com commerce.adobedc.net api.comapi.com www.google-analytics.com *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.nr-data.net www.clarity.ms *.facebook.com *.datatrics.com maps.googleapis.com the.sciencebehindecommerce.com *.trustpilot.com payments.amazon.de d.ratepay.com jsctool.com autocomplete2.postdirekt.de 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.gstatic.com use.typekit.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com https://accounts.google.com https://www.facebook.com https://login.live.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://api.itau.com.br/ https://api.itau.com.br:443/ https://sts.itau.com.br/ https://sts.itau.com.br:443/ https://secure.api.itau/ https://secure.api.itau:443/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://plumrocket.com 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.contactpigeon.com *.google.com/ https://plumrocket.com *.weltpixel.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src *.contactpigeon.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.contactpigeon.com 'self' 'unsafe-inline'; frame-ancestors unsafe-inline 'self'; connect-src www.google-analytics.com stats.g.doubleclick.net/j/ dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://*.ingest.sentry.io *.contactpigeon.com https://get.geojs.io *.avada.io https://www.google-analytics.com 'self' 'unsafe-inline'; img-src data: www.google.bg/pagead/ www.google.com/pagead/ www.facebook.com/tr/ maps.googleapis.com www.google.bg/ads/ga-audiences www.google.com/ads/ga-audiences assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.magezon.com *.contactpigeon.com https://redchamps.com *.gstatic.com data: 'self' 'unsafe-inline'; style-src maxcdn.bootstrapcdn.com fonts.googleapis.com *.adobe.com *.fontawesome.com https://fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; font-src maxcdn.bootstrapcdn.com fonts.gstatic.com googleapis.com *.fontawesome.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; script-src connect.facebook.com connect.facebook.net facebook.com googleads.g.doubleclick.net www.google-analytics.com www.google.com/pagead/ www.google.bg/pagead/ www.facebook.com/tr/ maps.googleapis.com ajax.cloudflare.com/cdn-cgi/scripts/ ssets.adobedtm.com secure.authorize.net test.authorize.net js.braintreegateway.com ajax.cloudflare.com assets.adobedtm.com *.adobe.com www.googleadservices.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com www.facebook.com graph.facebook.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.contactpigeon.com *.avada.io *.google.com/ https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; 1 font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors https://h.online-metrix.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://h.online-metrix.net *.cardinalcommerce.com *.twitter.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://h.online-metrix.net *.d.aa.online-metrix.net *.cloudflare.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.ytimg.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://h.online-metrix.net *.cardinalcommerce.com *.cloudflare.com *.twitter.com *.google-analytics.com *.gstatic.com *.fontawesome.com *.newrelic.com *.nr-data.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.googleapis.com *.twitter.com *.gstatic.com *.typekit.net *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://h.online-metrix.net https://mpisandbox.braspag.com.br/v2/3ds/validate https://writer.cardinalcommerce.com/stag/log https://mpisandbox.braspag.com.br/v2/3ds/enroll https://centinelapistag.cardinalcommerce.com/V1/Order/JWT/Continue *.amazonaws.com *.braspag.com.br *.cloudflare.com *.twitter.com *.paypal.com *.newrelic.com *.nr-data.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.klevu.com *.ksearchnet.com *.fontawesome.com *.acsbapp.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com *.youtube.com *.youtube-nocookie.com bid.g.doubleclick.net player.vimeo.com *.bolt.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.klevu.com *.ksearchnet.com *.acsbapp.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.klevu.com *.ksearchnet.com acsbapp.com *.acsbapp.com hotjar.com *.hotjar.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.klevu.com *.ksearchnet.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net vimeo.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.bolt.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.klevu.com *.ksearchnet.com acsbapp.com *.acsbapp.com hotjar.com *.hotjar.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.googleapis.com fonts.gstatic.com *.fontawesome.com *.cloudflare.com data: *.hikeorders.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.hotjar.com *.google.com *.google.gr *.doubleclick.net *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.gstatic.com *.google.com *.google.gr *.facebook.com *.doubleclick.net *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.avada.io *.googletagmanager.com tagmanager.google.com *.hotjar.com *.cookie-script.com *.google.com *.gstatic.com *.cloudflareinsights.com *.hikeorders.com *.doubleclick.net https://www.googletagmanager.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com unsafe-inline fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com downloads.mailchimp.com *.fontawesome.com *.googletagmanager.com tagmanager.google.com *.cloudflare.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com https://get.geojs.io *.avada.io *.google-analytics.com *.doubleclick.net *.googleapis.com *.cookie-script.com *.analytics.google.com *.hotjar.com *.hikeorders.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.avada.io *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.gstatic.com use.typekit.net *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://test.oppwa.com/ https://oppwa.com/ https://eu-prod.oppwa.com/ https://www.datafast.com.ec/ 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ https://test.oppwa.com/ https://oppwa.com/ https://www.datafast.com.ec/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://test.oppwa.com/ https://oppwa.com/ https://www.datafast.com.ec/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://test.oppwa.com/ https://oppwa.com/ https://eu-prod.oppwa.com/ https://www.datafast.com.ec/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://test.oppwa.com/ https://oppwa.com/ https://eu-prod.oppwa.com/ https://www.datafast.com.ec/ *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io https://test.oppwa.com/ https://oppwa.com/ https://eu-prod.oppwa.com/ https://www.datafast.com.ec/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.googleapis.com fonts.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ maps.googleapis.com chart.googleapis.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com *.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com chart.googleapis.com *.googletagmanager.com *.facebook.net *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com unsafe-inline 'self' 'unsafe-inline'; object-src maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com maps.googleapis.com chart.googleapis.com *.google-analytics.com https://get.geojs.io *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.avada.io *.google.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.atlassian.com 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.atlassian.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com www.google.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.atlassian.com https://gatewayt.moneris.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com www.google.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com maxcdn.bootstrapcdn.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.atlassian.com www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://sales.connectpos.com http://sales.connectpos.com https://www.dijkxhoorn.nl 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:; report-uri https://sp.report-uri.com/r/default/csp/reportOnly 1 font-src fonts.gstatic.com *.fontawesome.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.tawk.to *.cloudfront.net portaldasmalas.com.br data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.facebook.com *.tawk.to *.cloudfront.net portaldasmalas.com.br 'self' 'unsafe-inline'; frame-ancestors portaldasmalas.com.br 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com *.twitter.com *.addthis.com *.hotjar.com *.facebook.com *.demdex.net *.tawk.to *.google.com.br *.g.doubleclick.net *.cloudfront.net *.weltpixel.com portaldasmalas.com.br 'self' 'unsafe-inline'; img-src assets.adobedtm.com *.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io validate.fishpig.co.uk https://meetanshi.com/media/logo.png https://cdn.mundipagg.com https://api.pagar.me *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.avis-verifies.com *.jsdelivr.net *.google.com *.google.com.br *.facebook.com *.facebook.net *.demdex.net *.gstatic.com *.mundipagg.com *.meetanshi.com meetanshi.com *.g.doubleclick.net *.googletagmanager.com *.cloudfront.net *.magentocommerce.com.net *.netreviews.eu maps.gstatic.com portaldasmalas.com.br data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com cdn.ampproject.org raw.githubusercontent.com *.avada.io *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.hotjar.com *.addthis.com *.tawk.to *.jsdelivr.net *.facebook.net *.moatads.com *.avis-verifies.com *.addthisedge.com lib/web/jquery/patches/jquery-ui.js *.google.com.br *.g.doubleclick.net *.googletagmanager.com *.cloudfront.net sibautomation.com maps.googleapis.com https://www.googletagmanager.com tagmanager.google.com portaldasmalas.com.br 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.jsdelivr.net *.tawk.to *.cloudfront.net tagmanager.google.com portaldasmalas.com.br 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com portaldasmalas.com.br 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net *.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com cdn.ampproject.org https://get.geojs.io *.avada.io https://api.mundipagg.com https://api.pagar.me *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.cardinalcommerce.com *.addthis.com *.tawk.to wss://*.tawk.to *.facebook.net *.google-analytics.com *.doubleclick.net *.demdex.net *.hotjar.com *.mundipagg.com *.cloudfront.net brasilapi.com.br in-automate.brevo.com portaldasmalas.com.br 'self' 'unsafe-inline'; child-src portaldasmalas.com.br http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src portaldasmalas.com.br 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.facebook.com cdn.jsdelivr.net www.google.com *.doubleclick.net *.gstatic.com *.facebook.net www.google-analytics.com www.googletagmanager.com code.jquery.com *.googleapis.com www.google.com.uy ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 font-src *.fontawesome.com maxcdn.bootstrapcdn.com https://static.unzer.com https://applepay.cdn-apple.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.google.com secure.pay1.de https://payment.unzer.com/ https://payment.heidelpay.com/ https://sbx-payment.heidelpay.com/ *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com legalweb.io www.facebook.com stats.g.doubleclick.net api.omappapi.com www.google-analytics.com https://static.unzer.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com https://cdn.polyfill.io https://browser.sentry-cdn.com polyfill.io maps.googleapis.com secure.pay1.de cdn.klarna.com www.google-analytics.com connect.facebook.net a.opmnstr.com diffuser-cdn.app-us1.com www.google.com prism.app-us1.com www.gstatic.com ajax.googleapis.com cdnjs.cloudflare.com trackcmp.net https://static.unzer.com https://applepay.cdn-apple.com https://code.jquery.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.sandbox.paypal.com api.friendlycaptcha.com eu-api.friendlycaptcha.eu https://*.ingest.sentry.io api.omappapi.com https://payment.unzer.com https://payment.heidelpay.com https://sbx-payment.heidelpay.com https://api.unzer.com https://api.heidelpay.com https://sbx-api.heidelpay.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com *.googleapis.com *.gstatic.com *.gstatic.net *.zopim.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.mercadolibre.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.com *.addthis.com *.doubleclick.com *.getblue.io *.addtoany.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.com *.metricool.com *.google.com.ar *.google.com *.pupemoda.com.ar data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.mlstatic.com *.mercadopago.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.aptrinsic.com *.facebook.net *.facebook.com *.googleapis.com *.zopim.com *.zdassets.com *.embluemail.com *.getblue.io *.doubleclick.com *.newrelic.com *.nr-data.net *.addtoany.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.mercadopago.com *.mercadolibre.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.net *.facebook.com *.googleapis.com *.zopim.com *.zdassets.com *.doubleclick.com *.doubleclick.net *.nr-data.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.facebook.com *.aptrinsic.com *.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://maps.omnivasiunta.lt www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.avada.io https://unpkg.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.google.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com unsafe-inline *.googleapis.com *.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://get.geojs.io *.avada.io https://geocode.arcgis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com t.elasticsuite.io *.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.gstatic.com *.fontawesome.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * api.razorpay.com *.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.pushalert.co cdn.razorpay.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ s7.addthis.com *.googleadservices.com *.gstatic.com *.google.com *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.pushalert.co checkout.razorpay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ekr.zdassets.com/ https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.pushalert.co lumberjack.razorpay.com lumberjack-metrics.razorpay.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1 font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.weltpixel.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe https://www.googletagmanager.com/ business.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ business.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe http://www.googletagmanager.com/ https://www.googletagmanager.com/ business.facebook.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline *.fontawesome.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com *.mercadopago.com *.mercadopago.com.ar *.mercadopago.cl *.mercadopago.com.co *.mercadopago.com.br *.mercadopago.com.mx *.mercadopago.com.uy *.mercadopago.com.ve *.mercadopago.com.pe http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ business.facebook.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com sandbox.cashfree.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com business.facebook.com api.razorpay.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com cashfreelogo.cashfree.com business.facebook.com cdn.razorpay.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com sdk.cashfree.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com business.facebook.com *.avada.io checkout.razorpay.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline cdn.dnky.co webchat.dotdigital.com *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com business.facebook.com https://get.geojs.io *.avada.io lumberjack.razorpay.com lumberjack-metrics.razorpay.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.gstatic.com *.klarnacdn.net *.trustedshops.com *.twimg.com *.twitter.com *.typekit.net data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.twitter.com *.adyen.com *.nosto.com *.nos.to *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.facebook.com *.pinterest.com *.trustpilot.com *.twitter.com https://snapwidget.com *.adyen.com www.google.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com account.fetchify.com *.nosto.com *.nos.to c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src *.adobedtm.com *.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.bing.com https://r.clarity.ms *.cloudflare.com craftyclicks.co.uk *.demdex.net *.facebook.com fetchify.com *.goldboutique.com *.google-analytics.com *.google.co.uk *.google.com *.googleadservices.com *.googletagmanager.com *.klarna.com *.lightemporium.com *.magentocommerce.com *.paypal.com *.pinterest.com *.elfsightcdn.com *.qpj.de *.qpj.fr *.qpjewellers.com *.rubyandoscar.com *.scarletocean.com *.twimg.com *.twitter.com *.usercentrics.eu *.wisepops.com *.ytimg.com *.clarity.ms https://lantern.roeyecdn.com *.adyen.com *.gstatic.com *.googleapis.com maps.gstatic.com *.trackedlink.net *.nosto.com *.nos.to www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.bing.com *.clickcease.com *.cloudflare.com cc-cdn.com *.facebook.net *.fontawesome.com *.getdrip.com *.google-analytics.com *.gstatic.com *.newrelic.com *.nr-data.net *.pcapredict.com *.pinimg.com *.plerdy.com *.taboola.com *.trackedlink.net *.trustedshops.com *.trustpilot.com *.twimg.com *.twitter.com *.usercentrics.eu https://wisepops.net https://loader.wisepops.com *.zdassets.com *.klarnaservices.com *.klarna.com *.dwin1.com *.clarity.ms https://snapwidget.com *.elfsight.com *.elfsightcdn.com https://d21m4dsqdd3b9h.cloudfront.net https://lantern.roeyecdn.com *.adyen.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com player.vimeo.com *.nosto.com *.nos.to js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.bootstrapcdn.com *.cloudflare.com *.fontawesome.com *.googleapis.com *.gstatic.com *.klarnacdn.net https://d21m4dsqdd3b9h.cloudfront.net *.trustedshops.com *.twimg.com *.twitter.com *.typekit.net *.usercentrics.eu *.zdassets.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com cc-cdn.com *.nosto.com *.nos.to unsafe-inline assets.braintreegateway.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.analytics.google.com *.bootstrapcdn.com *.clarity.ms *.cloudflare.com *.doubleclick.net *.facebook.com *.google-analytics.com *.google.com https://google.com/pay *.googleadservices.com *.klarna.com *.klarnaservices.com *.klarnaevt.com *.newrelic.com *.nr-data.net *.paypal.com *.paypalobjects.com *.pcapredict.com *.pinterest.com *.plerdy.com *.sandbox.paypal.com *.trackedlink.net *.trustpilot.com *.twimg.com *.twitter.com https://wisepops.net https://activity.wisepops.com *.zdassets.com *.zendesk.com *.zopim.com wss://widget-mediator.zopim.com *.sentry.io *.elfsight.com *.adyen.com *.googleapis.com *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.slack.com *.nosto.com *.nos.to api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com 'self' data: *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://player.vimeo.com https://www.youtube-nocookie.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io blueskytechmage.com mageblueskytech.com placehold.jp blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ widget.freshworks.com m2epro.freshdesk.com s7.addthis.com https://player.vimeo.com https://www.youtube.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.googleapis.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com widget.freshworks.com m2epro.freshdesk.com ekr.zdassets.com/ https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com js.mollie.com *.webwinkelkeur.nl 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://cdn.clerk.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com https://www.mollie.com *.clarity.ms *.linkedin.com rvsland.hypernode.io *.bing.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://api.clerk.io https://cdn.clerk.io chimpstatic.com downloads.mailchimp.com *.list-manage.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com js.mollie.com https://magento.com *.cookiebot.com *.clarity.ms *.cookiefirst.com *.licdn.com *.googleoptimize.com/ *.bing.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://api.clerk.io https://cdn.clerk.io downloads.mailchimp.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cookiefirst.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net *.clarity.ms *.googleapis.com *.google.com *.cookiebot.com *.cookiefirst.com *.g.doubleclick.net *.ads.linkedin.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com *.scooterpieces.fr *.cloudfront.net *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.bootstrapcdn.com *.colissimo.fr *.avis-verifies.com *.mapbox.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.scooterpieces.fr *.twitter.com *.facebook.com *.colissimo.fr *.avis-verifies.com *.mapbox.com *.googleapis.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com www.googletagmanager.com s3-eu-west-1.amazonaws.com *.front.ecard.pledg.co front.ecard.pledg.co hooks.stripe.com *.scooterpieces.fr *.twitter.com https://www.google.com https://www.google.co.in https://www.facebook.com *.colissimo.fr *.avis-verifies.com *.googleapis.com *.googlesyndication.com https://stats.g.doubleclick.net *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com camo.githubusercontent.com *.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.scooterpieces.fr *.cloudfront.net *.cloudflare.com *.gstatic.com *.google.co.in https://www.facebook.com *.klarna.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net *.youtube.com https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com *.colissimo.fr *.avis-verifies.com *.mapbox.com *.googleapis.com *.google.fr *.googlesyndication.com maps.google.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com cdn.jsdelivr.net connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com https://cdnjs.cloudflare.com s3-eu-west-1.amazonaws.com *.front.ecard.pledg.co *.scooterpieces.fr *.cloudfront.net *.newrelic.com *.nr-data.net *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://connect.facebook.net *.paypalobjects.com *.paypal.com https://chimpstatic.com *.youtube.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.bootstrapcdn.com *.googleapis.com *.toto.fr *.colissimo.fr *.avis-verifies.com *.mapbox.com *.googlesyndication.com webcache.googleusercontent.com *.google.fr *.googletagservices.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.jsdelivr.net fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.cloudfront.net *.scooterpieces.fr *.cloudflare.com *.googleapis.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.youtube.com *.bootstrapcdn.com *.mapbox.com *.colissimo.fr *.avis-verifies.com webcache.googleusercontent.com *.google.fr *.googleadservices.com *.googlesyndication.com *.google-analytics.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com *.getalma.eu *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net s3-eu-west-1.amazonaws.com *.front.ecard.pledg.co *.scooterpieces.fr *.nr-data.net *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google.com *.google.co.in *.facebook.com *.googleadservices.com *.colissimo.fr *.avis-verifies.com *.mapbox.com *.googleapis.com webcache.googleusercontent.com *.googlesyndication.com https://stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://scooterpieces.fr/; report-to report-endpoint; 1 font-src *.fontawesome.com *.googleapis.com *.bootstrapcdn.com *.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com *.facebook.net *.yotpo.com 'self'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.facebook.com *.youtube.com *.paypal.com *.yotpo.com *.doubleclick.net *.xtento.com *.googletagmanager.com *.google.com *.hotjar.com acsbapp.com *.acsbap.com *.callindex.co.il *.outbrain.com *.glassix.com *.hotjar.io https://www.googletagmanager.com/ www.xtento.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com business.facebook.com *.gstatic.com *.googleadservices.com *.google-analytics.com *.google.com *.google.com.vn *.google.co.il https://www.google *.magentocommerce.com *.paypal.com *.paypalobjects.com *.ytimg.com *.adscale.com *.outbrain.com www.xtento.com *.doubleclick.net *.googleapis.com data: *.hotjar.com *.hotjar.io *.web-view.net *.google.com.sg http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.google.fr *.google.ie cdn.xtento.com 'self'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com *.vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.net business.facebook.com *.google-analytics.com *.googleapis.com *.google.com *.fontawesome.com *.gstatic.com *.adscale.com *.googleadservices.com *.googletagmanager.com *.doubleclick.net *.analytics.com *.youtube.com *.xtento.com *.paypal.com *.paypalobjects.com *.hotjar.com *.hotjar.io *.callindex.co.il *.outbrain.com *.glassix.com *.acsbapp.com acsbapp.com acsbap.com *.web-view.net *.jquery.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.google.fr *.google.ie googleads.g.doubleclick.net www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com *.googleapis.com *.bootstrapcdn.com *.adscale.com *.web-view.net maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com business.facebook.com *.doubleclick.net *.analytics.com *.facebook.net *.google-analytics.com *.googleapis.com *.glassix.com *.acsbapp.com acsbap.com *.outbrain.com *.hotjar.com *.hotjar.io http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' data: ;font-src 'self' data: fonts.gstatic.com *.zbozi.cz *.smartsuppcdn.com ;connect-src 'self' data: application/octet-stream blob: *.google.com *.google.cz *.googleapis.com *.google-analytics.com www.googletagmanager.com *.zbozi.cz *.pingdom.net *.doubleclick.net *.facebook.com *.biano.cz *.gstatic.com *.googlesyndication.com *.clarity.ms wss://*.smartsupp.com *.smartsupp.com *.smartsuppchat.com *.smartsuppcdn.com *.foxentry.cz *.leady.com *.leady.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.cz *.seznam.cz *.googleapis.com www.googletagmanager.com *.google-analytics.com *.imedia.cz *.googleadservices.com *.doubleclick.net *.adform.net *.facebook.net https://im9.cz *.zbozi.cz *.pingdom.net *.biano.cz *.gstatic.com www.youtube.com www.youtube-nocookie.com *.clarity.ms https://unpkg.com *.smartsuppchat.com *.smartsuppcdn.com *.foxentry.cz *.leady.com *.leady.com;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.cz *.seznam.cz *.googleapis.com www.googletagmanager.com *.google-analytics.com *.imedia.cz *.googleadservices.com *.doubleclick.net *.adform.net *.facebook.net https://im9.cz *.zbozi.cz *.pingdom.net *.biano.cz *.gstatic.com www.youtube.com www.youtube-nocookie.com *.clarity.ms https://unpkg.com *.smartsuppchat.com *.smartsuppcdn.com *.foxentry.cz *.leady.com *.leady.com;form-action 'self' *.facebook.com *.facebook.net ;frame-src 'self' blob: www.youtube.com www.youtube-nocookie.com *.iplatba.cz *.imedia.cz *.facebook.com *.facebook.net *.zbozi.cz *.google.com *.doubleclick.net *.seznam.cz *.foxentry.cz ;worker-src 'self' blob: www.youtube.com www.youtube-nocookie.com *.iplatba.cz *.imedia.cz *.facebook.com *.facebook.net *.zbozi.cz *.google.com *.doubleclick.net *.seznam.cz *.foxentry.cz ;frame-ancestors 'self' ;img-src 'self' data: blob: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com *.google-analytics.com *.senesi.cz *.doubleclick.net *.googlesyndication.com *.google.com *.google.co.uk *.google.cz *.google.sk *.google.de *.google.at *.google.fr *.google.it *.google.sk *.google.pl *.google.nl *.google.ie iplatba.cz *.imedia.cz *.heureka.cz *.facebook.com *.facebook.net *.zbozi.cz *.seznam.cz *.biano.cz *.clarity.ms c.bing.com *.instagram.com *.smartsuppcdn.com https://files.packeta.com *.foxentry.cz *.leady.com ;style-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.zbozi.cz *.gstatic.com *.smartsuppcdn.com *.foxentry.cz www.googletagmanager.com ;object-src 'self' blob: ; report-uri /frontendreport/report/ 1 font-src fonts.gstatic.com use.typekit.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://sandbox.sequracdn.com https://live.sequracdn.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://www.facebook.com https://seers-application-assets.s3.amazonaws.com https://www.google.es www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://sandbox.sequracdn.com https://live.sequracdn.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ widget.freshworks.com m2epro.freshdesk.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://sandbox.sequracdn.com https://live.sequracdn.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com widget.freshworks.com m2epro.freshdesk.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://cdn.seersco.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net qa-api.magedevteam.com widget.freshworks.com m2epro.freshdesk.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com https://sandbox.sequracdn.com https://live.sequracdn.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.doubleclick.net www.google-analytics.com www.googletagmanager.com *.facebook.com analytics.google.com *.facebook.net www.google.com app.chaport.com server.chaport.com assets.chaport.com *.gstatic.com cdn.jsdelivr.net www.google.co.th *.addthis.com adservice.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 font-src *.fontawesome.com applepay.cdn-apple.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com *.fonts.googleapis.com data: *.cloudflare.com *.yotpo.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com api.payplug.com secure.payplug.com webservices.securetrading.net *.google.com *.addthis.com *.pinterest.com *.trustpilot.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com cdn.doofinder.com business.facebook.com https://images.unsplash.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.addthis.com *.pinterest.com *.cdninstagram.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com cdn.doofinder.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.facebook.com business.facebook.com int-ecommerce.nexi.it ecommerce.nexi.it www.google.com www.gstatic.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com api.payplug.com applepay.cdn-apple.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com webservices.securetrading.net songbirdstag.cardinalcommerce.com *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com *.trustpilot.com https://www.googletagmanager.com tagmanager.google.com analytics.google.com *.facebook.net *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.doofinder.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com unsafe-inline *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com *.trustpilot.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.doofinder.com wss://*.doofinder.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com business.facebook.com int-ecommerce.nexi.it ecommerce.nexi.it https://get.geojs.io *.avada.io www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com o402164.ingest.sentry.io *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com *.google-analytics.com analytics.google.com *.facebook.net https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.googletagmanager.com/ *.trustpilot.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com 'self' data: *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net cdn-scripts.signifyd.com www.youtube.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.google.com *.gstatic.com *.trustpilot.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com maxcdn.bootstrapcdn.com *.googleapis.com *.gstatic.com *.trustpilot.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io t.elasticsuite.io *.google-analytics.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src api.ebizcharges.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 worker-src blob:; font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com fonts.gstatic.com *.kxcdn.com *.fontawesome.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.facebook.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.google.com *.google.com *.doubleclick.net *.facebook.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com scontent.cdninstagram.com *.kxcdn.com amcglobal.sc.omtrdc.net *.twitter.com *.googleapis.com google.com *.glami.bg www.xtento.com cdn.xtento.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.googleapis.com google.com cdn.ampproject.org www.googletagmanager.com googletagmanager.com *.kxcdn.com platform.twitter.com *.avada.io *.glami.bg www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com google.com *.kxcdn.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com dpm.demdex.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1 default-src https: data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; frame-ancestors 'self'; report-uri https://stoklasa.report-uri.io/r/default/csp/reportOnly 1 font-src *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.ppl.cz data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.addthis.com *.pinterest.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com maps.gstatic.com https://im9.cz https://www.google.sk https://www.google.cz https://www.google.com https://www.google.hu https://www.google.de https://www.google.it https://www.google.fr https://bat.bing.com https://c.bing.com https://c.clarity.ms https://static.compari.ro https://p1.akcdn.net https://static.arukereso.hu https://takoy.sk https://c.seznam.cz https://cm.g.doubleclick.net https://x.bidswitch.net https://ib.adnxs.com https://contextual.media.net https://pixel.rubiconproject.com https://sync-t1.taboola.com https://rtb-csync.smartadserver.com https://criteo-sync.teads.tv https://eb2.3lift.com https://ups.analytics.yahoo.com https://cm.adform.net https://visitor.omnitagjs.com https://r.casalemedia.com https://gum.criteo.com https://*.criteo.com https://widgets.trustedshops.com https://d3k81ch9hvuctc.cloudfront.net https://id5-sync.com https://ad.360yield.com https://matching.ivitrack.com https://exchange.mediavine.com https://jadserve.postrelease.com https://sync.outbrain.com https://simage2.pubmatic.com https://match.sharethrough.com https://criteo-partners.tremorhub.com https://ad.yieldlab.net https://sync-criteo.ads.yieldmo.com https://e1.emxdgt.com https://beacon.krxd.net https://s.thebrighttag.com https://public-prod-dspcookiematching.dmxleo.com https://www.heureka.sk https://www.heureka.cz *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io www.google.sk js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com maps.googleapis.com https://www.google.sk www.sk.im9.cz https://im9.cz www.im9.cz www.freeprivacypolicy.com ssl.heureka.sk s.pinimg.com https://bat.bing.com login.dognet.sk https://sk.im9.cz https://www.clarity.ms https://analytics.tiktok.com https://widget.packeta.com https://ssl.heureka.cz https://static.arukereso.hu https://www.heureka.cz https://dynamic.criteo.com https://c.seznam.cz https://sslwidget.criteo.com https://widgets.trustedshops.com https://static.compari.ro https://apis.google.com https://cdn.stape.io https://www.googletagmanager.com tagmanager.google.com *.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.googleapis.com https://static.arukereso.hu https://www.ppl.cz https://static.compari.ro tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cloudflare.com *.googleapis.com *.addthis.com https://graph.instagram.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://ct.pinterest.com https://static.compari.ro https://q.clarity.ms https://stats.g.doubleclick.net https://static.arukereso.hu https://analytics.tiktok.com https://bat.bing.com https://measurement-api.criteo.com https://www.google https://analytics.pangle-ads.com https://metrics.takoy.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://takoy.it/pr-csp/report/add/; report-to report-endpoint; 1 font-src *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.ppl.cz data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.addthis.com *.pinterest.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com maps.gstatic.com https://im9.cz https://www.google.sk https://www.google.cz https://www.google.com https://www.google.hu https://www.google.de https://www.google.it https://www.google.fr https://bat.bing.com https://c.bing.com https://c.clarity.ms https://static.compari.ro https://p1.akcdn.net https://static.arukereso.hu https://takoy.sk https://c.seznam.cz https://cm.g.doubleclick.net https://x.bidswitch.net https://ib.adnxs.com https://contextual.media.net https://pixel.rubiconproject.com https://sync-t1.taboola.com https://rtb-csync.smartadserver.com https://criteo-sync.teads.tv https://eb2.3lift.com https://ups.analytics.yahoo.com https://cm.adform.net https://visitor.omnitagjs.com https://r.casalemedia.com https://gum.criteo.com https://*.criteo.com https://widgets.trustedshops.com https://d3k81ch9hvuctc.cloudfront.net https://id5-sync.com https://ad.360yield.com https://matching.ivitrack.com https://exchange.mediavine.com https://jadserve.postrelease.com https://sync.outbrain.com https://simage2.pubmatic.com https://match.sharethrough.com https://criteo-partners.tremorhub.com https://ad.yieldlab.net https://sync-criteo.ads.yieldmo.com https://e1.emxdgt.com https://beacon.krxd.net https://s.thebrighttag.com https://public-prod-dspcookiematching.dmxleo.com https://www.heureka.sk https://www.heureka.cz *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io www.google.sk js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com maps.googleapis.com https://www.google.sk www.sk.im9.cz https://im9.cz www.im9.cz www.freeprivacypolicy.com ssl.heureka.sk s.pinimg.com https://bat.bing.com login.dognet.sk https://sk.im9.cz https://www.clarity.ms https://analytics.tiktok.com https://widget.packeta.com https://ssl.heureka.cz https://static.arukereso.hu https://www.heureka.cz https://dynamic.criteo.com https://c.seznam.cz https://sslwidget.criteo.com https://widgets.trustedshops.com https://static.compari.ro https://apis.google.com https://cdn.stape.io https://www.googletagmanager.com tagmanager.google.com *.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.googleapis.com https://static.arukereso.hu https://www.ppl.cz https://static.compari.ro tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cloudflare.com *.googleapis.com *.addthis.com https://graph.instagram.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://ct.pinterest.com https://static.compari.ro https://q.clarity.ms https://stats.g.doubleclick.net https://static.arukereso.hu https://analytics.tiktok.com https://bat.bing.com https://measurement-api.criteo.com https://www.google https://analytics.pangle-ads.com https://metrics.takoy.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://takoy.ro/pr-csp/report/add/; report-to report-endpoint; 1 font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: *.dhlparcel.nl *.cloudfront.net *.cloudflare.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors https://api.clerk.io https://cdn.clerk.io 'self'; frame-src fast.amc.demdex.net *.adobe.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ bid.g.doubleclick.net js.mollie.com https://plumrocket.com https://remove.video/ *.clerk.io www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://cdn.clerk.io https://images.unsplash.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.sooqr.com flagpedia.net https://www.mollie.com 'self' data: *.snapppt.com *.cdninstagram.com *.cloudflare.com *.tantebetsy.nl *.tantebetsy.com *.google.com *.addsauce.com *.bing.com *.facebook.com www.google.nl *.gstatic.com maps.googleapis.com www.xtento.com cdn.xtento.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://api.clerk.io https://cdn.clerk.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://cdn.polyfill.io https://browser.sentry-cdn.com *.sooqr.com *.gstatic.com maps.googleapis.com js.mollie.com *.google.com *.dhlparcel.nl snapppt.com *.snapppt.com *.cloudfront.net *.clerk.io *.cookiecode.nl *.addsauce.com *.bing.com *.facebook.net *.clarity.ms www.xtento.com cdn.xtento.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://api.clerk.io https://cdn.clerk.io https://static.klaviyo.com *.fontawesome.com *.sooqr.com maxcdn.bootstrapcdn.com *.gstatic.com *.googleapis.com *.dhlparcel.nl *.cloudfront.net tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.ingest.sentry.io www.gstatic.com maps.googleapis.com t.elasticsuite.io *.google-analytics.com snapppt.com *.cookiecode.nl *.google.com *.addsauce.com *.doubleclick.net *.clarity.ms *.gstatic.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.klarnacdn.net *.fontawesome.com https://widgets.trustedshops.com https://integrations.etrusted.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.klarna.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.sendcloud.sc *.jsdelivr.net www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.buckaroo.nl https://images.unsplash.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://www.mollie.com https://widgets.trustedshops.com https://integrations.etrusted.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.amazonaws.com maps.gstatic.com www.magmodules.eu *.squeezely.tech www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl *.klarna.com *.klarnacdn.net *.klarnaservices.com js.mollie.com https://widgets.trustedshops.com https://integrations.etrusted.com https://www.googletagmanager.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.sendcloud.sc *.jsdelivr.net maps.googleapis.com squeezely.tech www.squeezely.tech *.squeezely.tech www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl *.klarnacdn.net *.fontawesome.com https://widgets.trustedshops.com https://integrations.etrusted.com unsafe-inline *.sendcloud.sc *.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com *.trustedshops.com *.etrusted.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com squeezely.tech *.squeezely.tech 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; font-src 'self' data: https: 'unsafe-inline'; connect-src https: wss: 'unsafe-inline'; report-uri https://hi.report-uri.com/r/d/csp/reportOnly 1 font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mobilpay.ro 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://*.sameday.ro *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.avada.io https://*.sameday.ro 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com https://*.sameday.ro *.gstatic.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.avada.io ekyc.blob.core.windows.net apiro.id-kyc.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com *.gstatic.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.googleapis.com *.gstatic.com *.fontawesome.com applepay.cdn-apple.com https://eu1-search.doofinder.com https://cdn.doofinder.com https://widget.feedaty.com *.www.sandbox.paypal.com *.images.unsplash.com https://cdn.payplug.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://seo.mageplaza.com https://eu1-search.doofinder.com https://cdn.doofinder.com https://widget.feedaty.com *.www.sandbox.paypal.com *.images.unsplash.com https://connect.facebook.net https://www.facebook.com https://cdn.payplug.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://static.addtoany.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * js.stripe.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de api.payplug.com secure.payplug.com https://connect.facebook.net https://www.facebook.com https://cdn.payplug.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com https://images.unsplash.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com cdn.doofinder.com https://eu1-search.doofinder.com https://cdn.doofinder.com https://widget.feedaty.com https://www.sandbox.paypal.com https://tibiona.it https://connect.facebook.net https://www.facebook.com https://placehold.co https://cdn.payplug.com https://tibiona.b-cdn.net https://www.google.it https://imgsct.cookiebot.com *.facebook.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.addtoany.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com js.stripe.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de widget.freshworks.com m2epro.freshdesk.com cdn.doofinder.com *.avada.io api.payplug.com applepay.cdn-apple.com https://cdn.payplug.com/js/integrated-payment/ https://eu1-search.doofinder.com https://cdn.doofinder.com https://widget.feedaty.com https://www.sandbox.paypal.com https://images.unsplash.com https://dev.tibiona.fr https://dev.tibiona.es https://connect.facebook.net https://www.facebook.com https://cdn.payplug.com https://sibautomation.com https://chatbot.simplified.com https://googleads.g.doubleclick.net https://api.uxsniff.com https://consent.cookiebot.com https://consentcdn.cookiebot.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com widget.freshworks.com m2epro.freshdesk.com *.doofinder.com *.fontawesome.com https://eu1-search.doofinder.com https://cdn.doofinder.com https://widget.feedaty.com https://www.sandbox.paypal.com https://images.unsplash.com https://www.facebook.com https://dev.tibiona.en https://cdn.payplug.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://stats.addtoany.com/menu api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de widget.freshworks.com m2epro.freshdesk.com *.doofinder.com wss://*.doofinder.com https://get.geojs.io *.avada.io https://eu1-search.doofinder.com https://cdn.doofinder.com https://widget.feedaty.com *.www.sandbox.paypal.com *.images.unsplash.com https://connect.facebook.net https://www.facebook.com https://cdn.payplug.com https://in-automate.brevo.com https://googleads.g.doubleclick.net https://api.uxsniff.com https://consentcdn.cookiebot.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://eu1-search.doofinder.com https://cdn.doofinder.com https://widget.feedaty.com https://www.sandbox.paypal.com https://images.unsplash.com https://connect.facebook.net https://www.facebook.com https://cdn.payplug.com https://api.uxsniff.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://eu1-search.doofinder.com https://cdn.doofinder.com https://widget.feedaty.com https://www.sandbox.paypal.com https://images.unsplash.com https://connect.facebook.net https://www.facebook.com https://cdn.payplug.com https://chatbot.simplified.com https://googleads.g.doubleclick.net https://api.uxsniff.com 'self' 'unsafe-inline'; 1 font-src fonts.gstatic.com *.gstatic.com data: fonts.googleapis.com *.fontawesome.com *.fonts.googleapis.com *.cloudflare.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com https://app.hubspot.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com *.instagram.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co webchat.dotdigital.com *.mercadolibre.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.google.com *.addthis.com *.pinterest.com https://app.hubspot.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.googleapis.com *.cdninstagram.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.addthis.com *.pinterest.com https://forms.hsforms.com https://track.hubspot.com https://www.google.com https://www.google.com.bo *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com cdn.ampproject.org raw.githubusercontent.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.instagram.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co webchat.dotdigital.com *.mlstatic.com *.mercadopago.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com https://js.hs-scripts.com https://js.hs-banner.com https://js.hscollectedforms.net https://js.usemessages.com https://js.hs-analytics.net https://api.hubspot.com https://forms.hubspot.com https://js-agent.newrelic.com https://bam.nr-data.net https://js-na1.hs-scripts.com https://js.hubspotfeedback.com https://js.hsleadflows.net https://js.hsadspixel.net https://js.hs-banner.net https://cdn2.hubspot.net https://static.hsappstatic.net https://feedback.hubapi.com https://hubspot.com https://hubspotusercontentxx.net https://hsforms.net https://hsforms.com https://vidyard.com https://googleads.g.doubleclick.net *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com unsafe-inline *.googleapis.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com cdn.ampproject.org *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de webchat.dotdigital.com *.mercadopago.com *.mercadolibre.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com https://api.hubspot.com https://forms.hubspot.com https://bam.nr-data.net https://js-na1.hs-scripts.com https://js.hubspotfeedback.com forms.hscollectedforms.net https://stats.g.doubleclick.net *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com *.alothemes.com *.magepow.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com https://seo.mageplaza.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.youtube.com/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.alothemes.com *.magepow.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trackedlink.net *.alothemes.com *.magepow.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.alothemes.com *.magepow.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.googleadservices.com *.google-analytics.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.ampproject.org *.alothemes.com *.magepow.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.gstatic.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net *.redsys.es https://3ds.vinea.es *.americanexpress.com *.facebook.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net https://3ds.redsys.es/ https://td.doubleclick.net/ *.facebook.net https://3ds.vinea.es *.americanexpress.com *.googlesyndication.com *.facebook.com *.paypalobjects.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.adyen.com *.google.com *.addthis.com *.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com *.google.es *.bing.com *.tradetracker.net *.facebook.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com s.ytimg.com validator.swagger.io *.adyen.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.cloudflare.com *.cdn.klarna.com data: *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net *.facebook.net *.doubleclick.net *.googlesyndication.com *.google.es *.google.com *.bing.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com www.youtube.com video.google.com *.adyen.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.avada.io *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.instagram.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com getfirebug.com downloads.mailchimp.com *.fontawesome.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.facebook.net *.facebook.com *.bing.com *.doubleclick.net *.googlesyndication.com *.google.es *.google.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com https://get.geojs.io *.avada.io *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com *.graph.instagram.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.googleapis.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com https://plumrocket.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.paypal.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com *.unicreditconsumerfinancing.info data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com www.paypalobjects.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.googleapis.com https://get.geojs.io *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es https://store.plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es secure.payu.com merch-prod.snd.payu.com https://store.plumrocket.com api.razorpay.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es static.payu.com cdn.razorpay.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.avada.io secure.payu.com secure.snd.payu.com checkout.razorpay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es secure.payu.com merch-prod.snd.payu.com lumberjack.razorpay.com lumberjack-metrics.razorpay.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 worker-src blob:; font-src fonts.gstatic.com *.kxcdn.com *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com google.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de scontent.cdninstagram.com *.kxcdn.com *.twitter.com *.googleapis.com google.com *.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.googleapis.com google.com *.gstatic.com cdn.ampproject.org connect.facebook.net www.googletagmanager.com googletagmanager.com *.kxcdn.com platform.twitter.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com google.com *.kxcdn.com *.gstatic.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com unsafe-inline *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1 font-src *.fontawesome.com https://fonts.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://player.vimeo.com https://www.youtube-nocookie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.facebook.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.valerisport.it webstats.consultarea.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ int-ecommerce.nexi.it ecommerce.nexi.it www.google.com www.gstatic.com s7.addthis.com *.googletagmanager.com *.facebook.net *.avada.io https://player.vimeo.com https://www.youtube.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com www.valerisport.it/ webstats.consultarea.net/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com https://fonts.googleapis.com http://fonts.googleapis.com unsafe-inline fonts.googleapis.com www.valerisport.it 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com int-ecommerce.nexi.it ecommerce.nexi.it ekr.zdassets.com/ *.google-analytics.com https://get.geojs.io *.avada.io https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com webstats.consultarea.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-Isd4Fo-5Z1Jxk2QUN-9dYQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.fontawesome.com https://fonts.gstatic.com 'self' data: *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://player.vimeo.com https://www.youtube-nocookie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.google.com *.google.com.co c.bing.com *.gstatic.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com s7.addthis.com *.avada.io https://player.vimeo.com https://www.youtube.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.doubleclick.net analytics.google.com cdn.connectif.cloud *.hotjar.com *.clarity.ms connect.facebook.net *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com https://fonts.googleapis.com http://fonts.googleapis.com unsafe-inline tagmanager.google.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com ekr.zdassets.com/ https://get.geojs.io *.avada.io https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google.com.co analytics.google.com *.clarity.ms stats.g.doubleclick.net am1-api.connectif.cloud content.hotjar.io *.hotjar.com *.facebook.com https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com fonts.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com https://seo.mageplaza.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://*.svea.com https://*.vipps.no https://*.trustly.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src https://td.doubleclick.net/ *.doubleclick.net td.doubleclick.net fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com www.facebook.com static.addtoany.com vars.hotjar.com ct.pinterest.com checkoutapi.svea.com connect.facebook.net graph.facebook.com business.facebook.com *.trustpilot.com *.weltpixel.com *.addthis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://*.svea.com; img-src *.google.pl www.google.pl px4.ads.linkedin.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com www.google.se merit.soliditet.se maps.gstatic.com maps.googleapis.com ct.pinterest.com s.pinimg.com www.google.co.uk px.ads.linkedin.com cookie-cdn.cookiepro.com *.trustpilot.net *.trustpilot.com connect.facebook.net graph.facebook.com business.facebook.com https://images.unsplash.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pod-29.zendesk.com https://pod-29.zendesk.com/sc/faye assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com static.addtoany.com maps.googleapis.com cookie-cdn.cookiepro.com static.zdassets.com script.hotjar.com static.hotjar.com snap.licdn.com s.pinimg.com checkoutapi.svea.com connect.facebook.net graph.facebook.com business.facebook.com *.trustpilot.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.googletagmanager.com tagmanager.google.com s7.addthis.com *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://*.svea.com; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com fonts.googleapis.com *.trustpilot.com https://static.klaviyo.com tagmanager.google.com https://cdn.jsdelivr.net *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.pod-29.zendesk.com https://pod-29.zendesk.com/sc/faye *.zendesk.com *.hotjar.io dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com www.facebook.com *.facebook.net *.google.com ct.pinterest.com stats.g.doubleclick.net cookie-cdn.cookiepro.com vesaniswedenab.zendesk.com pagead2.googlesyndication.com geolocation.onetrust.com *.analytics.google.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.google-analytics.com ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com t.elasticsuite.io; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.snapmint.com *.facebook.net *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.facebook.com https://www.facebook.com *.facebook.net 'self'; frame-src fast.amc.demdex.net *.adobe.com *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.twitter.com *.youtube.com/ *.consensu.org *.sharethis.com *.snapmint.com *.facebook.net *.facebook.com api.razorpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.sharethis.com *.victorsport.in *.facebook.net *.facebook.com cdn.razorpay.com assets.snapmint.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.trackedlink.net *.google.com *.sharethis.com *.snapmint.com *.facebook.net *.facebook.com checkout.razorpay.com api.snapmint.com assets.snapmint.com sandboxapi.snapmint.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.facebook.net *.facebook.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.googleadservices.com *.google-analytics.com *.sandbox.paypal.com *.paypalobjects.com *.trackedlink.net *.ampproject.org *.sharethis.com *.snapmint.com *.facebook.net *.facebook.com lumberjack.razorpay.com lumberjack-metrics.razorpay.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: bcp.crwdcntrl.net *.facebook.net www.google.com analytics.google.com www.viriyah.com www.google.co.th l.sharethis.com buttons-config.sharethis.com data.stbuttons.click *.facebook.com www.googletagmanager.com *.doubleclick.net adservice.google.com c.ltmsphrcl.net vc.hotjar.io *.googleapis.com *.hotjar.com platform-cdn.sharethis.com *.gstatic.com platform-api.sharethis.com www.google-analytics.com sync.sharethis.com t.sharethis.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 font-src data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.addthis.com *.google.com/ *.mercadolibre.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://images.unsplash.com https://www.magezon.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.addthis.com https://z.moatads.com https://v1.addthisedge.com https://cdn.jsdelivr.net s7.addthis.com *.google.com/ *.mlstatic.com *.mercadopago.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://cdn.jsdelivr.net unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.sandbox.paypal.com https://www.paypal.com ekr.zdassets.com/ *.mercadopago.com *.mercadolibre.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 report-uri /api/v1/csp/report;script-src cdn.usersnap.com api.usersnap.com cdn.procademy.nl cdn.jsdelivr.net 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ajax/libs/fullcalendar/3.9.0/fullcalendar.min.js 'unsafe-eval' js-agent.newrelic.com/ bam.nr-data.net stats.pusher.com ws-eu.pusher.com/ https://player.vimeo.com/ https://s.ytimg.com/yts/jsbin/ https://www.youtube.com/iframe_api https://cdn.procademy.nl stonly.com/js/widget/v2/ https://www.youtube.com;font-src cdn.procademy.nl cdnjs.cloudflare.com 'self' data: fonts.gstatic.com netdna.bootstrapcdn.com/bootstrap/3.0.0/fonts/ fonts.googleapis.com https://cdn.procademy.nl;style-src cdn.procademy.nl cdn.jsdelivr.net https://cdn.jsdelivr.net 'self' 'unsafe-inline' fonts.googleapis.com https://cdn.procademy.nl;media-src vmbo-bwinet.nl www.vmbo-bwinet.nl editor.procademy.nl mediastream: 'self' blob:;default-src 'self' 'unsafe-inline' 'unsafe-eval' https: editor.procademy.nl vimeo.com gcs-vimeo.akamaized.net;img-src https: data: blob:;child-src 'self' esser-emmerik.freshdesk.com www.youtube.com;frame-src 'self' h5p.org/ drive.google.com docs.google.com www.youtube-nocookie.com www.youtube.com youtu.be www.youtube.be/ w.soundcloud.com www.slideshare.net/ player.vimeo.com support.procademy.nl/ https://s.stonly.com;connect-src https: 'self' wss://ws-eu.pusher.com/ wss://ws.pusherapp.com/app/ bam.nr-data.net https://ecs.us1.twilio.com wss://global.vss.twilio.com wss://sdkgw.us1.twilio.com;worker-src 'self' blob: 1 upgrade-insecure-requests; default-src 'none'; object-src 'self'; media-src 'self'; connect-src 'self'; frame-ancestors 'none'; frame-src https://www.youtube.com; img-src 'self' data: https://www.google-analytics.com https://maps.gstatic.com https://csi.gstatic.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; script-src 'self' 'nonce-d99a4ed5cb745e8e46893b65aad2f5ab4eceb0a1' 'sha256-NeueIEO8rwnaeJW0jYHRwrarPP+KzGzhk6xBJ06ntlw=' https://www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://maps.googleapis.com; 1 font-src *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com https://geowidget.easypack24.net https://fonts.gstatic.com *.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com secure.payu.com merch-prod.snd.payu.com https://geowidget-app.inpost.pl/ https://app2.salesmanago.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.klarna.com *.klarnaevt.com *.klarnacdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com static.payu.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.glami.pl *.pixel.wp.pl *.imgsct.cookiebot.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.salesmanago.pl *.salesmanago.es *.salesmanago.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.klarna.com *.klarnacdn.net *.klarnaservices.com s7.addthis.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com secure.payu.com secure.snd.payu.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org *.googletagmanager.com *.opineo.pl 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline https://geowidget.easypack24.net https://geowidget.inpost.pl *.typekit.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com https://*.ingest.sentry.io *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com secure.payu.com merch-prod.snd.payu.com *.easypack24.net *.inpost.pl *.openstreetmap.org *.vc-service.saleago.com ws: 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src fonts.gstatic.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: cdn.doofinder.com https://a.klaviyo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com cdn.ampproject.org raw.githubusercontent.com jquery.sellxed.com cdn.doofinder.com https://static.klaviyo.com https://fast.a.klaviyo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com fonts.googleapis.com *.doofinder.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com cdn.ampproject.org *.doofinder.com wss://*.doofinder.com https://static.klaviyo.com https://fast.a.klaviyo.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 worker-src blob:; font-src fonts.gstatic.com *.kxcdn.com *.tawk.to data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://seo.mageplaza.com *.cardinalcommerce.com *.paypal.com *.tawk.to 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.google.com *.addthis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com api.razorpay.com *.tawk.to 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.cdninstagram.com *.kxcdn.com *.twitter.com *.googleapis.com *.google.com *.gstatic.com *.fbcdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com cdn.razorpay.com *.tawk.to cdn.jsdelivr.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.google.com *.gstatic.com cdn.ampproject.org connect.facebook.net www.googletagmanager.com googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com *.youtube.com s7.addthis.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com checkout.razorpay.com *.tawk.to cdn.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.google.com *.kxcdn.com *.gstatic.com unsafe-inline *.tawk.to fonts.googleapis.com cdn.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com lumberjack.razorpay.com *.tawk.to wss://*.tawk.to 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1 font-src fonts.gstatic.com use.typekit.net lora-sdk.belive.sg *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com 'self' connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com static.addtoany.com www.facebook.com *.fls.doubleclick.net www.mewatch.sg connect.facebook.net graph.facebook.com business.facebook.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net www.facebook.com *.mediacorp.sg pubads.g.doubleclick.net iframe-clients.belive.sg lora-sdk.belive.sg connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com commerce.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com static.addtoany.com jsd-widget.atlassian.com www.facebook.com *.mediacorp.sg analytics.tiktok.com js-agent.newrelic.com bam.nr-data.net lora-sdk.belive.sg connect.facebook.net graph.facebook.com business.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.belive.sg 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com commerce.adobedtm.com commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com jsd-widget.atlassian.com api-private.atlassian.com analytics.tiktok.com bam.nr-data.net iframe-api.belive.sg lora-tracking.belive.sg www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src ; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-DwyXbPbahPIBiX7FwZn-dA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.fontawesome.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es cdn.dnky.co webchat.dotdigital.com www.googletagmanager.com https://plumrocket.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com s7.addthis.com *.avada.io connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.fontawesome.com https://fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com ekr.zdassets.com/ *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com *.youtube.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://code.responsivevoice.org 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 script-src https: 'strict-dynamic' 'report-sample' 'nonce-luD5CYSrhVN+4FJAewZwCdPx2pi4i5QJcpvEtKmk690='; base-uri 'self';report-to csp-endpoint 1 object-src 'none';base-uri 'self';script-src 'nonce-ANOlmwvM7qt7ovsYFLSSvg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-scVKp_5CodnzPU2YlCuvzA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com *.google.com https://platform.twitter.com https://www.googletagmanager.com https://www.google-analytics.com/ https://www.xj-storage.jp/public-graph/table/AS02420/ https://www.xj-storage.jp/public-graph-at/table/AS02420/ https://www.xj-storage.jp/public-list/ https://cache.dga.jp/s/sanyodk/ https://al-s.dc-tag.jp/dcam.min.js https://static.ctctcdn.com/js/signup-form-widget/current/signup-form-widget.min.js https://cdnjs.cloudflare.com/ajax/ https://platform.twitter.com/widgets.js https://www.clarity.ms/ https://extend.vimeocdn.com/ga/ https://cdn.cookie.sync.usonar.jp/ https://ip2c.landscape.co.jp/lbcapi/ https://apis.usonar.jp/alog/ https://partner.googleadservices.com/ https://cookie.sync.usonar.jp/v1/ https://www.gstatic.com/ https://kitchen.juicer.cc/ https://cdn.kitchen.juicer.cc/ https://cdn.treasuredata.com/sdk/1.9.1/td.min.js https://cdn.id5-sync.com/api/1.0/id5-api.js https://dmp.im-apps.net/ https://in.treasuredata.com/ https://s.dc-tag.jp/ https://cdn.audiencedata.net/ 1 font-src *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com 'self' data: *.cloudflare.com *.twitter.com *.google.com *.facebook.com *.typekit.net *.twimg.com *.trustedshops.com *.bootstrapcdn.com *.olark.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.yotpo.com www.googletagmanager.com *.twitter.com *.google.com *.googleapi.com *.facebook.com *.paypalobjects.com *.olark.com *.doubleclick.net https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.yotpo.com *.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com store.paradoxlabs.com *.cloudflare.com *.gstatic.com *.googleapis.com *.google.com.vn *.klarna.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com *.sharethis.com *.snapengage.com *.olark.com *.signifyd.com *.doubleclick.net *.cloudfront.net https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io https://chimpstatic.com downloads.mailchimp.com *.list-manage.com s7.addthis.com *.yotpo.com connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.authorize.net *.cloudflare.com *.twitter.com *.google.com *.facebook.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://connect.facebook.net *.paypalobjects.com *.paypal.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.bootstrapcdn.com *.sharethis.com *.digicert.com *.aweber.com *.googleapis.com *.snapengage.com *.olark.com *.doubleclick.net https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src downloads.mailchimp.com *.fontawesome.com *.yotpo.com *.googleapis.com maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.google.com *.facebook.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.youtube.com *.bootstrapcdn.com *.olark.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.olark.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io ekr.zdassets.com/ *.yotpo.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net *.authorize.net *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google.com *.facebook.com *.sharethis.com *.olark.com bt.signifyd.com:11103 *.doubleclick.net https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-Ff8wD-KfLVxQRhXxvNbVDw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: bam.nr-data.net analytics.google.com cdn.cookielaw.org *.facebook.net *.campusdish.com bot.emplifi.io *.gstatic.com *.doubleclick.net *.facebook.com www.google.com *.googleapis.com client-analytics.braintreegateway.com region1.analytics.google.com js-agent.newrelic.com *.paypal.com www.googletagmanager.com www.google.ca api.astutebot.com embedsocial.com *.onetrust.com www.google-analytics.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 object-src 'none';base-uri 'self';script-src 'nonce-RRL6KXmd-QIt6G2_R233Nw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 worker-src blob:; font-src fonts.gstatic.com *.kxcdn.com *.tawk.to *.jsdelivr.net https://sc-static.net/font/RobotoMono-Regular.ttf https://sc-static.net/font/Graphik-Medium.ttf https://sc-static.net/font/Graphik-Regular.ttf https://dp-event-collector.tabby.ai/v1/t checkout.tabby.ai *.mouseflow.com *.cloudflare.com *.twitter.com *.google.com *.google.ae *.facebook.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.bootstrapcdn.com *.google-analytics.com *.fontawesome.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.sc-static.net *.facebook.com *.tabby.ai *.google-analytics.com *.mouseflow.com *.ccavenue.com *.facebook.net *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.google.com *.addthis.com *.twitter.com *.gstatic.com checkout.tabby.ai *.sc-static.net *.facebook.com *.google-analytics.com *.ccavenue.com landofcoder.com *.facebook.net *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cdninstagram.com *.kxcdn.com *.twitter.com *.googleapis.com *.google.com *.gstatic.com *.fbcdn.net *.tawk.to *.jsdelivr.net *.sc-static.net https://dp-event-collector.tabby.ai/v1/t checkout.tabby.ai *.mouseflow.com *.cloudflare.com *.google.ae https://www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twimg.com *.ytimg.com *.connect.facebook.net https://stats.g.doubleclick.net https://x.bidswitch.net/sync *.ccavenue.com *.facebook.com *.facebook.net *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.google.com *.gstatic.com cdn.ampproject.org connect.facebook.net googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com *.twitter.com checkout.tabby.ai *.jsdelivr.net https://dp-event-collector.tabby.ai/v1/t *.google.ae *.mouseflow.com *.facebook.com *.sc-static.net *.googleadservices.com *.google-analytics.com *.twimg.com *.fontawesome.com *.tawk.to https://connect.facebook.net *.paypalobjects.com *.paypal.com https://chimpstatic.com *.googletagmanager.com https://sc-static.net/sc-pixel-helper.min.js *.ccavenue.com landofcoder.com s7.addthis.com *.facebook.net *.google.com.ua *.google.co.uk *.google.nl *.google.be *.google.de *.doubleclick.net *.avada.io maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com widgets.tabby.ai cdn.segment.com www.google.com cdn.sift.com score.jcsc.online seondf.com deviceinf.com getdeviceinf.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.google.com *.kxcdn.com *.gstatic.com *.tawk.to *.jsdelivr.net *.sc-static.net https://dp-event-collector.tabby.ai/v1/t *.tabby.ai *.mouseflow.com *.cloudflare.com *.twitter.com *.google.ae *.facebook.com *.twimg.com *.fontawesome.com *.youtube.com *.bootstrapcdn.com *.googletagmanager.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com *.tawk.to *.jsdelivr.net *.sc-static.net https://dp-event-collector.tabby.ai/v1/t checkout.tabby.ai *.mouseflow.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google.com *.google.ae *.facebook.com *.google-analytics.com *.ccavenue.com landofcoder.com ekr.zdassets.com/ *.facebook.net https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com widgets.tabby.ai cdn.segment.com api.segment.com api.segment.io api.amplitude.com *.seondfresolver.com *.deviceinfresolver.com *.getdeviceinfresolver.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.seondnsresolve.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1 object-src 'none';base-uri 'self';script-src 'nonce-f0gpWQ5A0uxeRfYEYq-ELA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-S5MFQ58jM2Q0LwIPinnEZg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.googleapis.com *.gstatic.com data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com *.trackedlink.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com libraries.unbxdapi.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal www.google.com/recaptcha/ www.gstatic.com/recaptcha/ facebook.net connect.facebook.net facebook.com delta.pedders.com.au js.adsrvr.org js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com libraries.unbxdapi.com cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com delta.pedders.com.au api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com search.unbxd.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://dev.virtualearth.net https://*.bing.com https://*.exactbid.com https://*.newrelic.com https://bam.nr-data.net; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://dev.virtualearth.net https://*.bing.com https://*.exactbid.com https://*.newrelic.com https://bam.nr-data.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://fonts.gstatic.com; media-src 'self'; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://bam.nr-data.net https://api.pwnedpasswords.com https://bam.nr-data.net; form-action 'self' https://report2.exactbid.com https://reportx8.exactbid.com; frame-src 'self' https://report2.exactbid.com https://www.google.com https://reportx8.exactbid.com; report-to default 1 object-src 'none';base-uri 'self';script-src 'nonce-JAzLuMUmhqwWb0zUez36eA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src https://www.googletagmanager.com *.googleapis.com *.gstatic.com https://widgets.xsellco.com/ https://x.klarnacdn.net/ https://cdn.bathroomtakeaway.com/ 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com 'self' connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors https://widgets.xsellco.com/ 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com https://widgets.xsellco.com/ www.facebook.com *.ubembed.com *.doubleclick.net connect.facebook.net graph.facebook.com business.facebook.com *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com *.gstatic.com https://bathroomtakeaway.com/ https://cdn.bathroomtakeaway.com/ https://c.clarity.ms/ https://c.bing.com/ www.facebook.com *.google.com/ https://google.com/ https://www.google.com.hk/ *.google.co.uk/ https://www.bathroomtakeaway.co.uk/ ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com connect.facebook.net graph.facebook.com business.facebook.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com tagmanager.google.com https://www.googletagmanager.com *.facebook.net/ www.facebook.com *.bathroomtakeaway.com/ *.bing.com/ https://widgets.xsellco.com/ https://www.clarity.ms/ https://www.googletagmanager.com/ https://eu-library.klarnaservices.com/ *.klarna.com/ *.tiktok.com/ *.doubleclick.net *.ubembed.com chimpstatic.com downloads.mailchimp.com *.list-manage.com connect.facebook.net graph.facebook.com business.facebook.com *.hsforms.net *.hsforms.com *.google.com *.gstatic.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://www.googletagmanager.com tagmanager.google.com *.googleapis.com https://cdn.bathroomtakeaway.com/ https://widgets.xsellco.com/ https://x.klarnacdn.net/ *.doubleclick.net *.ubembed.com downloads.mailchimp.com *.gstatic.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com https://www.google-analytics.com *.bathroomtakeaway.com/ https://widgets.xsellco.com/ *.doubleclick.net/ https://api.craftyclicks.co.uk/ https://invitejs.trustpilot.com/ *.clarity.ms/ https://evt-eu.klarnaservices.com/ *.klarna.com/ *.google.com/ *.googlesyndication.com/ https://google.com/ www.facebook.com *.tiktok.com/ *.ubembed.com connect.facebook.net graph.facebook.com business.facebook.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' ou.okta.com *.oktacdn.com; connect-src 'self' ou.okta.com ou-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com ou.kerberos.okta.com ou.mtls.okta.com https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' ou.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'self' ou.okta.com *.oktacdn.com; frame-src 'self' ou.okta.com ou-admin.okta.com login.okta.com; img-src 'self' ou.okta.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' ou.okta.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' 1 font-src *.sagepay.com *.klevu.com *.ksearchnet.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.sagepay.com *.nosto.com *.nos.to *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.sagepay.com account.fetchify.com *.nosto.com *.nos.to c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.trackedlink.net *.paypal.com *.sagepay.com ebizmarts-website.s3.amazonaws.com *.klevu.com *.ksearchnet.com *.nosto.com *.nos.to www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.sagepay.com js.klevu.com *.ksearchnet.com *.nosto.com *.nos.to assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.sagepay.com cc-cdn.com *.klevu.com *.ksearchnet.com *.nosto.com *.nos.to unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.paypal.com *.sagepay.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.klevu.com *.ksearchnet.com *.nosto.com *.nos.to api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src apps.bazaarvoice.com assets.tailwindapp.com at.alicdn.com cdn-uicons.flaticon.com cdnjs.cloudflare.com cdn.honey.io cdn.joinhoney.com cdn.scite.ai ecomm-cdn.trurating.com fast.wistia.com fast.wistia.net fonts.gstatic.com font.static.useinsider.com *.hotjar.com insight.adsrvr.org match.adsrvr.org pro.fontawesome.com shopping.qantas.com static.zipmoney.com.au www.slant.co zip-co-media.s3.ap-southeast-2.amazonaws.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com api.bazaarvoice.com stg.api.bazaarvoice.com *.cardinalcommerce.com *.paypal.com ct.pinterest.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 12757253.fls.doubleclick.net 12761252.fls.doubleclick.net 6895031.fls.doubleclick.net 8219837.fls.doubleclick.net accentgroup.formstack.com analytics.tiktok.com aus59.dayforcehcm.com ausaz231.dayforcehcm.com connect.facebook.net *.criteo.com *.criteo.net ct.pinterest.com drwnt-pr11.ntschools.net gateway.zscalerthree.net www.googleapis.com insight.adsrvr.org insight.adsrvr.org.x.84c439f70e5c7046810abf7058a74d187b80.43d75326.id.opendns.com invidious.projectsegfau.lt match.adsrvr.org my.volumental.com ole.worldmanager.com portal.afterpay.com rcg.demdex.net safe.menlosecurity.com servedby.flashtalking.com socialq.net td.doubleclick.net theathletesfootau.api.useinsider.com theathletesfootnz.api.useinsider.com tpc.googlesyndication.com www.dayforcehcm.com www.facebook.com www.google.com yt.artemislena.eu 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://static.afterpay.com https://site-assets.afterpay.com/ display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 1f2e7.v.fwmrm.net aa.agkn.com accentgroupsupport.zendesk.com ade.clmbtech.com adgen.socdm.com adservice.google.com adservice.google.com.au adservice.google.se ads.stickyadstv.com adx.dable.io ad.360yield.com ad.as.amanad.adtdp.com ad.doubleclick.net ad.tpmn.co.kr ad.yieldlab.net analytics.tiktok.com api.fillr.com assets.api.useinsider.com cdn.attraqt.io a.twiago.com bam.nr-data.net bat.bing.com beacon.krxd.net cdn.aralego.net cdn.honey.io cloud.shopback.com cms.quantserve.com cm.adform.net cm.adgrx.com cm.g.doubleclick.net connect.facebook.net contextual.media.net criteo-partners.tremorhub.com criteo-sync.teads.tv *.criteo.com *.criteo.net cs.adingo.jp ct.pinterest.com c.bing.com d3nocrch4qti4v.cloudfront.net developers.google.com df45ay5pw60dy.cloudfront.net dsum-sec.casalemedia.com duuytoqss3gu4.cloudfront.net e1.emxdgt.com eb2.3lift.com ecomm-cdn.trurating.com embed-ssl.wistia.com encrypted-tbn3.gstatic.com engage-assets.volumental.com exchange.mediavine.com fast.wistia.com fast.wistia.net fonts.gstatic.com hb.yahoo.net *.hotjar.com i6.liadm.com ib.adnxs.com id5-sync.com idsync.rlcdn.com image.useinsider.com insight.adsrvr.cn insight.adsrvr.org i.liadm.com jadserve.postrelease.com js-agent.newrelic.com khms0.googleapis.com khms1.googleapis.com lantern.roeye.com lh3.ggpht.com *.lightboxcdn.com log.api.useinsider.com log.pinterest.com maps.googleapis.com maps.gstatic.com matching.ivitrack.com match.adsrvr.org match.prod.bidr.io match.sharethrough.com media.littlebirdie.com.au p25.zdusercontent.com pagead2.googlesyndication.com partner.mediawallahscript.com photos-eu.bazaarvoice.com pixel-sync.sitescout.com pixel.rubiconproject.com pixel.tapad.com pm.w55c.net pos.baidu.com pr-bh.ybp.yahoo.com prf.hn rs.fullstory.com rtb-csync.smartadserver.com r.casalemedia.com s0.2mdn.net scontent.cdninstagram.com secure.adnxs.com sentinel.api.useinsider.com simage2.pubmatic.com sync-criteo.ads.yieldmo.com sync-t1.taboola.com sync.aralego.com sync.crwdcntrl.net sync.ipredictive.com sync.outbrain.com s.ad.smaato.net s.thebrighttag.com s.trackonomics.net tags.bluekai.com tapestry.tapad.com tg.socdm.com *.theathletesfoot.com.au *.theathletesfoot.co.nz translate.google.com trends.revcontent.com um.simpli.fi ups.analytics.yahoo.com visitor.omnitagjs.com wp-log.api.useinsider.com www.bing.com www.facebook.com www.google.ae www.google.al www.google.at www.google.az www.google.ba www.google.be www.google.bg www.google.bs www.google.bt www.google.by www.google.ca www.google.cd www.google.ch www.google.ci www.google.cl www.google.cn www.google.com.ag www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.br www.google.com.co www.google.com.cy www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mt www.google.com.mx www.google.com.my www.google.com.ng www.google.com.np www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vn www.google.co.ck www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.tz www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.za www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.gr www.google.hr www.google.hu www.google.ie www.google.iq www.google.it www.google.kg www.google.kz www.google.lk www.google.lt www.google.lu www.google.lv www.google.me www.google.mk www.google.mn www.google.mu www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.sk www.google.sr www.google.tn www.google.tt www.google.vu www.google.ws www.ist-track.com www.littlebirdie.com.au x.bidswitch.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com ad.doubleclick.net analytics.tiktok.com api.useinsider.com assets.api.useinsider.com assets.pinterest.com bam.nr-data.net bat.bing.com cdn.attraqt.io chat.gosquared.com configaus2.veinteractive.com connect.facebook.net *.criteo.com *.criteo.net ct.pinterest.com d1l6p2sc9645hc.cloudfront.net data2.gosquared.com data.gosquared.com dkupaw9ae63a8.cloudfront.net ecomm-cdn.trurating.com ecommwidget.trurating.com edge.fullstory.com eitri.api.useinsider.com fast.wistia.com fast.wistia.net *.forter.com foursixty.com googletagmanager.com stats.g.doubleclick.net *.hotjar.com https://www.google-analytics.com insight.adsrvr.org js-agent.newrelic.com js.adsrvr.org lantern.roeyecdn.com *.lightboxcdn.com loader.wisepops.com maps.googleapis.com match.adsrvr.org pagead2.googlesyndication.com pixel.roymorgan.com polyfill.io rs.fullstory.com srd.bazaarvoice.com static.zdassets.com s.pinimg.com s.retargeted.co tag.benchplatform.com test.socialq.net theathletesfootau.api.useinsider.com theathletesfootnz.api.useinsider.com *.theathletesfoot.com.au *.theathletesfoot.co.nz tpc.googlesyndication.com t.cfjump.com unpkg.com widget-mediator.zopim.com wss://widget-mediator.zopim.com www.everestjs.net www.googletagservices.com www.google.com www.ist-track.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com display.ugc.bazaarvoice.com unsafe-inline apps.bazaarvoice.com assets.api.useinsider.com cdn.honey.io fast.wistia.com fonts.googleapis.com foursixty.com www.googletagmanager.com *.lightboxcdn.com pwm-image.trendmicro.com www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com api.retargeted.co ausaz231.dayforcehcm.com cdn.attraqt.io connect.facebook.net *.criteo.com embed-cloudfront.wistia.com embed-ssl.wistia.com embedwistia-a.akamaihd.net fast.wistia.com *.forter.com googleads.g.doubleclick.net insight.adsrvr.org match.adsrvr.org region1.google-analytics.com ssl.google-analytics.com ssl.gstatic.com static.zdassets.com td.doubleclick.net www.bing.com www.googletagmanager.com www.google.com.hk www.google.co.in www.google.gr 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com abacus.api.useinsider.com adobedc.demdex.net adservice.google.com ad.doubleclick.net analytics.tiktok.com api.retargeted.co api.trongrid.io api.useinsider.com bam.nr-data.net bat.bing.com carrier.useinsider.com collect-ap2.attraqt.io content.hotjar.io *.criteo.com cs.hae123.cn ct.pinterest.com d1wix2gc2cgqis.cloudfront.net d2o5idwacg3gyw.cloudfront.net d3in1te4fdays6.cloudfront.net devtools-euw1c-interaction-server-004-mobile.browserstack.com distillery.wistia.com doublestat.info ecmacore.com ecommapi.trurating.com edge.fullstory.com ekr.zdassets.com embed-cloudfront.wistia.com embed-ssl.wistia.com fast.wistia.com fast.wistia.net fg8vvsvnieiv3ej16jby.litix.io *.forter.com foursixty.com googleads4.g.doubleclick.net hit.api.useinsider.com *.hotjar.com ip.x2convert.com jb-on-site.api.useinsider.com locationv2.api.useinsider.com maps.googleapis.com metrics.hotjar.io network-a.bazaarvoice.com pagead2.googlesyndication.com pipedream.wistia.com portal.afterpay.com rcg.api.fluentretail.com rcg.tt.omtrdc.net recommendationv2.api.useinsider.com recommendation.api.useinsider.com region1.google-analytics.com rh.nexus.bazaarvoice.com rs.fullstory.com segment.api.useinsider.com stats.g.doubleclick.net surveystats.hotjar.io tafnz.api.fluentretail.com theathletesfootau.api.useinsider.com theathletesfootcustomercarenz.zendesk.com theathletesfootcustomercare.zendesk.com theathletesfootnz.api.useinsider.com *.theathletesfoot.com.au translate.googleapis.com tru-live-eventhubs.servicebus.windows.net unification.useinsider.com vc.hotjar.io widget-mediator.zopim.com wss://widget-mediator.zopim.com wss://ws.hotjar.com www.facebook.com www.google.com www.google.com.au zendesk-eu.my.sentry.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src edgeshoppingstatic.azureedge.net *.hotjar.com *.lightboxcdn.com wss://cdn0.forter.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri www.theathletesfoot.com 'self' 'unsafe-inline'; report-uri /_csp-reporting; report-to report-endpoint; 1 script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://www.googletagmanager.com https://secure.east2pony.com https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.jsdelivr.net https://cdn.rawgit.com https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com; script-src-elem 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdn.rawgit.com https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com; style-src 'self' https://use.typekit.net https://p.typekit.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-elem 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; frame-ancestors 'self' 1 default-src 'unsafe-inline' 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'unsafe-inline' 'self' *; 1 object-src 'none';base-uri 'self';script-src 'nonce-9pKOjCzBPYPs19pBOjtZsw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-oZnkAzihll5qHu3mKuW03w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-y2zi-QHOmyKTY3mSWf_2_Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-l42AvZieM-Psxdky2VhM3A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com 'unsafe-inline' 'unsafe-eval' *.newrelic.com 'unsafe-inline' 'unsafe-eval' googletagmanager.com 'unsafe-inline' 'unsafe-inline' *.adyen.com 'unsafe-inline' *.google.com 'unsafe-inline' *.gstatic.com 'unsafe-inline' 'unsafe-eval' d2oh4tlt9mrke9.cloudfront.net 'unsafe-inline' 'unsafe-eval'; worker-src blob:; font-src data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline' *.facebook.com 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src *.force.com nestle-forms.cs.blip.ai *.facebook.com data: *.adyen.com 'self' 'unsafe-inline'; img-src * 'unsafe-inline' data: widgets.magentocommerce.com s.ytimg.com data: *.adyen.com *.google.com 'self' 'unsafe-inline'; script-src *.go-mpulse.net *.evidon.com w.usabilla.com brand-ecommerce-assets.fusepump.com cdn.gbqofs.com *.evgnet.com wcs.naver.net *.salesforce.com sslwidget.criteo.com d22xmn10vbouk4.cloudfront.net *.doubleclick.net *.facebook.net *.force.com *.salesforceliveagent.com *.googletagmanager.com 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleadservices.com s.ytimg.com www.youtube.com *.adyen.com *.google.com google.com *.gstatic.com *.newrelic.com 'unsafe-inline' 'unsafe-eval' *.nr-data.net 'unsafe-inline' 'unsafe-eval' 'unsafe-inline' 'unsafe-eval' d2oh4tlt9mrke9.cloudfront.net 'unsafe-inline' 'unsafe-eval' 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.force.com getfirebug.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src 'self' 'unsafe-inline' stats.g.doubleclick.net *.google-analytics.com *.google.com *.nr-data.net *.force.com wcs.naver.com *.akstat.io c.go-mpulse.net ; child-src 'self' 'unsafe-inline'; base-uri 'self' 'unsafe-inline'; report-uri /services/collector/; 1 script-src 'self' 'unsafe-eval' 'unsafe-inline' use.typekit.net www.williamashley.com www.google.com *.google-analytics.com www.googletagmanager.com connect.facebook.net *.pinimg.com *.livechatinc.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com assets.pinterest.com *.cloudmaestro.com maps.googleapis.com tpc.googlesyndication.com static.zdassets.com; report-uri /.webscale/csp-report 1 default-src https:; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-YqbVjlllhBvGeYT-uR6Msw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.facebook.net imgs.signifyd.com *.gstatic.com www.google.com analytics.google.com static-tracking.klaviyo.com www.google-analytics.com cdn8.bigcommerce.com a.klaviyo.com *.facebook.com cdnjs.cloudflare.com tasks.gsmoutdoors.com *.doubleclick.net bes.gcp.data.bigcommerce.com cdn11.bigcommerce.com fast.a.klaviyo.com cdn.acsbapp.com api.userway.org static-forms.klaviyo.com www.gsmoutdoors.com region1.analytics.google.com *.cloudfront.net *.googleapis.com phosphor.utils.elfsightcdn.com cdn.userway.org static.klaviyo.com *.hotjar.com *.online-metrix.net cdn77.api.userway.org ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 object-src 'none';base-uri 'self';script-src 'nonce-sGXHmUpAzRlVHKO3MOl_uQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.klarnacdn.net https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.nosto.com *.nos.to *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.instagram.com *.dotdigital-pages.com *.dotdigital.com *.nosto.com *.nos.to *.klarna.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cdninstagram.com *.trackedlink.net *.nosto.com *.nos.to *.klarna.com *.klarnaevt.com *.klarnacdn.net https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.instagram.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal *.nosto.com *.nos.to *.klarna.com *.klarnacdn.net *.klarnaservices.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.nosto.com *.nos.to *.klarnacdn.net https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.nosto.com *.nos.to *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src 'self' *.gds-services.com 1 font-src *.fontawesome.com *.gstatic.com 'self' data: fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' 'unsafe-inline'; frame-ancestors *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://h.online-metrix.net *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' data: *.googletagmanager.com *.google-analytics.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.avada.io *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.google.com *.gstatic.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.googleapis.com *.gstatic.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com t.elasticsuite.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-CEL0DnA9rwng3c5lIThptQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' https://api.selftournow.com https://*.microblink.com; frame-ancestors 'self' https://cortland.com https://discover.lennar.com https://www.pinelakespreserve.com https://www.fallsatforsyth.com https://www.sandsparcapartments.com https://www.theoutlookatgreystone.com https://www.carringtonatperimeterpark.com https://www.providencetrail.com https://www.amli.com https://www.buranohunterscreek.com https://www.thedebrametrowest.com https://my.hy.ly; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://cdnjs.cloudflare.com; script-src 'self' 'unsafe-eval' https://sightmap.com https://*.unitmap.com https://www.gstatic.com https://www.google.com https://*.googletagmanager.com https://www.googletagmanager.com https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://*.imgix.net https://*.ytimg.com https://*.google-analytics.com https://*.googletagmanager.com https://cdn.cookielaw.org; frame-src 'self' https://*.youtube.com https://youtu.be https://sightmap.com https://imgix.net https://*.imgix.net https://www.google.com; connect-src 'self' https://api.selftournow.com https://*.microblink.com https://*.sentry.io https://sentry.io https://api.amplitude.com https://api.unitmap.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://cdn.cookielaw.org https://geolocation.onetrust.com; worker-src 'self' blob:; child-src 'self' blob:; report-uri https://o93959.ingest.sentry.io/api/5172446/security/?sentry_key=b30313eb3c8443a2a92c4cb036d368e2&sentry_environment=production 1 font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com 'self' data: *.bootstrapcdn.com *.doubleclick.net *.nr-data.net *.bobcatparts.com *.typekit.net *.fontawesome.com *.googleadservices.com *.google.com *.facebook.net *.facebook.com *.paypal.com *.paypalobjects.com *.google.com.ua *.livechatinc.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.authorize.net *.cardinalcommerce.com *.affirm.com *.klaviyo.com *.inspectlet.com *.braintree-api.com *.bobcat.com *.okta.com *.facebook.com *.mouseflow.com *.dmctools.com *.mcstaging.dmctools.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com *.demdex.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.olark.com *.google.com *.google-analytics.com *.affirm.com *.doubleclick.net *.newrelic.com *.nr-data.net *.bobcatparts.com *.fontawesome.com *.googleadservices.com *.facebook.net *.facebook.com *.paypal.com *.paypalobjects.com *.google.com.ua *.klaviyo.com *.inspectlet.com *.braintreegateway.com *.braintree-api.com *.kaptcha.com *.mouseflow.com *.iwdagency.com *.dmctools.com *.mcstaging.dmctools.com *.livechatinc.com *.bridgepaynetsecuretest.com *.bridgepaynetsecuretx.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.googleapis.com *.magentocommerce.com *.ytimg.com data: *.google.com *.bootstrapcdn.com *.doubleclick.net *.newrelic.com *.nr-data.net *.bobcatparts.com *.typekit.net *.fontawesome.com *.googleadservices.com *.google-analytics.com *.facebook.net *.facebook.com *.paypal.com *.paypalobjects.com *.google.com.ua *.klaviyo.com *.google.com *.google.co.in *.google.nl *.inspectlet.com *.yotpo.com *.mouseflow.com *.certcapture.com *.reddit.com *.linkedin.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.com.ua *.google-analytics.com *.affirm.com *.doubleclick.net *.newrelic.com *.nr-data.net *.fontawesome.com *.googleadservices.com *.googletagmanager.com *.facebook.net *.facebook.com *.paypal.com *.paypalobjects.com *.instagram.com *.klaviyo.com *.inspectlet.com *.braintreegateway.com *.braintree-api.com *.mouseflow.com *.certcapture.com *.cloudflare.com *.igodigital.com *.pingdom.net *.dmctools.com *.mcstaging.dmctools.com *.amazonaws.com *.livechatinc.com *.bridgepaynetsecuretest.com *.bridgepaynetsecuretx.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com analytics.google.com unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.bootstrapcdn.com *.googleapis.com *.google.com.ua *.doubleclick.net *.newrelic.com *.nr-data.net *.bobcatparts.com *.typekit.net *.fontawesome.com *.googleadservices.com *.facebook.net *.facebook.com *.paypal.com *.paypalobjects.com *.klaviyo.com *.cloudflare.com *.certcapture.com *.googletagmanager.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.bobcat.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com performance.typekit.net *.magento-datasolutions.com *.magento-ds.com *.adobe.io *.googleapis.com *.cardinalcommerce.com *.google-analytics.com *.certcapture.com *.olark.com *.affirm.com *.groupbycloud.com *.doubleclick.net *.newrelic.com *.nr-data.net *.bobcatparts.com *.fontawesome.com *.googleadservices.com *.facebook.net *.facebook.com *.paypal.com *.paypalobjects.com google.com *.google.com *.google.co.in *.google.com.ua *.klaviyo.com inspectlet.com *.inspectlet.com *.braintreegateway.com *.braintree-api.com *.yotpo.com *.mouseflow.com *.iwdagency.com *.pingdom.net *.dmctools.com *.mcstaging.dmctools.com *.livechatinc.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com analytics.google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-cfsoz29pDupiE1Ga7Ma-Aw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.gstatic.com fonts.googleapis.com *.fontawesome.com 'unsafe-inline'; img-src 'self' *.googletagmanager.com *.digitaloceanspaces.com *.hubspot.com *.hsforms.com *.google.com analytics.twitter.com t.co *.ytimg.com *.linkedin.com; font-src 'self' *.gstatic.com *.fontawesome.com data:; media-src *; connect-src 'self' analytics.google.com *.google-analytics.com stats.g.doubleclick.net *.hubspot.com *.hscollectedforms.net; frame-src *.google.com app.hubspot.com *.doubleclick.net js.stripe.com 1 default-src 'self' https://ka-f.fontawesome.com;font-src 'self' https://ka-f.fontawesome.com https://fonts.gstatic.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com;img-src 'self' https://nvytes-images.s3.amazonaws.com https://img.nvytes.com;script-src 'self' https://kit.fontawesome.com https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com;style-src 'self' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://unpkg.com;media-src 'self' https://player.vimeo.com;frame-ancestors 'self';frame-src 'self' https://player.vimeo.com https://www.youtube.com;form-action 'self';object-src 'none';report-uri https://portal.nvytes.com/csp 1 font-src cdn.jsdelivr.net cdn.almapay.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.getalma.eu https://*.google.com *.doubleclick.net *.facebook.com apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.mollie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: https://*.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com www.google.com.ua https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com https://www.mollie.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.jsdelivr.net https://*.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com static.elfsight.com apps.elfsight.com universe-static.elfsightcdn.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com *.avada.io js.mollie.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.jsdelivr.net fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://cdnjs.cloudflare.com https://static.klaviyo.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.getalma.eu *.google-analytics.com *.facebook.com *.facebook.net https://*.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com static.elfsight.com pagead2.googlesyndication.com core.service.elfsight.com service-reviews-ultimate.elfsight.com apps.elfsight.com stats.g.doubleclick.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'none'; frame-ancestors 'none'; form-action 'none'; upgrade-insecure-requests; block-all-mixed-content; disown-opener; report-uri https://loans2gowebsites.report-uri.com/r/t/csp/wizard 1 font-src *.googleapis.com *.gstatic.com *.trengo.eu *.cloudflare.com *.google.nl *.bootstrapcdn.com *.fontawesome.com *.fonts.googleapis.com data: data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.trengo.eu 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://*.dpdconnect.nl *.trengo.eu https://www.youtube.com http://www.sandbox.paypal.com *.google.nl *.multisafepay.com https://pay.google.com *.google.com *.addthis.com *.pinterest.com *.trustpilot.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.googleapis.com *.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.shopforcovers.com *.trengo.eu *.amazonaws.com *.cloudflare.com *.googleadservices.com *.google-analytics.com *.paypal.com https://s.ytimg.com *.bing.com *.google.com *.google.co.in *.mastercard.com *.google.nl *.multisafepay.com https://cdn.klarna.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.addthis.com *.pinterest.com *.cdninstagram.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com https://*.dpdconnect.nl *.youtube.com *.cloudflare.com *.google-analytics.com *.fontawesome.com *.google.com *.google.nl static.widget.trengo.eu *.googletagmanager.com *.trengo.eu widget.freshworks.com m2epro.freshdesk.com *.avada.io *.multisafepay.com https://pay.google.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.trustpilot.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com *.trengo.eu *.cloudflare.com *.googleapis.com *.gstatic.com *.typekit.net *.fontawesome.com *.google.nl widget.freshworks.com m2epro.freshdesk.com *.multisafepay.com *.trustpilot.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.trengo.eu *.zopim.com *.zopim.io *.google.nl 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.pusher.com wss://ws-eu.pusher.com/ *.trengo.eu *.google.com *.cloudflare.com *.google-analytics.com https://stats.g.doubleclick.net *.google.nl *.amazonaws.com widget.freshworks.com m2epro.freshdesk.com https://get.geojs.io *.avada.io *.multisafepay.com *.paypal.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.facebook.net assets.adobedtm.com ws.zoominfo.com *.hubspot.com media.imi.chat *.gstatic.com *.addthis.com www.google.com api.hubapi.com *.googleapis.com perf.hsforms.com *.adsrvr.org ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com data: https://kit-free.fontawesome.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.dhlparcel.nl *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com https://vars.hotjar.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net blob: data: http://backtothetoys.test http://localhost https://spaces-back-to-the-toys.ams3.digitaloceanspaces.com https://spaces-back-to-the-toys.ams3.cdn.digitaloceanspaces.com https://www.google.com https://www.google.nl https://www.facebook.com https://bttt-feeds-frontend.netlify.app https://dev-bttt-feeds-frontend.netlify.app ebizmarts-website.s3.amazonaws.com https://www.mollie.com https://redchamps.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com https://www.google.com *.google.bg *.googletagmanager.com https://connect.facebook.net *.facebook.net *.doubleclick.net *.google-analytics.com https://bttt-feeds-frontend.netlify.app *.newrelic.com *.nr-data.net https://kit.fontawesome.com https://www.gstatic.com https://static.dhlparcel.nl https://servicepoint-locator.dhlparcel.nl https://spaces-back-to-the-toys.ams3.cdn.digitaloceanspaces.com https://chimpstatic.com https://consent.cookiefirst.com https://www.googletagmanager.com https://static.hotjar.com https://scripts.hotjar.com https://script.hotjar.com http://backtothetoys.test http://localhost https://dev-bttt-feeds-frontend.netlify.app *.chimpstatic.com *.avada.io js.mollie.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com https://bttt-feeds-frontend.netlify.app https://kit-free.fontawesome.com https://fonts.googleapis.com https://hello.myfonts.net https://static.dhlparcel.nl https://consent.cookiefirst.com https://dev-bttt-feeds-frontend.netlify.app *.fontawesome.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.google-analytics.com *.facebook.com *.facebook.net https://static.cookiefirst.com https://stats.g.doubleclick.net https://in.hotjar.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src e.epayrazor.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-yOQDQYAUfe-GyZRoJQZNag' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src 'self' cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://polyfill.io; script-src-attr 'self'; style-src 'self' https://cdnjs.cloudflare.com; style-src-attr 'self'; frame-ancestors 'self' 1 default-src 'self' image.spreadshirtmedia.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.go-mpulse.net apis.google.com assets.adobedtm.com *.cloudfront.net nxtck.com ssl.gstatic.com ws.sessioncam.com *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com adtm.spreadshirts.net *.spreadshirt.be ; img-src 'self' data: https: image.spreadshirtmedia.net *.gstatic.com rtb-csync.smartadserver.com pixel.rubiconproject.com pixel.advertising.com dsum-sec.casalemedia.com cotads.adscale.de www.google-analytics.com eu-u.openx.net ih.adscale.de *.akstat.io www.facebook.com dsum-sec.casalemedia.com ad.yieldlab.net secure.adnxs.com mapping.nxtck.com stats.g.doubleclick.net www.google.com www.google.de cm.g.doubleclick.net ads.yahoo.com sync.ligadx.com eb2.3lift.com s.sspqns.com x.bidswitch.net image2.pubmatic.com sync.outbrain.com nxtck.com *.google-analytics.com *.analytics.google.com sanalytics.spreadshirt.be *.spreadshirt.be ; connect-src 'self' https: *.spreadshirt.net *.spreadshirt.com www.google-analytics.com www.google.com *.go-mpulse.net *.akstat.io/ dpm.demdex.net *.google-analytics.com *.analytics.google.com *.spreadshirt.be ; font-src 'self' https: data: *.spreadshirt.be ; style-src 'self' data: 'unsafe-inline' https: *.spreadshirt.be ; object-src 'none' ; media-src image.spreadshirtmedia.net ; frame-src 'self' https: www.google.com accounts.google.com *.spreadshirt.be ; report-uri https://csp.spreadshirts.net/csp/reportOnly ; 1 object-src 'none';base-uri 'self';script-src 'nonce-4rhg4ABsnZ9rjTwPuXfjww' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-7xoMx4n02sOtG0cQy23m2Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src 'self' 'unsafe-inline' cdn.jsdelivr.net code.etracker.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://rebilly.github.io https://unpkg.com platform.instagram.com platform.twitter.com sf1-eu.readspeaker.com www.etracker.de; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com sf1-eu.readspeaker.com 1 object-src 'none';base-uri 'self';script-src 'nonce-asxY6g2q2I-0S7-0sfuaug' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-_5p_DQf1oeWHkIVF0f8HCA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-_4HI9FkN-rWz2d6mz-H2HQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-TjoqDtu-jNxJJ8ocANjNpA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.gstatic.com *.googleapis.com *.maxcdn.bootstrapcdn.com *.yotpo.com *.fontawesome.co *.fontawesome.com *.typekit.net *.fonts.gstatic.com *.cloudflare.com *.trustedshops.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.addthis.com *.addthisedge.com *.snapwidget.com *.google.com *.freshchat.com *.consensu.org *.sharethis.com *.facebook.net *.facebook.com *.doubleclick.net *.twitter.com *.youtube.com *.yotpo.com 'self' 'unsafe-inline'; img-src *.assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.maps.gstatic.com *.gstatic.com *.bing.com *.google.com *.google.mk *.facebook.com *.connect.facebook.net *.facebook.net *.sharethis.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.paypalobjects.com *.paypal.com *.amanatool.com *.cloudfront.net *.cloudflare.com *.klarna.com *.twitter.com *.googleapis.com *.nextopia.net *.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.assets.adobedtm.com *.addthisedge.com *.addthis.com *.moatads.com *.z.moatads.com *.authorize.net *.gstatic.com *.google.com *.googlecommerce.com *.googleapis.com *.ajax.googleapis.com *.cloudflareinsights.com *.snapwidget.com *.freshchat.com *.typekit.net *.woopra.com *.bing.com *.cookiepro.com *.facebook.net *.barilliance.com *.barilliance.net *.inspectlet.com *.doubleclick.net *.onetrust.com *.sharethis.com *.googletagmanager.com *.vector.nextopiasoftware.com *.cloudflare.com *.twitter.com *.google-analytics.com *.trustedshops.com *.fontawesome.com *.maps.googleapis.com maps.googleapis.com cdn.nextopia.net *.ecomm-nav.com https://cdn.searchspring.net/intellisuggest/is.min.js *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.gstatic.com *.googleapis.com maxcdn.bootstrapcdn.com *.freshchat.com *.cloudflare.com *.twitter.com *.trustedshops.com *.fontawesome.com cdn.nextopia.net *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.cookiepro.com *.doubleclick.net *.sharethis.com *.googletagmanager.com *.google-analytics.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.googleapis.com *.nextopia.net https://beacon.searchspring.io/beacon *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.nextopia.net *.ecomm-nav.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google.com *.facebook.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://amanatool.com/; report-to report-endpoint; 1 object-src 'none';base-uri 'self';script-src 'nonce-u5kVHFcV4W_BFI21mZS3UQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 img-src 'self' data: https://cdn.gtranslate.net https://www.google.com.br https://apps.imaginecommunications.com https://www.googletagmanager.com https://id.rlcdn.com https://px.ads.linkedin.com https://l.sharethis.com https://play.vidyard.com https://fonts.gstatic.com https://www.google.sn https://www.google.co.uk https://www.gstatic.com https://www.google.co.il https://cdn.vidyard.com https://imaginecomm.wpenginepowered.com https://maps.googleapis.com https://www.google.com.au https://www.google.com.tw https://www.google.co.kr blob: https://www.google.com.my https://www.google.ca https://www.google.jo https://www.google.com.vn https://www.google.co.th https://imaginecommunications.com https://www.google.co.jp https://www.google.co.in http://[fdbd:dc05:ff:ff:b849:ee98:d097:765a] https://www.google.com.hk https://translate.googleapis.com https://www.google.com.mx https://www.google.gr https://www.google.com.pe https://www.google.de https://img.en25.com https://www.google.ae https://www.google.com.ph https://www.google.ru https://www.google.fi https://www.google.nl https://www.google.fr http://[fdbd:dc05:ff:ff:3cee:7e6c:bed8:1ec1] https://www.google.es http://[fdbd:dc05:ff:ff:76b0:15bf:71ca:418e] https://www.google.com.qa https://www.google.it https://www.google.se https://www.google.ro https://www.google.com.sa https://www.google.no https://maps.gstatic.com https://www.google.cz https://www.google.com.sg https://www.google.sk https://www.google.com.bh https://www.google.pl https://www.google.com.ar https://translate.google.com https://www.google.com.co https://www.google.com.tr https://www.google.com.bo https://www.google.com.uy https://www.google.dz https://www.google.co.zm https://www.google.hu https://www.google.cl https://www.google.co.cr https://www.google.dk http://[fdbd:dc05:11:624::20] https://www.google.ch http://[fdbd:dc05:ff:ff:59ae:a0c5:82a3:7099] https://www.google.at https://www.google.co.id https://www.google.com.bn https://www.google.az https://www.google.be https://adservice.google.com https://www.google.ge https://www.google.hr https://www.google.ie https://www.google.pt https://stats.g.doubleclick.net https://www.google.com.pk http://[fdbd:dc05:d:740::44] http://[fdbd:dc05:ff:ff:67ed:ff66:967:8a6b] http://[fdbd:dc05:ff:ff:141d:93dc:dc33:5d91] http://[fdbd:dc05:ff:ff:3ec9:4338:8b88:2ae8] http://[fdbd:dc05:ff:ff:a3bc:57ea:72c5:dfdb] http://[fdbd:dc05:ff:ff:7cc4:b927:b315:7bcb] https://www.google.com.mm http://[fdbd:dc05:ff:ff:bac1:7a89:3798:c8bd] https://www.google.com.pa http://[fdbd:dc05:2:804::32] https://www.google.co.ve https://www.google.com.eg http://[fdbd:dc05:ff:ff:6c48:6abd:4c6f:e5f4] http://[fdbd:dc05:ff:ff:2392:82fb:b33a:a88e] https://www.google.iq https://px4.ads.linkedin.com http://[fdbd:dc05:d:92a::12] http://[fdbd:dc05:ff:ff:fcde:cf3a:a6a1:8532] http://[fdbd:dc05:ff:ff:99f9:4c24:6839:ebb4] http://[fdbd:dc05:d:140::41] https://www.google.com.bd http://[fdbd:dc05:ff:ff:e82c:4fc:a9b4:13e0] https://www.google.com.ua http://[fdbd:dc05:ff:ff:88c6:e7e0:1f15:b25b] https://www.google.com.do http://ad.doubleclick.net https://www.google.com.ec https://www.google.rs https://www.google.co.uz https://www.google.com.mt https://www.google.co.ke https://cdn.honey.io https://ok1static.oktacdn.com https://yastatic.net https://www.google.me https://www.google.co.ma https://www.google.kz https://www.google.bg https://www.google.lt https://www.google.co.nz https://www.google.cv https://www.google.com.kh https://www.google.ee http://[fdbd:dc05:ff:ff:4e62:bc7a:8772:778e] https://www.google.co.za http://[fdbd:dc05:ff:ff:6d0:d764:ff08:a4af] http://[fdbd:dc05:ff:ff:5a1c:7ec6:4fe7:6f49] https://googleads.g.doubleclick.net https://pos.baidu.com ; default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://d.la4-c1-ia5.salesforceliveagent.com https://www.google.com https://service.force.com https://maps.googleapis.com https://play.vidyard.com https://www.gstatic.com https://img03.en25.com https://cc.cdn.civiccomputing.com https://snap.licdn.com https://img.en25.com https://tag.demandbase.com data: https://connect.facebook.net https://tdns2.gtranslate.net https://apps.imaginecommunications.com https://translate-pa.googleapis.com https://translate.google.com https://d.la1-c2-ia5.salesforceliveagent.com https://translate.googleapis.com https://count-server.sharethis.com https://unpkg.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://imaginecommunications.com https://cdnjs.cloudflare.com https://www.youtube.com https://ff.kis.v2.scr.kaspersky-labs.com https://gc.kis.v2.scr.kaspersky-labs.com https://s3.amazonaws.com https://imaginecommunications.my.salesforce.com https://cdn.jsdelivr.net https://www.googleadservices.com https://static.lightning.force.com https://www.buzzsprout.com https://me.kis.v2.scr.kaspersky-labs.com https://api.wire.threatspike.com https://community.imaginecommunications.com 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://d.la4-c1-ia5.salesforceliveagent.com https://www.google.com https://service.force.com https://maps.googleapis.com https://play.vidyard.com https://www.gstatic.com https://img03.en25.com https://cc.cdn.civiccomputing.com https://snap.licdn.com https://img.en25.com https://tag.demandbase.com data: https://connect.facebook.net https://tdns2.gtranslate.net https://apps.imaginecommunications.com https://translate-pa.googleapis.com https://translate.google.com https://d.la1-c2-ia5.salesforceliveagent.com https://translate.googleapis.com https://count-server.sharethis.com https://unpkg.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://imaginecommunications.com https://cdnjs.cloudflare.com https://www.youtube.com https://ff.kis.v2.scr.kaspersky-labs.com https://gc.kis.v2.scr.kaspersky-labs.com https://s3.amazonaws.com https://imaginecommunications.my.salesforce.com https://cdn.jsdelivr.net https://www.googleadservices.com https://static.lightning.force.com https://www.buzzsprout.com https://me.kis.v2.scr.kaspersky-labs.com https://api.wire.threatspike.com https://community.imaginecommunications.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com https://service.force.com https://unpkg.com https://imaginecommunications.com data: https://cdn.honey.io https://gc.kis.v2.scr.kaspersky-labs.com https://community.imaginecommunications.com ; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com https://service.force.com https://unpkg.com https://imaginecommunications.com data: https://cdn.honey.io https://gc.kis.v2.scr.kaspersky-labs.com https://community.imaginecommunications.com ; connect-src 'self' https://l.sharethis.com https://maps.googleapis.com https://analytics.google.com https://apikeys.civiccomputing.com https://px.ads.linkedin.com https://stats.g.doubleclick.net https://translate.googleapis.com https://adservice.google.com https://segments.company-target.com https://www.google.ca https://region1.analytics.google.com https://api.company-target.com https://translate-pa.googleapis.com https://play.vidyard.com https://tdns2.gtranslate.net https://www.google.com.mx https://yoast.com https://www.google.com.au https://www.google.com.tw https://www.google.com.vn https://www.google.com.hk https://www.google.com.sg https://www.google.ae https://www.google.co.in https://www.google-analytics.com https://www.google.es https://www.google.co.uk https://www.google.de https://www.google.com.ar https://community.imaginecommunications.com https://www.google.it https://www.google.fr https://www.google.ru https://www.google.co.zm https://www.google.cl https://www2.scte.org https://www.google.co.kr https://www.google.co.jp https://www.google.at https://www.google.com.my https://www.google.be data: https://www.google.com.br https://www.google.com.uy https://www.google.com.mm https://www.google.com.pk https://www.google.co.ve https://www.google.com.eg https://www.google.com.qa https://www.google.com.ph https://www.google.com.pe http://ad.doubleclick.net https://www.google.se https://www.google.co.th https://www.google.co.id https://www.google.by https://api.socialsolutionapp.com https://www.google.lt https://www.google.me https://www.google.cv https://www.google.co.nz https://www.google.com.kh https://www.google.com.co https://www.google.com.bd wss://gc.kis.v2.scr.kaspersky-labs.com https://www.google.hu https://www.google.pt https://www.google.bg https://www.google.nl https://www.google.gr; frame-src 'self' https://www.google.com https://c.sharethis.mgr.consensu.org https://cn-1998271165-7vnsr30043.ibosscloud.com https://service.force.com https://apps.imaginecommunications.com https://players.brightcove.net https://td.doubleclick.net https://s.company-target.com https://play.vidyard.com https://www.googletagmanager.com https://static.contextall.com https://block.opendns.com https://www.youtube.com https://malware.opendns.com blob: https://www.youtube-nocookie.com; font-src 'self' https://fonts.gstatic.com data: https://imaginecommunications.com https://cdn.megabonus.com; media-src 'self' data: https://imaginecommunications.com; worker-src 'self' blob:; report-uri https://imaginecommunications.com/wp-json/rsssl/v1/csp?rsssl_apitoken=773624972; 1 object-src 'none';base-uri 'self';script-src 'nonce-FnaOybYigUwvh9mCy0j6wA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-I5VrUzwlFDEThv7kCwkhMA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-RMSW9XeWmrYeTKpXXQL889L-sE3Or1Wd'; base-uri 'none'; report-uri https://se.sanitino.eu/api/3/security/?sentry_key=b2d6b02f684b4691b5b10905f49956fa 1 base-uri 'self'; object-src 'self'; child-src 'self' https://*.youtube.com; connect-src 'self' wss://proxy.qubeshub.org wss://vncproxy.qubeshub.org wss://qubeshub.org https://qubeshub.org/api/members/tools/diskusage https://www.google-analytics.com https://stats.g.doubleclick.net/j/ https://www.dropbox.com https://api.scite.ai https://maps.googleapis.com https://docs.google.com https://monorail-edge.shopifysvc.com/v1/ https://simiode.myshopify.com/api/2021-07/ https://region1.google-analytics.com/g/; default-src 'self' https://*.qubeshub.org; font-src about: chrome-extension: data: https://fonts.gstatic.com safari-extension: 'self' https://use.typekit.net https://storage.googleapis.com/speechify-website-assets/fonts/ https://cdn.scite.ai/assets/fonts/scite-icons/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cdn.scite.ai/assets/fonts/scite-icons/ https://use.fontawesome.com/releases/v4.7.0/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.11.2/webfonts/ https://at.alicdn.com/t/; form-action 'self' https://platform.twitter.com https://syndication.twitter.com https://www.paypal.com/donate https://www.paypal.com/cgi-bin/webscr; frame-ancestors 'self' https://qubeshub.org/; frame-src 'self' https://*.qubeshub.org https://content.googleapis.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://youtube.com https://player.vimeo.com https://calendar.google.com https://www.youtube.com https://vimeo.com https://docs.google.com https://accounts.google.com https://recaptcha.net https://admin.google.com https://syndication.twitter.com https://platform.twitter.com https://app.genial.ly/ https://app.involve.me/qubes/ https://cdnapisec.kaltura.com https://community.gep.wustl.edu https://creativecommons.org https://docs.google.com https://etherpad.opendev.org https://etherpad.openstack.org https://fortress.maptive.com https://giphy.com https://gvsu.hosted.panopto.com https://open.spotify.com https://padlet.com/ https://rpubs.com https://shorts.flipgrid.com https://w.soundcloud.com/ https://www.educreations.com https://www.geogebra.org https://www.google.com/ https://www.mentimeter.com https://www.rpubs.com https://www.youtube.com; img-src * data: image: file: blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.googletagmanager.com/gtag/js https://www.google.com/jsapi https://www.gstatic.com/charts/ https://cdnjs.cloudflare.com/ajax/libs/gsap/1.20.3/TweenMax.min.js https://cdnjs.cloudflare.com/ajax/libs/ScrollMagic/2.0.5/ScrollMagic.js https://cdnjs.cloudflare.com/ajax/libs/ScrollMagic/2.0.5/plugins/ https://apis.google.com/js/client:plusone.js https://apis.google.com/_/scs/apps-static/_/js/ https://platform.twitter.com/widgets.js https://abs.twimg.com/responsive-web/client-web/ https://platform.twitter.com/js/ https://cdn.syndication.twimg.com/timeline/ https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js https://cdn.mathjax.org/mathjax/contrib/a11y/ https://code.jquery.com https://embedr.flickr.com/assets/ https://releases.flowplayer.org/ https://sdks.shopifycdn.com/ https://secure.givelively.org https://use.fontawesome.com/88cd5351e6.js https://widgets.flickr.com/embedr/ https://www.geogebra.org; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://www.google.com https://code.jquery.com https://cdnjs.cloudflare.com https://www.gstatic.com https://p.typekit.net https://use.typekit.net https://platform.twitter.com/css/ https://ton.twimg.com/tfw/css/ https://use.fontawesome.com/88cd5351e6.css https://use.fontawesome.com/releases/v4.7.0/css/font-awesome-css.min.css https://releases.flowplayer.org/; worker-src blob:; media-src 'self' data:; report-uri https://csp.hubzero.org/csp-cms.php 1 object-src 'none';base-uri 'self';script-src 'nonce-5XYlfYgMgkdOwckZTFy9ZQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.googleadservices.com bat.bing.com cdn2.gbqofs.com c1001.report.gbss.io *.googleapis.com region1.google-analytics.com cdn.gbqofs.com jsonplaceholder.typicode.com browser-update.org www.google-analytics.com www.google.com cdn.cookielaw.org *.facebook.com region1.analytics.google.com adservice.google.com *.onetrust.com www.google.ie *.doubleclick.net api.autoaddress.ie pxl-fbdie.terminalfour.net widget.trustpilot.com www.youtube.com www.google.co.uk *.facebook.net *.gstatic.com www.googletagmanager.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 object-src 'none';base-uri 'self';script-src 'nonce-jOmKs8eYzNvR3kDVkdrX9w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src fonts.gstatic.com use.typekit.net *.gstatic.com data: *.typekit.net *.yotpo.com *.googleapis.com *.fontawesome.com oct8necdneu.azureedge.net blob: data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de https://plumrocket.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.xtento.com https://plumrocket.com *.yotpo.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com static-eu.oct8ne.com *.oct8ne.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.adyen.com *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.xtento.com cdn.xtento.com blob: *.yotpo.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com static-eu.oct8ne.com *.oct8ne.com oct8necdneu.azureedge.net https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.adyen.com *.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://klaviyo.com https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.xtento.com cdn.xtento.com *.yotpo.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.googletagmanager.com https://*.klaviyo.com static-eu.oct8ne.com *.oct8ne.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com *.typekit.net *.yotpo.com *.googleapis.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://www.youtube.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com *.snplow.net commerce.adobedc.net api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.adyen.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://klaviyo.com https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ws: *.yotpo.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://geoip-js.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com https://*.klaviyo.com static-eu.oct8ne.com *.oct8ne.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 img-src 'self' data: https: https://*.codigosdelbonus.net/; default-src 'none'; font-src 'self' data: https://fonts.gstatic.com/ https://*.codigosdelbonus.net/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://*.codigosdelbonus.net/; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com/ https://mc.yandex.ru/metrika/tag.js https://static.hotjar.com https://www.gstatic.com/recaptcha/ https://ajax.googleapis.com/ajax/libs/webfont/ https://www.googletagmanager.com/ https://*.google-analytics.com/ https://bam.nr-data.net/ https://js-agent.newrelic.com/ https://connect.facebook.net/ https://www.googleoptimize.com/ https://script.hotjar.com/ https://*.codigosdelbonus.net/; media-src 'self' https://*.codigosdelbonus.net/; frame-src 'self' http: https:; manifest-src 'self' https://*.codigosdelbonus.net/; connect-src 'self' https://stats.g.doubleclick.net/ https://*.google-analytics.com/ https://bam.nr-data.net/ https://mc.yandex.md/ https://mc.yandex.ru/ https://yandexmetrica.com:* https://*.codigosdelbonus.net/ 1 script-src 'unsafe-inline' 1 object-src 'none';base-uri 'self';script-src 'nonce-a2G4BePhjWPTMMuuAKeegg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src fonts.gstatic.com use.typekit.net *.cloudflare.com *.bootstrapcdn.com celebrosnlp.com *.livechatinc.com https://static.zipmoney.com.au *.zipmoney.com.au *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://magento2.avada.io/ my.reviewr.com.au https://reviewr.app/ https://www.reviewr.app/ https://vars.hotjar.com/ https://secure.livechatinc.com/ *.google.com https://bid.g.doubleclick.net/ *.mouseflow.com https://cdn.mouseflow.com https://secure.ewaypayments.com *.ewaypayments.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com validator.swagger.io *.ftcdn.net *.behance.net www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.cloudflare.com *.google-analytics.com static.reviewmgr.com *.google.com *.google.co.in https://static.zipmoney.com.au *.livechatinc.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com t.zip.co static.zipmoney.com.au data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net * unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com assets.adobedtm.com *.magento-ds.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.cloudflare.com *.twitter.com *.fontawesome.com *.googletagmanager.com *.google-analytics.com *.smartlook.com https://static.zipmoney.com.au *.reviewmgr.com *.cdn.livechatinc.com *.static.hotjar.com *.g.doubleclick.net *.my.reviewr.com.au *.livechatinc.com https://script.hotjar.com/ https://static.hotjar.com/ *.api.livechatinc.com *.mouseflow.com https://cdn.mouseflow.com https://secure.ewaypayments.com *.ewaypayments.com https://data.stats.tools *.clickcease.com https://www.clickcease.com https://js-agent.newrelic.com *.newrelic.com s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com static.zipmoney.com.au zip.co https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com downloads.mailchimp.com *.cloudflare.com *.fontawesome.com *.bootstrapcdn.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io p13n.adobe.io p13n-mr.adobe.io * *.snplow.net commerce.adobedc.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.adobe.io performance.typekit.net *.sentry.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cloudflare.com https://stats.g.doubleclick.net/ *.hotjar.com https://manager.eu.smartlook.cloud https://api.zipmoney.com.au/ *.zip.co *.livechatinc.com https://bam.nr-data.net/ ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-2ttvfwU3KjaMhKZo2VRclQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self'; script-src 'report-sample' 'self' https://cdnjs.cloudflare.com/ajax/libs/jQuery.mmenu/7.0.6/addons/fixedelements/jquery.mmenu.fixedelements.js https://kit.fontawesome.com/30237454ca.js https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js https://w3.siemens.com/ote/ote_config.js; style-src 'report-sample' 'self' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://ka-p.fontawesome.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://www.google.com; img-src 'self' https://siemens.sc.omtrdc.net; manifest-src 'self'; media-src 'self'; report-uri https://6241c4fffd94ed9b6b63afc6.endpoint.csper.io/?v=6; worker-src 'none'; 1 font-src *.gstatic.com data: 'self' data: *.doubleclick.net *.fontawesome.com maxcdn.bootstrapcdn.com applepay.cdn-apple.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.doubleclick.net *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com *.iubenda.com api.payplug.com secure.payplug.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net cdn.doofinder.com *.iubenda.com https://www.magezon.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.googletagmanager.com *.facebook.net *.doubleclick.net cdn.doofinder.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.iubenda.com api.payplug.com applepay.cdn-apple.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.doubleclick.net *.doofinder.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com maxcdn.bootstrapcdn.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.google-analytics.com *.doofinder.com wss://*.doofinder.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com *.iubenda.com api.stripe.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com na.playground.klarnaevt.com eu.playground.klarnaevt.com klarna-payments-eu.playground.klarna.com klarna-payments-na.playground.klarna.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-aBtWnBeJE1NJ6CP_Voh1_Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-6OHqHRa61BVKqdJVbO5Mnw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce--AtY70-jTHhDEmxmW214-g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 frame-ancestors 'self'; report-uri https://www.avantenestle.com.br/report-uri/reportOnly 1 font-src www.searchanise.com *.searchserverapi.com *.stripe.com *.google.com *.sagepay.com *.klarnacdn.net *.fontawesome.com *.cloudfront.net *.reviews.io *.reviews.co.uk www.morehandles.co.uk data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.searchanise.com *.searchserverapi.com *.twitter.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.stripe.com *.google.com *.sagepay.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.reviews.io *.reviews.co.uk www.morehandles.co.uk 'self' 'unsafe-inline'; frame-ancestors www.morehandles.co.uk 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.searchanise.com *.searchserverapi.com *.twitter.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.stripe.com *.google.com *.sagepay.com *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.reviews.io *.reviews.co.uk www.morehandles.co.uk 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.twitter.com *.twimg.com www.google.ru www.searchanise.com *.searchserverapi.com s3.amazonaws.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.stripe.com *.google.com ebizmarts-website.s3.amazonaws.com *.paypal.com *.sagepay.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.facebook.com * www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.pixriot.com *.storeimaging.com www.morehandles.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ searchanise-ef84.kxcdn.com s3.amazonaws.com ajax.aspnetcdn.com www.searchanise.com *.searchserverapi.com *.searchanise.com api.amplitude.com *.twitter.com *.twimg.com www.apptrian.com pinterest.com www.pinterest.com s.pinimg.com *.stripe.com *.google.com *.sagepay.com *.klarna.com *.klarnacdn.net *.klarnaservices.com *.googletagmanager.com *.facebook.net * js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.reviews.io *.reviews.co.uk www.morehandles.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com www.searchanise.com *.searchserverapi.com searchanise-ef84.kxcdn.com s3.amazonaws.com *.twitter.com ton.twimg.com *.stripe.com *.google.com *.sagepay.com *.klarnacdn.net *.fontawesome.com unsafe-inline assets.braintreegateway.com *.cloudfront.net *.reviews.io *.reviews.co.uk www.morehandles.co.uk 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com www.morehandles.co.uk 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.amplitude.com stats.g.doubleclick.net www.apptrian.com pinterest.com www.pinterest.com ct.pinterest.com *.stripe.com *.google.com *.paypal.com *.sagepay.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com *.google-analytics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com *.cloudfront.net *.reviews.io *.reviews.co.uk *.pixriot.com *.storeimaging.com www.morehandles.co.uk 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.morehandles.co.uk http: https: blob: 'self' 'unsafe-inline'; default-src www.morehandles.co.uk 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' https://play.vidyard.com; script-src 'unsafe-eval' 'unsafe-inline' 'report-sample' 'self' https://ajax.googleapis.com https://www.googleoptimize.com https://platform.twitter.com https://bat.bing.com https://cdn-ukwest.onetrust.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://connect.facebook.net https://googleads.g.doubleclick.net https://j.6sc.co https://js.adsrvr.org https://munchkin.marketo.net https://pages.blueprism.info https://play.vidyard.com https://siteintercept.qualtrics.com https://snap.licdn.com https://static.ads-twitter.com https://static.cloud.coveo.com https://tracking.g2crowd.com https://unpkg.com https://www.gartner.com https://www.google-analytics.com https://www.googletagmanager.com https://zn6hxtfylyqcfawhp-blueprism.siteintercept.qualtrics.com; style-src 'unsafe-inline' 'unsafe-hashes' 'report-sample' 'self' https://cdnjs.cloudflare.com https://www.blueprism.com https://cloud.typography.com https://fonts.googleapis.com https://higherlogiccloudfront.s3.amazonaws.com https://pages.blueprism.info https://static.cloud.coveo.com https://www.gartner.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://544-mlv-234.mktoresp.com https://analytics.google.com https://bat.bing.com https://cdn-ukwest.onetrust.com https://epsilon.6sense.com https://ipv6.6sc.co https://siteintercept.qualtrics.com https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self' data: https://fonts.gstatic.com https://www.blueprism.com https://higherlogiccloudfront.s3.amazonaws.com; frame-src 'self' https://insight.adsrvr.org https://pages.blueprism.info https://platform.twitter.com https://play.vidyard.com https://www.facebook.com; img-src 'self' https://cdn.vidyard.com https://cdn-ukwest.onetrust.com https://www.blueprism.com https://analytics.twitter.com https://b.6sc.co https://bat.bing.com https://files.blueprism.com https://play.vidyard.com https://px.ads.linkedin.com https://reviews.static.gartner.com https://siteintercept.qualtrics.com https://t.co https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self'; frame-ancestors 'self' *.blueprism.com; report-uri https://64c1357f4f8049a8e8acd190.endpoint.csper.io/?v=1; worker-src 'none'; 1 object-src 'none';base-uri 'self';script-src 'nonce-5YJphbNDGF_m0hzzEiG-_w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-6_ewXnfG-ozrBnh7gYL2Vw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 frame-ancestors 'none'; frame-src 'self' https://accounts.google.com https://content-sheets.googleapis.com; block-all-mixed-content; object-src 'none'; worker-src 'self'; form-action 'none'; base-uri 'none'; report-to default; 1 base-uri 'self';connect-src 'self' https://*.hotjar.com https://*.google-analytics.com https://*.linkedin.com https://*.facebook.com https://*.twitter.com;default-src 'self';form-action 'self' https://*.facebook.com;img-src * data:;media-src 'self';object-src 'none';script-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.hotjar.com https://*.facebook.net https://*.twitter.com https://instant.page;style-src 'self' 'unsafe-inline' https://*.googleapis.com;frame-src https://*.googletagmanager.com https://*.hotjar.com https://*.facebook.com https://*.twitter.com https://cdn.yoshki.com;font-src 'self' data: https://*.gstatic.com https://*.googleapis.com 1 object-src 'none';base-uri 'self';script-src 'nonce-6nDjlw3xhj7ekW1wZclswQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-0yF5FZnaSeb1Ap2h6dbtCw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-d_Ouw_447wG7bkfPsQ2BOA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.doubleclick.net *.facebook.com consentcdn.cookiebot.com *.consentcdn.cookiebot.com gum.criteo.com *.gum.criteo.com servedby.flashtalking.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.bird.eu www.google.it *.google.it secure.adnxs.com *.secure.adnxs.com *.adnxs.com x.bidswitch.net *.x.bidswitch.net *.bidswitch.net ib.adnxs.com *.ib.adnxs.com ad.360yield.com *.ad.360yield.com *.360yield.com contextual.media.net *.contextual.media.net sync.outbrain.com *.sync.outbrain.com *.outbrain.com pixel.rubiconproject.com *.pixel.rubiconproject.com *.rubiconproject.com match.sharethrough.com *.match.sharethrough.com *.sharethrough.com rtb-csync.smartadserver.com *.rtb-csync.smartadserver.com *.smartadserver.com sync-t1.taboola.com *.sync-t1.taboola.com *.taboola.com criteo-sync.teads.tv *.criteo-sync.teads.tv *.teads.tv eb2.3lift.com *.eb2.3lift.com *.3lift.com ups.analytics.yahoo.com *.ups.analytics.yahoo.com *.analytics.yahoo.com e1.emxdgt.com *.e1.emxdgt.com *.emxdgt.com cm.adform.net *.cm.adform.net *.adform.net visitor.omnitagjs.com *.visitor.omnitagjs.com *.omnitagjs.com r.casalemedia.com *.r.casalemedia.com *.casalemedia.com gum.criteo.com *.gum.criteo.com *.criteo.com matching.ivitrack.com *.matching.ivitrack.com *.ivitrack.com exchange.mediavine.com *.exchange.mediavine.com *.mediavine.com simage2.pubmatic.com *.simage2.pubmatic.com *.pubmatic.com criteo-partners.tremorhub.com *.criteo-partners.tremorhub.com *.tremorhub.com ad.yieldlab.net *.ad.yieldlab.net *.yieldlab.net sync-criteo.ads.yieldmo.com *.sync-criteo.ads.yieldmo.com *.ads.yieldmo.com beacon.krxd.net *.beacon.krxd.net *.krxd.net s.thebrighttag.com *.s.thebrighttag.com *.thebrighttag.com *.igodigital.com id5-sync.com *.id5-sync.com trk.datnova.com *.trk.datnova.com *.datnova.com *.enervit.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com consent.cookiebot.com *.consent.cookiebot.com consentcdn.cookiebot.com *.consentcdn.cookiebot.com *.cookiebot.com www.dwin1.com *.dwin1.com static.criteo.net *.static.criteo.net enervit.mailmnsa.com *.enervit.mailmnsa.com sslwidget.criteo.com *.sslwidget.criteo.com *.criteo.com js.cookieless-data.com *.js.cookieless-data.com *.cookieless-data.com smct.co *.smct.co js.sddan.com *.js.sddan.com trk.datnova.com *.trk.datnova.com *.datnova.com js-agent.newrelic.com *.js-agent.newrelic.com *.newrelic.com bam.nr-data.net *.bam.nr-data.net 510004521.collect.igodigital.com *.collect.igodigital.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.enervit.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net google.com *.google.com googleads.g.doubleclick.net *.googleads.g.doubleclick.net stats.g.doubleclick.net *.stats.g.doubleclick.net region1.analytics.google.com *.region1.analytics.google.com enervit.mailmnsa.com *.enervit.mailmnsa.com consentcdn.cookiebot.com *.consentcdn.cookiebot.com bam.nr-data.net *.bam.nr-data.net https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com t.elasticsuite.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce---a226601edeyRdrz3bhmA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-A6gR1FjVSNaJXvH-AUX4yg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-YrhklizmcMsDGmgcUTabdQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/womenwill_google 1 object-src 'none';base-uri 'self';script-src 'nonce-J3vbAkYeGPZ63ajfFivzYA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-N6MvwoG-LILYCLIOjlXzHQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-IW4zVFel6WmuuDM3zwZReQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-OfTYTAHCtneJsshyjhYzTQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-RQGLuJxibgQ4FA7mtXHuQA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self'; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.gstatic.com https://*.cloudflare.com/ https://conoret.com/ https://*.facebook.net/ https://*.sentry-cdn.com/ https://*.cookielaw.org/ https://*.mouseflow.com/ https://chimpstatic.com/ https://*.chimpstatic.com/ https://*.mailchimp.com/ https://*.myfonts.net/ https://*.fontawesome.com/ https://*.list-manage.com/ https://*.paytrace.com/ https://*.getsitecontrol.com/ https://*.google-analytics.com/ https://*.googletagmanager.com/; style-src 'report-sample' 'self' 'unsafe-inline' data: https://*.gstatic.com https://*.mailchimp.com/ https://*.googleapis.com/; object-src 'self'; base-uri 'self'; connect-src 'self' https://dt.spinneybeck.com https:/*.googleapis.com https://updates.expressionengine.com https://*.getsitecontrol.com/ https://*.scamsniffer.io/ https://*.onetrust.com/ https://*.cookielaw.org/ https://*.fontawesome.com/ https://*.sentry.io/ https://*.doubleclick.net/ https://*.google-analytics.com/ https://*.amcreativemedia.com/; font-src 'self' data: https://*.flaticon.com https://*.designmanager.com/ https://*.gstatic.com/ https://*.cookielaw.org/ https://*.fontawesome.com/ https://*.getsitecontrol.com/ https://*.typekit.net/; frame-src 'self' https://filzfelt.us6.list-manage.com https://*.vimeo.com/ https://*.paytrace.com/; img-src 'self' data: blob: https://cdn.cookielaw.org https://mcusercontent.com/ https://*.mailchimp.com/ https://*.google.com/ https://*.gstatic.com/ https://*.pinterest.com/ https://*.fontawesome.com/ https://*.getsitecontrol.com/ https://*.google-analytics.com/ https://*.googletagmanager.com/ https://*.eeharbor.com/ https://*.vimeocdn.com/; manifest-src 'self'; media-src 'self'; worker-src blob:; report-uri https://o236859.ingest.sentry.io/api/4506139720548352/security/?sentry_key=76260eda922e4376c52c41c8eb5341c8 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.doubleclick.net www.google.com www.google-analytics.com www.googletagmanager.com *.facebook.com analytics.google.com *.gstatic.com *.facebook.net www.msig-thai.com cdnjs.cloudflare.com www.google.co.th msmart.msig-thai.com *.dynatrace.com *.mookie1.com jsmart.msig-thai.com *.addthis.com adservice.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 font-src maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-_oa_lCVCwuY9YhhOfC7HJA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self'; connect-src 'self' https://*.holidaysplease.co.uk:3000 wss://*.holidaysplease.co.uk:3000; font-src 'self' https://fonts.gstatic.com https://themes.googleusercontent.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' https://*.holidaysplease.co.uk:3000 https://connect.facebook.net https://bat.bing.com https://*.elegantescapes.com 'nonce-M6w/lw'; img-src * data:; frame-src 'self' https://www.facebook.com/ data: 1 object-src 'none';base-uri 'self';script-src 'nonce-_BhiT2b3ankNLYO7txQlbg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 frame-ancestors https://admin.treefortsystems.com https://admin.stg.treefortsystems.com localhost:3001; report-uri https://o1003299.ingest.sentry.io/api/5966172/security/?sentry_key=2a13400a30ad4037a8f0cf127af14bff; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com www.google.co.uk adservice.google.com c0.adalyser.com *.doubleclick.net cdn.jsdelivr.net ariane.abtasty.com *.cloudinary.com dcinfos-cache.abtasty.com www.googletagmanager.com try.abtasty.com region1.analytics.google.com cdn.seopa.com car-insurance.compareni.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.tvlicensing.co.uk c.webtrends-optimize.com adservice.google.com secure.adnxs.com www.google.com *.gstatic.com www.google.fr app.meetami.ai *.doubleclick.net *.facebook.net www.youtube.com *.googleapis.com statse.webtrendslive.com www.google.de www.google.co.uk wss://chat.meetami.ai www.googletagmanager.com www.google-analytics.com aomg-sr-app-live.s3.eu-west-1.amazonaws.com *.googleadservices.com *.mathtag.com translate.google.com region1.google-analytics.com sbs.e-paycapita.com ots.webtrends-optimize.com www.google.ie s.webtrends.com cdn.honey.io ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 object-src 'self'; base-uri 'self'; font-src 'self' data: https://c0.wp.com; frame-src 'self' https://bld.g.doubleclick.net https://consentcdn.cookiebot.com https://insight.adsvr.org https://platform.twitter.com https://www.google.com https://www.youtube.com https://match.adsvr.org https://insight.adsvr.org; img-src 'self' data: https://pixel.rubiconproject.com https://ups.analytics.yahoo.com https://forms.hsforms.com *.doubleclick.net https://i0.wp.com https://insight.adsvr.org https://perf.hsforms.com https://pixel.wp.com https://px.ads.linkedin.com https://syndication.twitter.com https://track.hubspot.com https://www.google-analytics.com https://www.google.com https://ib.adnxs.com https://match.adsvr.org *.googletagmanager.com https://alb.reddit.com https://bat.bing.com https://secure.gravatar.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; script-src 'report-sample' 'self' https://bat.bing.com/bat.js https://js.adsrvr.org/up_loader.1.1.0.js https://js.hsforms.net/forms/embed/v2.js https://pagead2.googlesyndication.com/pagead/conversion/716916526/ https://s7.addthis.com/js/300/addthis_widget.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://ws.zoominfo.com/pixel/638518fbec4010c99aefad7 https://www.clarity.ms/tag/h0uim2tkk6 https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://www.redditstatic.com/ads/pixel.js; style-src 'report-sample' 'self' https://cdn.myfontastic.com; connect-src 'self' https://bat.bing.com https://*.clarity.ms https://pagead2.googlesyndication.com https://ws.zoominfo.com https://www.google-analytics.com; report-uri /_contentsecurity; 1 default-src 'self' *.roche.com *.roche.net *.gene.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.roche.com *.roche.net *.gene.com cdn.walkme.com apis.google.com tpc.googlesyndication.com api.html5media.info workdevapp.com cdn-js.net gdata.youtube.com twitter.com geolocation.onetrust.com api.flickr.com graph.facebook.com sharecdn.social9.com maps.googleapis.com use.typekit.com munchkin.marketo.net img.en25.com w.likebtn.com cdn.mathjax.org sadmin.brightcove.com cdnjs.cloudflare.com releases.flowplayer.org script.crazyegg.com wi.likebtn.com pepperglobal.com analytics.twitter.com cdn.blueconic.net connect.facebook.net fullstory.com script.hotjar.com gnntch.blueconic.net rules.quantcount.com secure.quantserve.com static.hotjar.com www.youtube.com www.googletagmanager.com www.google-analytics.com google-analytics.com *.gstatic.com static.ads-twitter.com sjs.bizographics.com *.linkedin.com www.google.com w.soundcloud.com s.ytimg.com *.cloudflareaccess.com *.salesforceliveagent.com https://*.roche.com:8080 https://cdnjs.org https://service.force.com/* cdn.cookielaw.org static.cloudflareinsights.com; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self' data:; object-src 'self'; child-src 'self' *.roche.com *.roche.net *.gene.com *.facebook.net qpcr.probefinder.com *.force.com *.hotjar.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com; frame-src 'self' *.roche.com *.roche.net *.gene.com www.youtube.com sites.google.com *.cloudfront.net *.facebook.net *.arcot.com live.sagepay.com player.vimeo.com tpc.googlesyndication.com players.brightcove.net qpcr.probefinder.com *.eloqua.com *.hotjar.com *.soundcloud.com *.facebook.com *.google.com *.googletagmanager.com *.youtube-nocookie.com *.youtube.com *.mendeley.com *.force.com https://cdn.walkme.com/*; worker-src 'self' *.roche.com *.roche.net *.gene.com; frame-ancestors 'self' *.roche.com *.roche.net *.gene.com datastudio.google.com sites.google.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com *.cloudflareworkers.com; form-action 'self' *.roche.com *.roche.net *.gene.com content.bioclinicien.fr connect.facebook.net www.facebook.com s1691.t.eloqua.com; base-uri 'self' *.roche.com *.roche.net *.gene.com *.secure.roche.com; plugin-types application/pdf; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: analytics.google.com *.greateasternlife.com *.scene7.com *.omtrdc.net assets.adobedtm.com www.googletagmanager.com *.doubleclick.net *.demdex.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 font-src https://fonts.gstatic.com/ *.fontawesome.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://www.facebook.com/ *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ http://cl.avis-verifies.com/ https://www.facebook.com/ https://vars.hotjar.com/ https://ct.pinterest.com/ https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.sendcloud.sc *.jsdelivr.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://www.google.fr http://maps.gstatic.com/ https://www.facebook.com/ https://ct.pinterest.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com maps.googleapis.com maps.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.amazonaws.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io https://chimpstatic.com downloads.mailchimp.com *.list-manage.com https://s.pinimg.com/ https://static.hotjar.com/ http://s3.amazonaws.com/ https://connect.facebook.net/ https://maps.googleapis.com/ https://embed.sendcloud.sc/ https://servicepoints.sendcloud.sc/ https://cl.avis-verifies.com https://googleads.g.doubleclick.net https://script.hotjar.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io maps.googleapis.com www.gstatic.com www.google.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://cdn.scalapay.com *.sendcloud.sc *.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com https://fonts.googleapis.com/ *.fontawesome.com unsafe-inline *.sendcloud.sc *.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io https://analytics.google.com/ http://maps.googleapis.com/ https://region1.analytics.google.com https://region1.google-analytics.com https://ct.pinterest.com/ https://in.hotjar.com/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: fonts.bunny.net *.googleapis.com js-agent.newrelic.com greenarrowloans.com cdn.mouseflow.com n2.mouseflow.com maxcdn.bootstrapcdn.com acsbapp.com cdn.acsbapp.com *.gstatic.com www.googletagmanager.com bam.nr-data.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 object-src 'none';base-uri 'self';script-src 'nonce-aTGtOc6M6yqb11R2SC0jog' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-yAn1gygIQGFw3TeP72N_Iw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src https:;script-src https: 'strict-dynamic' 'nonce-ad1c146ab1f2e11becc4445da930e2cbf49093b1493ac89648d5bac950d22e90' 'unsafe-inline' 'unsafe-eval' 'report-sample';style-src https: 'unsafe-inline';img-src https: data:;connect-src https: wss:;font-src https: data:;object-src 'none';media-src https: blob: data:;frame-src https: null data: blob:;child-src 'self' https:;form-action 'self';frame-ancestors 'none';base-uri 'self' https://insights.sitesearch360.com;worker-src 'self' blob:;manifest-src 'self' https://cdn.firespring.com;report-uri /csp_log 1 default-src https:; connect-src 'self' blob: https:; frame-ancestors 'self'; frame-src http:; font-src 'self' https: data:; base-uri 'self'; object-src 'self'; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://ebenefits.es/fps/user/ContentSecurityPolicy/report; 1 default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self' 1 object-src 'none';base-uri 'self';script-src 'nonce-Xb4qbUW1DaWVj_ApfRa1Vg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-edP-JihVrTBmpKxfRFZfjQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self'; img-src 'self' https: data: blob:; connect-src 'self' blob:; frame-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com data:; report-uri https://9ec04c4fa675be0bd04813b93ed11342.report-uri.com/r/d/csp/reportOnly; 1 font-src *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.weltpixel.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com www.xtento.com cdn.xtento.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com unsafe-inline *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-0KPZO2Nro9SAa4HRop934Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-MTaUK2aFK2I5XMdXTGH0pg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-U_eeFWebfkSWLjXxm8u3TA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io store.paradoxlabs.com *.gstatic.com *.cdninstagram.com *.fbcdn.net www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com widget.freshworks.com m2epro.freshdesk.com *.avada.io *.authorize.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.cloudflare.com ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com analytics.google.com *.instagram.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src widget.freshworks.com m2epro.freshdesk.com *.fontawesome.com maxcdn.bootstrapcdn.com fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com widget.freshworks.com m2epro.freshdesk.com https://get.geojs.io *.avada.io *.authorize.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.google-analytics.com analytics.google.com *.instagram.com *.googleusercontent.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com *.facebook.net adservice.google.com *.ampproject.org cdnjs.cloudflare.com *.doubleclick.net *.everesttech.net www.google.com.gt *.facebook.com cdn.datatables.net analytics.google.com *.omtrdc.net www.youtube.com assets.adobedtm.com www.google-analytics.com code.jquery.com www.googletagmanager.com *.demdex.net ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 base-uri 'self'; default-src 'none'; child-src; connect-src 'self' https://rec.smartlook.com http://rec.smartlook.com rec.smartlook.com https://apikeys.civiccomputing.com http://apikeys.civiccomputing.com apikeys.civiccomputing.com https://ig.instant-tokens.com http://ig.instant-tokens.com ig.instant-tokens.com https://graph.instagram.com http://graph.instagram.com graph.instagram.com https://*.hotjar.com http://*.hotjar.com *.hotjar.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net https://*.google-analytics.com http://*.google-analytics.com *.google-analytics.com; font-src 'self' https://fonts.gstatic.com http://fonts.gstatic.com fonts.gstatic.com https://use.typekit.net http://use.typekit.net use.typekit.net data:; form-action 'self' https://*.twitter.com http://*.twitter.com *.twitter.com https://*.facebook.com http://*.facebook.com *.facebook.com; frame-ancestors 'none'; frame-src https://*.youtube.com http://*.youtube.com *.youtube.com https://*.twitter.com http://*.twitter.com *.twitter.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net https://*.google-analytics.com http://*.google-analytics.com *.google-analytics.com https://*.hotjar.com http://*.hotjar.com *.hotjar.com; img-src 'self' https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://www.google.com http://www.google.com www.google.com https://www.google.co.uk http://www.google.co.uk www.google.co.uk https://*.cdninstagram.com http://*.cdninstagram.com *.cdninstagram.com https://*.googletagmanager.com http://*.googletagmanager.com *.googletagmanager.com https://*.facebook.com http://*.facebook.com *.facebook.com https://i.ytimg.com http://i.ytimg.com i.ytimg.com blob: data:; media-src https://youtube.com http://youtube.com youtube.com; object-src 'none'; manifest-src 'self'; script-src 'self' https://www.googletagmanager.com http://www.googletagmanager.com www.googletagmanager.com https://www.google-analytics.com http://www.google-analytics.com www.google-analytics.com https://www.googleadservices.com http://www.googleadservices.com www.googleadservices.com https://*.googleapis.com http://*.googleapis.com *.googleapis.com https://*.doubleclick.net http://*.doubleclick.net *.doubleclick.net https://cc.cdn.civiccomputing.com http://cc.cdn.civiccomputing.com cc.cdn.civiccomputing.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.typekit.net http://*.typekit.net *.typekit.net https://*.googleapis.com http://*.googleapis.com *.googleapis.com https://*.mailchimp.com http://*.mailchimp.com *.mailchimp.com 'unsafe-inline'; 1 font-src *.fontawesome.com *.googleapis.com *.gstatic.com *.nitrocdn.com *.cloudflare.com *.typekit.net *.threekit.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://seo.mageplaza.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarna.com nitropack.io c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca *.trackedlink.net ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.klarna.com *.klarnaevt.com *.facebook.com *.nitrocdn.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.threekit.com 'self' blob: *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.klarna.com *.googletagmanager.com *.facebook.net *.fontawesome.com *.googleapis.com *.gstatic.com player.vimeo.com *.intercom.io *.nitrocdn.com nitroscripts.com *.intercomcdn.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com *.threekit.com *.yotpo.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com downloads.mailchimp.com *.fontawesome.com *.nitrocdn.com unsafe-inline assets.braintreegateway.com *.cloudflare.com *.typekit.net *.threekit.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.affirm.com *.affirm.ca *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klarnaevt.com *.google-analytics.com *.getnitropack.com *.intercom.io *.zdassets.com *.nitrocdn.com *.intercomcdn.com wss://nexus-websocket-a.intercom.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.cloudflare.com *.threekit.com *.yotpo.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'none'; frame-src 'self'; img-src 'self' https://storage.googleapis.com/ https://assets.edenlivres.fr/ https://assets.entrepotnumerique.com/ https://assets.cantook.net/ https://assets-libr.cantook.net/ https://assets-edgt.cantook.net/; script-src 'self' https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.16/js/utils.min.js; style-src 'self' 'unsafe-inline'; connect-src 'self' https://storage.googleapis.com/ https://o37564.ingest.sentry.io; report-uri https://o37564.ingest.sentry.io/api/84541/security/?sentry_key=0b6a319c2af64d94839478210ee88f6c&sentry_environment=prod-northamerica 1 object-src 'none';base-uri 'self';script-src 'nonce-WyoGKzssNAArBUVQW9tycw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src *.hogantaylor.com *.hubspot.com *.hubspot.net *.hubspotvideo.com *.hubspotusercontent30.net *.hubspotusercontent-na1.net *.hscollectedforms.net *.hsforms.net *.hsforms.com *.hubapi.com js.hsleadflows.net js.hs-scripts.com js.hsadspixel.net js.hs-analytics.net js.hs-banner.com js.hs-banner.net static.hsappstatic.net js.hubspotfeedback.com *.google.com *.googletagmanager.com *.googleapis.com *.gstatic.com www.google-analytics.com *.youtube.com use.fontawesome.com *.facebook.com *.facebook.net *.doubleclick.net js.usemessages.com *.vidyard.com *.cloudfront.net wss://visitors.live wss://*.visitors.live *.luckyorange.com *.luckyorange.net snap.licdn.com 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-_P437DwJiPYm2Q-qNbhRzw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-gNjQkTe1OmacuXituGNGfA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.affirm.com *.affirm.ca cdn.dnky.co webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com data: d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.affirm.com *.affirm.ca www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.affirm.com *.affirm.ca r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.affirm.com *.affirm.ca r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-K3wakstrvOx-Btfm6wGvrQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.googleapis.com *.facebook.net stackpath.bootstrapcdn.com ka-f.fontawesome.com images.randomhouse.com cdnjs.cloudflare.com *.doubleclick.net penguinrandomhousegrupoeditorial.com *.typeform.com *.gstatic.com www.googletagmanager.com www.google-analytics.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 object-src 'none';base-uri 'self';script-src 'nonce-tlVZYYw7kKh1f7Wtmt7R6w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-8NC30N9Clq7zqTfinNdl6g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' chat.leadertelecom.nl/ wchat.leadertelecom.nl/ wss://chat.leadertelecom.nl ocsp.usertrust.com/ www.googletagmanager.com/ fonts.googleapis.com/ maxcdn.bootstrapcdn.com/ code.jquery.com/ fonts.gstatic.com/ *.google-analytics.com/ snap.licdn.com/ cdn.amplitude.com/ assets.getwildcard.com/ ocsp.comodoca.com/ px.ads.linkedin.com/ secure.trust-provider.com/ ekr.zdassets.com/ stats.g.doubleclick.net/ sectigo.com/ www.linkedin.com/ www.google.com/ www.google.nl/ chatapi.stagingleader.com wss://chatapi.stagingleader.com *.jivosite.com v2.zopim.com static.zdassets.com leaderssl.zendesk.com wss://widget-mediator.zopim.com; base-uri 'self'; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com; img-src 'self' data: chat.leadertelecom.nl/ *.leaderssl.com/ assets.getwildcard.com/ www.google.nl/ secure.trust-provider.com/ *.linkedin.com/ stats.g.doubleclick.net/ www.google-analytics.com/ p.adsymptotic.com/ www.trustlogo.com/ sectigo.com/; object-src 'none'; script-src 'self' chat.leadertelecom.nl/ www.googletagmanager.com/ www.google-analytics.com/ snap.licdn.com/ cdn.amplitude.com/ px.ads.linkedin.com/ secure.trust-provider.com/ www.trustlogo.com/ *.jivosite.com secure.comodo.com v2.zopim.com static.zdassets.com leaderssl.zendesk.com wchat.leadertelecom.nl/ 'nonce-MPYAPZFc9x5tbQ2DZekyHrOafuP1UpGECLj3tkOckoQ=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' chat.leadertelecom.nl/ fonts.googleapis.com/ maxcdn.bootstrapcdn.com/ code.jquery.com/; style-src-attr 'self' 'unsafe-inline'; report-uri /csp/report/; report-to csp-endpoint 1 default-src 'self' data: p.typekit.net use.typekit.net; font-src use.typekit.net 'self'; img-src 'self' data: p.typekit.net; script-src 'self' use.typekit.net; style-src 'self'; frame-ancestors 'self'; object-src 'self'; report-uri https://dialoop.report-uri.com/r/d/csp/wizard 1 object-src 'none';base-uri 'self';script-src 'nonce-fsF07GLclOQenns5eo8jRQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-TZGmXBGhJQvnzaL3SfwFYg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-y0vqAku-Z_KBnQ6HDV1f9Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 connect-src https:; child-src https:; default-src https:; font-src data: https:; form-action https:; frame-ancestors 'self' *.ffxblue.com.au *.ffx.io *.afr.com *.cdn.ampproject.org *.platform.ink; frame-src https:; img-src https: data:; media-src blob: https:; object-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; script-src-attr https: 'unsafe-eval' 'unsafe-inline'; script-src-elem https: 'unsafe-eval' 'unsafe-inline'; style-src https:; style-src-attr 'unsafe-inline'; style-src-elem https: 'unsafe-inline'; worker-src blob:; report-uri https://csp.ffx.io/; report-to csp-endpoint 1 img-src https://higherlogicdownload.s3.amazonaws.com/NASBLA/ https://cdn.jsdelivr.net/jquery.slick/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NASBLA/ https://img.youtube.com/vi/ https://d2x5ku95bkycr3.cloudfront.net https://higherlogiclongterm.s3.amazonaws.com/NASBLA/ https://d132x6oi8ychic.cloudfront.net 'self'; style-src https://d132x6oi8ychic.cloudfront.net 'unsafe-inline' higherlogiccloudfront.s3.amazonaws.com https://cdn.jsdelivr.net/jquery.slick/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://d2x5ku95bkycr3.cloudfront.net/ https://ajax.googleapis.com/ajax/libs/jqueryui/ https://use.fortawesome.com/ fonts.googleapis.com https://fonts.googleapis.com/ https://d3uf7shreuzboy.cloudfront.net/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NASBLA/ https://higherlogicdownload.s3.amazonaws.com/NASBLA/ https://higherlogiclongterm.s3.amazonaws.com/NASBLA/ 'self'; font-src https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/jquery.slick/ higherlogiccloudfront.s3.amazonaws.com fonts.googleapis.com https://higherlogicdownload.s3.amazonaws.com/NASBLA/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NASBLA/ 'self' https://higherlogiclongterm.s3.amazonaws.com/NASBLA/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://d2x5ku95bkycr3.cloudfront.net https://d132x6oi8ychic.cloudfront.net data:; media-src https://higherlogiclongterm.s3.amazonaws.com/NASBLA/ https://higherlogicdownload.s3.amazonaws.com/NASBLA/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NASBLA/ https://higherlogicstream.s3.amazonaws.com/NASBLA/ 'self' https://d132x6oi8ychic.cloudfront.net; script-src https://higherlogiclongterm.s3.amazonaws.com/NASBLA/ https://higherlogicdownload.s3.amazonaws.com/NASBLA/ https://ajax.aspnetcdn.com/ajax/ https://cdn.jsdelivr.net/jquery.slick/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d132x6oi8ychic.cloudfront.net cdn.informz.net 'unsafe-eval' https://use.fortawesome.com/ https://higherlogic-holdingpen-us-east-1.s3.amazonaws.com/NASBLA/ https://cdnjs.cloudflare.com/ajax/libs/prism/ 'unsafe-inline' https://d2x5ku95bkycr3.cloudfront.net/ higherlogiccloudfront.s3.amazonaws.com https://static.filestackapi.com https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d3uf7shreuzboy.cloudfront.net/ 'self'; script-src-elem https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery-ui.1.10.1-patched-2022-08-16.js https://d3uf7shreuzboy.cloudfront.net/ https://d3gliviwslgzfo.cloudfront.net/WebRoot/stable/Bundles/jQuery.1.10.2-patched-2022-12-05.js https://d2x5ku95bkycr3.cloudfront.net/ https://cdnjs.cloudflare.com/ajax/libs/prism/ https://static.filestackapi.com/filestack-js/ 'self' https://ajax.aspnetcdn.com/ajax/ 'unsafe-eval' 'unsafe-inline'; worker-src 'self'; frame-src https://api.connectedcommunity.org/ 'self' https://www.youtube.com/embed/; default-src 'self'; base-uri 'self'; connect-src 'self' hl-managedservices.informz.net; frame-ancestors https://*.connectedcommunity.org/ 'self'; object-src 'none'; manifest-src 'self'; 1 object-src 'none';base-uri 'self';script-src 'nonce-KU-wVChay4kdfekGQ5M6uQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-38hHKVd7gpugc0K4z5RLoQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-Q1ERpFV2_xpT5TCHYxdQ5Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-Y2JevUIoHhuylHQS_2j12g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.cloudfront.net 'self' data: *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.doubleclick.net *.nr-data.net *.amphenolrf.com *.typekit.net *.livechatinc.com *.genial.ly *.clarity.ms *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.affirm.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co webchat.dotdigital.com *.cloudfront.net *.youtube.com *.olark.com *.google.com *.google-analytics.com *.affirm.com *.doubleclick.net *.newrelic.com *.nr-data.net *.livechatinc.com *.amphenolrf.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com validator.swagger.io data: d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.cloudfront.net *.symantec.com *.bootstrapcdn.com *.olark.com *.gstatic.com *.google.com *.googleapis.com *.doubleclick.net *.newrelic.com *.nr-data.net *.amphenolrf.com *.typekit.net *.hubspot.com *.hsforms.com *.livechatinc.com *.genial.ly *.clarity.ms *.bing.com https://redchamps.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.google.com *.google-analytics.com *.googletagmanager.com *.olark.com static.olark.com *.symantec.com *.mouseflow.com chimpstatic.com *.affirm.com *.gstatic.com *.googleapis.com *.cloudfront.net *.doubleclick.net *.newrelic.com *.nr-data.net *.livechatinc.com *.hs-scripts.com *.hsleadflows.net *.hs-banner.com *.hscollectedforms.net *.hs-analytics.net *.amphenolrf.com *.genial.ly *.clarity.ms *.avada.io *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.cloudfront.net *.cloudflare.com *.olark.com *.bootstrapcdn.com *.googleapis.com *.doubleclick.net *.newrelic.com *.nr-data.net *.amphenolrf.com *.typekit.net *.genial.ly *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.livechatinc.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com *.cloudfront.net *.google-analytics.com *.google.com *.olark.com *.affirm.com *.groupbycloud.com *.doubleclick.net *.newrelic.com *.nr-data.net *.hubspot.com *.hscollectedforms.net *.amphenolrf.com *.genial.ly *.clarity.ms https://get.geojs.io *.avada.io *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /iwd_csp/report/log; report-to report-endpoint; 1 object-src 'none';base-uri 'self';script-src 'nonce-4UMOJecjoOmF9ESPNctJzw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.typekit.net fonts.gstatic.com use.typekit.net fonts.googleapis.com maxcdn.bootstrapcdn.com acsbapp.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com payflowlink.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.google.com www.googletagmanager.com *.braintreegateway.com *.paypal.com *.dotdigital-pages.com *.dotdigital.com js.authorize.net jstest.authorize.net accept.authorize.net d1l7z5ofrj6ab8.cloudfront.net payflowlink.paypal.com googleads.g.doubleclick.net data: *.google.co.in *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.paypal.com *.typekit.net p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net maps.googleapis.com maps.gstatic.com *.trackedlink.net *.keekaroo.com *.specialtomato.com *.adaptivemall.com *.adaptivemall.ca app.certcapture.com nxtuploads.s3.amazonaws.com i.imgur.com verify.authorize.net *.bizrate.com blob: *.bing.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.commerce-payment-services.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.typekit.net amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal js.authorize.net jstest.authorize.net sandbox-assets.secure.checkout.visa.com *.nextopia.net *.ecomm-nav.com fonts.gstatic.com www.gstatic.com www.google.com checkout.getbread.com app.certcapture.com www.adaptivemall.com staging.adaptivemall.com vector.nextopiasoftware.com verify.authorize.net bat.bing.com js-agent.newrelic.com connect.facebook.net d1l7z5ofrj6ab8.cloudfront.net *.bizrate.com bam.nr-data.net *.googleadservices.com acsbapp.com https://cdn.searchspring.net/intellisuggest/is.min.js *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.nextopia.net *.ecomm-nav.com fonts.gstatic.com maxcdn.bootstrapcdn.com app.certcapture.com *.bizrate.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com *.adobe.io performance.typekit.net *.sentry.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com js.authorize.net jstest.authorize.net api.authorize.net apitest.authorize.net accept.authorize.net test.authorize.net app.certcapture.com happyfoxchat.com bam.nr-data.net *.bizrate.com stats.g.doubleclick.net cdn.acsbapp.com acsbapp.com https://beacon.searchspring.io/beacon *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.nextopia.net *.ecomm-nav.com fonts.gstatic.com fonts.googleapis.com checkout.getbread.com www.googletagmanager.com www.google.com www.facebook.com connect.facebook.net bat.bing.com app.certcapture.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-oap-0q3PYROqbeG22EftSQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'none'; form-action 'none'; frame-ancestors 'none'; report-uri https://tcpinsurance.report-uri.com/r/t/csp/wizard 1 object-src 'none';base-uri 'self';script-src 'nonce-pha8gmBq1EWuXfk9PJNBxw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-5jRVU8T-XAS3L-zwb0BZrQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src fonts.gstatic.com use.typekit.net https://*.gstatic.com *.gstatic.com data: *.sagepay.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudfront.net *.reviews.io *.reviews.co.uk data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.sagepay.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com *.instagram.com www.google.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.sagepay.com account.fetchify.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.adyen.com https://*.gstatic.com *.gstatic.com *.googleapis.com *.cdninstagram.com www.apptrian.com www.facebook.com *.paypal.com *.sagepay.com ebizmarts-website.s3.amazonaws.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ flagpedia.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudfront.net *.reviews.io *.reviews.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.adyen.com *.googleapis.com *.instagram.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.sagepay.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.gstatic.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.reviews.io *.reviews.co.uk cdn.jsdelivr.net js-agent.newrelic.com bam.nr-data.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com/ cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.sagepay.com cc-cdn.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com unsafe-inline assets.braintreegateway.com *.cloudfront.net *.reviews.io *.reviews.co.uk cdn.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com www.apptrian.com www.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.adyen.com www.apptrian.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.paypal.com *.sagepay.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ www.gstatic.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com *.cloudfront.net *.reviews.io *.reviews.co.uk 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 report-uri https://report-uri.io/report/corburn/reportOnly 1 font-src *.stripe.com *.google.com *.opayo.eu.elavon.com https://*.gstatic.com https://*.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.stripe.com *.google.com *.opayo.eu.elavon.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com https://*.google.com *.opayo.eu.elavon.com account.fetchify.com https://*.doubleclick.net https://*.hotjar.com js.stripe.com hooks.stripe.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.trackedlink.net *.stripe.com https://*.google.com ebizmarts-website.s3.amazonaws.com *.paypal.com *.opayo.eu.elavon.com https://*.doubleclick.net https://*.google.co.uk https://*.cloudfront.net store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.gstatic.com *.facebook.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com https://www.google.com *.opayo.eu.elavon.com widget.freshworks.com m2epro.freshdesk.com https://*.pcapredict.com/js/sensor.js https://www.googletagmanager.com https://www.gstatic.com https://*.hotjar.com https://*.doubleclick.net https://secure.leadforensics.com https://*.googleapis.com js.stripe.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com tagmanager.google.com *.facebook.net unpkg.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com https://*.googleapis.com *.opayo.eu.elavon.com widget.freshworks.com m2epro.freshdesk.com cc-cdn.com https://*.typekit.net unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com *.google.com *.paypal.com *.opayo.eu.elavon.com widget.freshworks.com m2epro.freshdesk.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk https://*.hotjar.com https://*.adobedc.net https://*.nr-data.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-GITw91xuVjunB2pUDfcQRg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src *;script-src 'unsafe-inline' 'unsafe-eval' *;style-src 'unsafe-inline' *;connect-src * blob:;report-uri https://cdn.website-start.de/app/reporting/policyviolation/submit 1 object-src 'none';base-uri 'self';script-src 'nonce-NW8DTG15tCdxQG3zpgPOTw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: asset.scott-sports.com cdns.eu1.gigya.com *.vimeo.com cdn.jsdelivr.net *.doubleclick.net integrations.fitanalytics.com api.mapbox.com www.google.se www.google.ca events.mapbox.com *.facebook.com scottdocs.s3.amazonaws.com www.googletagmanager.com *.facebook.net www.google.ch p.typekit.net www.google.nl widgets.onlinesizing.bike widget.fitanalytics.com www.youtube.com use.typekit.net www.google.de api.onlinesizing.bike www.google.es *.gstatic.com medias.ssg-service.com metrics.fitanalytics.com accounts.google.com bat.bing.com *.youtube-nocookie.com *.cloudfront.net webtrack.chd01.com npmcdn.com acsbapp.com www.google.com assets.scott-sports.com www.google.fr www.google.it adservice.google.com www.google.com.br *.googleadservices.com *.addthis.com cdn.acsbapp.com region1.analytics.google.com analytics.google.com metrics-nl.fitanalytics.com apis.google.com *.r.appspot.com www.google.com.au ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report 1 font-src *.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.sharethis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com *.hotjar.com *.arcot.com *.trustpilot.com *.google.com *.googlesyndication.com *.youtube.com *.youtube-nocookie.com *.adyen.com js.mollie.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.sharethis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' data: *.nr-data.net *.doubleclick.net *.facebook.com *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.google.at *.google.be *.google.ch *.google.com *.google.co.uk *.google.de *.google.dk *.google.es *.google.fr *.google.ie *.google.im *.google.it *.google.nl *.google.pl *.google.se *.google.sr *.adyen.com *.bing.com https://www.mollie.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline'; script-src https://cdnjs.cloudflare.com/ajax/libs/lazysizes/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ secure.authorize.net test.authorize.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com js.braintreegateway.com s.ytimg.com video.google.com vimeo.com www.vimeo.com cdn-scripts.signifyd.com www.youtube.com *.sharethis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.dhlparcel.nl *.clickcease.com *.doubleclick.net *.facebook.net *.googletagmanager.com *.google.com *.googleoptimize.com *.googleanalytics.com *.google-analytics.com *.gstatic.com *.googleapis.com *.hotjar.com chimpstatic.com *.newrelic.com *.nr-data.net *.mylivechat.com *.trustpilot.com *.popupsmart.com *.atlassian.net *.zdassets.com *.zendesk.com *.zopim.com *.bing.com js.mollie.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.sharethis.com *.google.com *.googleapis.com *.mailchimp.com *.mylivechat.com *.trustpilot.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline'; object-src *.google.com *.youtube.com 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.sharethis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.doubleclick.net *.google-analytics.com *.google.com *.hypernode.io *.hotjar.com *.hotjar.io *.nr-data.net *.facebook.com *.trustpilot.com *.popupsmart.com *.zdassets.com *.zendesk.com *.zopim.com wss://widget-mediator.zopim.com/ *.trustedshops.com *.etrusted.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://fysiosupplies.report-uri.com/r/d/csp/enforce; report-to report-endpoint; 1 object-src 'none';base-uri 'self';script-src 'nonce-VIWy2a-pbM7sVkZfzT_PeQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src fonts.gstatic.com use.typekit.net *.gstatic.com data: *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com https://fonts.gstatic.com *.zopim.com *.zopim.io *.fontawesome.com checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com use.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.twitter.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.dotdigital-pages.com *.dotdigital.com *.weltpixel.com *.youtube.com http://www.sandbox.paypal.com *.twitter.com checkout.tabby.ai static.addtoany.com/ *.google-analytics.com *.google.com *.gstatic.com *.pinterest.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com p.typekit.net www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.gstatic.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.bing.com *.zopim.com *.zopim.io *.doubleclick.net *.google.com *.google.co.in *.mastercard.com checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com *.adobe.com *.youtube.com validator.swagger.io unpkg.com *.unpkg.com imagekit.io *.imagekit.io *.braintreegateway.com *.amazonaws.com antoine-images.com *.olx.com.lb *.ibb.co cdn-cookieyes.com www.googletagmanager.com https://www.magezon.com *.pinterest.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; script-src *.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com assets.adobedtm.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com video.google.com vimeo.com www.vimeo.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.youtube.com polyfill.io *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com songbirdstag.cardinalcommerce.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bing.com *.zopim.com *.zdassets.com *.google.com *.youtube.com checkout.tabby.ai widgets.tabby.ai cdn.segment.com cdn.sift.com score.jcsc.online seondf.com deviceinf.com getdeviceinf.com *.adobe.com *.cardinalcommerce.com *.doubleclick.net analytics.google.com *.paypal.com *.ytimg.com *.vimeocdn.com *.unpkg.com cdnjs.cloudflare.com imagekit.io *.imagekit.io *.mastercard.com *.gateway.mastercard.com *.braintreegateway.com static.addtoany.com cdn-cookieyes.com *.newrelic.com *.nr-data.net *.livechatinc.com 'self' data: *.pinterest.com *.facebook.net *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com getfirebug.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.fontawesome.com *.bing.com use.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.zopim.com *.zopim.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com thm.visa.com www.paypal.com www.sandbox.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.google-analytics.com *.cloudflare.com *.twitter.com *.cookieyes.com *.twimg.com *.zdassets.com *.zopim.com *.zopim.io wss://widget-mediator.zopim.com https://stats.g.doubleclick.net checkout.tabby.ai widgets.tabby.ai cdn.segment.com api.segment.com api.segment.io api.amplitude.com *.seondfresolver.com *.deviceinfresolver.com *.getdeviceinfresolver.com *.cardinalcommerce.com analytics.google.com vimeo.com pilot-payflowlink.paypal.com unpkg.com *.unpkg.com imagekit.io *.imagekit.io *.braintreegateway.com *.braintree-api.com cdn-cookieyes.com *.nr-data.net *.livechatinc.com 'self' data: maps.googleapis.com http://dpm.demdex.net stats.g.doubleclick.net *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.seondnsresolve.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-gL72jgDd5bJnTtEGa8nlVw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-IAbwDAFkohSRSCOzJsa7ag' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com *.morningstar.com https://www.google.com *.usabilla.com https://code.jquery.com https://hcaptcha.com https://*.hcaptcha.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://cdn.polyfill.io; connect-src 'self' *.morningstar.com; img-src 'self' data: *.morningstar.com *.davy.ie https://www.google.com https://www.google.ie *.usabilla.com https://d6tizftlrpuof.cloudfront.net; font-src 'self' data: https://fast.fonts.net https://fonts.gstatic.com *.morningstar.com https://cdnjs.cloudflare.com https://use.fontawesome.com https://d6tizftlrpuof.cloudfront.net; base-uri 'self' https://d6tizftlrpuof.cloudfront.net https://d6tizftlrpuof.cloudfront.net; style-src 'self' 'unsafe-inline' *.jsdelivr.net https://fast.fonts.net *.morningstar.com https://use.fontawesome.com https://d6tizftlrpuof.cloudfront.net *.googleapis.com; form-action 'self'; frame-src https://*.hcaptcha.com; manifest-src 'self'; report-uri /api/csp/violationReport; 1 object-src 'none';base-uri 'self';script-src 'nonce-qc6wjD-nz1m-F-xVaFLlxA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co api.comapi.com webchat.dotdigital.com *.avada.io yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com api.comapi.com webchat.dotdigital.com yotpo.com www.yotpo.com p.yotpo.com staticw2.yotpo.com w2.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com https://cdnjs.cloudflare.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com maps.googleapis.com chart.googleapis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://redchamps.com https://stellar-live.inside-graph.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com maps.googleapis.com chart.googleapis.com s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://stellar-cdn.inside-graph.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.fontawesome.com unsafe-inline https://stellar-cdn.inside-graph.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com maps.googleapis.com chart.googleapis.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com https://stellar-live.inside-graph.com wss://stellar-live.inside-graph.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 worker-src blob:; font-src *.gstatic.com 'self' data: fonts.googleapis.com fonts.gstatic.com *.kxcdn.com *.fontawesome.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.bootstrapcdn.com *.hawksearch.net *.yotpo.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.twitter.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com google.com *.dotdigital-pages.com *.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.twitter.com https://www.google.com https://www.google.co.in https://www.facebook.com *.hostedpayments.com *.jst.ai *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de scontent.cdninstagram.com *.kxcdn.com *.twitter.com google.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: *.cloudflare.com *.google.com *.google.co.in https://www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net *.youtube.com https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com http://app.bronto.com https://app.bronto.com http://cdn.bronto.com https://cdn.bronto.com http://c.bron.to https://c.bron.to http://maw.bronto.com https://maw.bronto.com *.hawksearch.net *.bing.com *.klaviyo.com *.cdninstagram.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de google.com *.gstatic.com cdn.ampproject.org connect.facebook.net www.googletagmanager.com googletagmanager.com *.kxcdn.com platform.twitter.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://connect.facebook.net *.paypalobjects.com *.paypal.com https://chimpstatic.com *.googletagmanager.com *.youtube.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.bootstrapcdn.com *.pingdom.net *.bronto.com *.bron.to *.hawksearch.net *.newrelic.com *.nr-data.net *.jst.ai *.jsdelivr.net *.bing.com *.klaviyo.com *.site24x7rum.com kbmax.kbmaxnext.com https://www.googletagmanager.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com google.com *.kxcdn.com *.gstatic.com *.fontawesome.com unsafe-inline *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.youtube.com *.bootstrapcdn.com *.bronto.com *.materialdesignicons.com *.hawksearch.net tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google.com *.google.co.in *.facebook.com *.bronto.com *.brontops.com *.nr-data.net *.pingdom.net stats.g.doubleclick.net col.site24x7rum.com *.klaviyo.com *.jst.ai *.google-analytics.com graph.instagram.com maps.googleapis.com https://www.google-analytics.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri http://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1 object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-2pw4JavCWg0YYXIeGUqVK8kXdcV4ZhYQ'; base-uri 'none'; report-uri https://se.sanitino.eu/api/3/security/?sentry_key=b2d6b02f684b4691b5b10905f49956fa 1 default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'self' https: www.gstatic.com 'nonce-9K7LvqWtLrl9RfiTLuebgg=='; style-src 'self' https:; report-uri https://craftcourses.report-uri.com/r/d/csp/enforce 1 default-src 'self' https://gapi.storyblok.com https://api.storyblok.com https://a.storyblok.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.wistia.com https://*.wistia.net netlify-cdp-loader.netlify.app 'unsafe-inline' blob: data:; script-src 'nonce-A7QBNTTVhUtU+q0ijZgcH4UT5Qwqel81' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 'self' https: http:'nonce-7s/2QDAARdc+8gW8hG/GetDEffgLPycB' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 'self' https: http:'self' 'unsafe-inline' 'unsafe-eval' https://*.hotjar.com https://*.storyblok.com https://netlify-rum.netlify.app https://*.wistia.com https://*.wistia.net https://src.litix.io *.visualwebsiteoptimizer.com app.vwo.com https://www.googletagmanager.com https://tagmanager.google.com https://*.onetrust.com https://*.google-analytics.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com googleads.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net https://js.driftt.com https://widget.drift.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.hotjar.com https://fast.wistia.com https://*.onetrust.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com https://www.googletagmanager.com https://tagmanager.google.com blob:; img-src 'self' https://*.hotjar.com https://*.storyblok.com https://*.wistia.com https://*.wistia.net *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com https://*.onetrust.com https://*.doubleclick.net https://*.bing.com https://*.google-analytics.com www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com googleads.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net data:; connect-src 'self' https://*.storyblok.com https://*.wistia.com https://*.wistia.net https://*.algolia.net *.visualwebsiteoptimizer.com app.vwo.com ingesteer.services-prod.nsvcs.net https://*.onetrust.com https://*.hotjar.com https://*.hotjar.io wss://ws.hotjar.com https://*.google.com https://*.bing.com https://*.litix.io https://*.doubleclick.net https://gapi.storyblok.com https://*.google-analytics.com https://*.analytics.google.com https://www.googletagmanager.com px.ads.linkedin.com px4.ads.linkedin.com www.facebook.com connect.facebook.net; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://*.hotjar.com https://*.wistia.com data:; object-src 'self'; frame-src 'self' https://gapi.storyblok.com app.netlify.com netlify-cdp-loader.netlify.app https://*.vwo.com https://*.youtube-nocookie.com https://dev.visualwebsiteoptimizer.com https://fast.wistia.com https://fast.wistia.net https://td.doubleclick.net app.vwo.com *.visualwebsiteoptimizer.com https://js.driftt.com https://widget.drift.com info.leap.us; worker-src 'self' blob:; media-src 'self' https://*.wistia.com https://*.wistia.net https://js.driftt.com https://widget.drift.com blob: data:; base-uri 'self'; form-action 'self'; frame-ancestors 'self' https://app.storyblok.com; script-src-elem 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com; child-src blob:; upgrade-insecure-requests; report-uri /.netlify/functions/__csp-violations 1 Content-Security-Policy-Report-Only: default-src 'none'; style-src 'report-sample' 'unsafe-inline' https://components.zephr.com https://fonts.googleapis.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' https://b-code.liadm.com https://cdn.heapanalytics.com https://cdn.ketchjs.com https://components.zephr.com https://connect.facebook.net https://d.email.forbes.com https://global.ketchcdn.com https://googleads.g.doubleclick.net https://i.forbesimg.com https://js.stripe.com https://ml314.com https://munchkin.marketo.net https://rules.quantcount.com https://sb.scorecardresearch.com https://secure.quantserve.com https://siteintercept.qualtrics.com https://snap.licdn.com https://static.ads-twitter.com https://static.chartbeat.com https://tags.bkrtx.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://z.moatads.com https://zndpq7uw2elr2st9z-forbesbi.siteintercept.qualtrics.com; img-src https://analytics.twitter.com https://blogs-images.forbes.com https://dpm.demdex.net https://heapanalytics.com https://i.forbesimg.com https://idsync.rlcdn.com https://images.forbes.com https://match.adsrvr.org https://ping.chartbeat.net https://pixel.quantserve.com https://ps.eyeota.net https://px.ads.linkedin.com https://px.moatads.com https://sb.scorecardresearch.com https://secure.gravatar.com https://specials-images.forbesimg.com https://sync.crwdcntrl.net https://t.co https://www.facebook.com https://www.google-analytics.com https://www.google.com; font-src https://fonts.gstatic.com https://i.forbesimg.com; connect-src 'self' https://ampcid.google.com https://analytics.google.com https://cdn.linkedin.oribi.io https://global.ketchcdn.com https://rp.liadm.com https://se.email.forbes.com https://siteintercept.qualtrics.com https://stats.g.doubleclick.net https://www.google-analytics.com; frame-src https://d.email.forbes.com https://i.liadm.com https://js.stripe.com https://stags.bluekai.com; report-uri https://csp.feroot.com/2f2e5c78-30af-40c5-8f7b-213d3c2fa4db/7e32134e-1ddb-455f-8609-08e841d0dacd/collect; 1 font-src *.fontawesome.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com payment.cdn.payline.com homologation-payment.cdn.payline.com https://fonts.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com sis-t.redsys.es:25443 https://seo.mageplaza.com sis.redsys.es *.sologroup-spain.com *.sologroup-portugal.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com https://consent.cookiebot.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com *.dotdigital-pages.com *.dotdigital.com *.twitter.com *.consensu.org *.sharethis.com payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com payment.cdn.payline.com homologation-payment.cdn.payline.com https://player.vimeo.com https://www.youtube-nocookie.com https://consentcdn.cookiebot.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.trackedlink.net *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.sharethis.com payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com payment.cdn.payline.com homologation-payment.cdn.payline.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com maps.gstatic.com https://s7g3.scene7.com https://maps.gstatic.com https://www.google.com https://www.google.fr https://via.placeholder.com/ www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 polyfill.io *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.nr-data.net *.newrelic.com *.google.com *.sharethis.com payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com payment.cdn.payline.com homologation-payment.cdn.payline.com https://player.vimeo.com https://www.youtube.com maps.googleapis.com https://consent.cookiebot.com https://consentcdn.cookiebot.com *.amazonaws.com https://maps.googleapis.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com payment.cdn.payline.com homologation-payment.cdn.payline.com https://fonts.googleapis.com http://fonts.googleapis.com *.amazonaws.com *.sologroup-paris.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.googleadservices.com *.google-analytics.com *.sandbox.paypal.com *.paypalobjects.com *.nr-data.net *.newrelic.com *.ampproject.org *.sharethis.com payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com payment.cdn.payline.com homologation-payment.cdn.payline.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io https://maps.googleapis.com https://s7g3.scene7.com https://stats.g.doubleclick.net/ *.amazonaws.com https://consentcdn.cookiebot.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://c7085ab927eb7f318613dcc0fad3f6d7.report-uri.com/r/d/csp/reportOnly; report-to report-endpoint; 1 object-src 'none';base-uri 'self';script-src 'nonce-PPlIbfEdsrw-xvmJyv7_Tg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none'; script-src 'nonce-70ea1e2278e8dc198ade88f98681a5f232097a9726f57bdecc5f1f2723d76e52' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; img-src 'self' https: data:; base-uri 'none'; frame-ancestors 'self' ; 1 object-src 'none';base-uri 'self';script-src 'nonce-am_9RdDtjHO7Gs9ruv_fHQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.alothemes.com *.magepow.com *.fontawesome.com *.google.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com ct.pinterest.com js.mollie.com *.sendcloud.sc *.jsdelivr.net www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.alothemes.com *.magepow.com https://belco-prod.s3-eu-central-1.amazonaws.com *.pinterest.com *.google.com.ua https://www.mollie.com *.koongo.com *.amazonaws.com ts.tradetracker.net www.magmodules.eu www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.alothemes.com *.magepow.com https://cdn.belco.io *.avada.io *.hotjar.com s.pinimg.com analytics.tiktok.com js.mollie.com chimpstatic.com *.newrelic.com *.sendcloud.sc *.jsdelivr.net tm.tradetracker.net www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.alothemes.com *.magepow.com *.fontawesome.com *.google.com cdnjs.cloudflare.com/ajax/libs/highlight.js/9.3.0/styles/darkula.min.css *.sendcloud.sc *.jsdelivr.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.google.com cdn.belco.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.alothemes.com *.magepow.com wss://chat.belco.io https://cdn.belco.io https://get.geojs.io *.avada.io *.pinterest.com *.hotjar.com wss://ws27.hotjar.com *.hotjar.io analytics.tiktok.com stats.g.doubleclick.net *.koongo.com *.nr-data.net *.newrelic.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com maxcdn.bootstrapcdn.com donrobertojewelers.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com donrobertojewelers.com 'self' 'unsafe-inline'; frame-ancestors donrobertojewelers.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.addthis.com *.pinterest.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.weltpixel.com www.xtento.com donrobertojewelers.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com store.paradoxlabs.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.facebook.com www.xtento.com cdn.xtento.com donrobertojewelers.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.instagram.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.facebook.net www.xtento.com cdn.xtento.com donrobertojewelers.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com donrobertojewelers.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ donrobertojewelers.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com *.graph.instagram.com *.google-analytics.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.google.com google.com donrobertojewelers.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com donrobertojewelers.com http: https: blob: 'self' 'unsafe-inline'; default-src donrobertojewelers.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com https://www.youtube.com https://connect.facebook.net https://www.googletagmanager.com https://www.google-analytics.com https://*.addthis.com https://*.moatads.com https://*.addthisedge.com; style-src 'self' fonts.googleapis.com 'unsafe-inline'; img-src 'self' https://graph.facebook.com https://platform-lookaside.fbsbx.com https://fbcdn.net https://adorable.io https://*.amazonaws.com https://*.fbcdn.net https://*.adorable.io *.fbcdn.net *.adorable.io https://i.ytimg.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.googletagmanager.com data:; media-src 'self' https://*.amazonaws.com data:; connect-src 'self' https://stage-admin.ownagepranks.com https://www.google-analytics.com https://api-public.addthis.com https://stats.g.doubleclick.net; frame-src 'self' https://www.youtube.com https://js.stripe.com https://*.addthis.com https://www.facebook.com; font-src 'self' fonts.gstatic.com data:; worker-src blob: 1 object-src 'none';base-uri 'self';script-src 'nonce-hUt9Bco6VhbJN9xqqwtIiw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-B6_XbtOh05JtwkigtMTHdQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-NoISZtTV2gLySR5vIXDh7Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-gRrx5-_liobei5CCTUPqAQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-nqgFs32HAQeVw67_TB2cgg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-2_00oRjq-YcYKp1X7XBORQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-Cbhrd6iQ1mmfDUAIu6ypKQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de account.fetchify.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de s7.addthis.com *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cc-cdn.com *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.craftyclicks.co.uk pcls1.craftyclicks.co.uk ekr.zdassets.com/ https://get.geojs.io *.avada.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-6TBgoqeR7z5cEzEsmgd4UQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net/npm/mathjax@3/es5/tex-chtml.js unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js www.googletagmanager.com/gtag/js js.hs-banner.com/21662120.js js.hsadspixel.net/fb.js js.hscollectedforms.net js.hs-analytics.net app.hubspot.com static.hsappstatic.net js.hubspot.com js.hs-banner.com connect.facebook.net platform.twitter.com platform.linkedin.com; style-src 'report-sample' 'unsafe-inline' 'self' fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' boards-api.greenhouse.io/v1/boards/striveworks/jobs *.hubspot.com assets4.lottiefiles.com forms.hubspot.com forms.hscollectedforms.net; font-src 'self' fonts.gstatic.com cdn.jsdelivr.net; frame-src 'self' platform.twitter.com www.youtube-nocookie.com; img-src 'self' data: forms.hsforms.com no-cache.hubspot.com *.hsforms.com 21662120.fs1.hubspotusercontent-na1.net; manifest-src 'self'; media-src 'self' 21662120.fs1.hubspotusercontent-na1.net; report-uri https://62cc61b3d268e140f1501f52.endpoint.csper.io/?v=1; worker-src 'none'; 1 font-src *.googleapis.com *.gstatic.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://fonts.intercomcdn.com/ use.fontawesome.com/releases/v5.6.0/webfonts *.sagepay.com *.fontawesome.com maxcdn.bootstrapcdn.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com https://www.facebook.com/ https://*.realexpayments.com/ *.sagepay.com *.nosto.com *.nos.to *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ bid.g.doubleclick.net *.adyen.com https://lgpc.prismic.io *.weltpixel.com https://vars.hotjar.com/ https://www.facebook.com/ https://*.realexpayments.com/ https://player.vimeo.com/ https://www.google.com/ *.trustpilot.com https://newassets.hcaptcha.com/ https://static.cdn.prismic.io/ https://example-repository.prismic.io/ https://ct.pinterest.com/ https://r3.girogate.de/ *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.sagepay.com account.fetchify.com *.nosto.com *.nos.to c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.adyen.com *.googleapis.com *.gstatic.com https://images.prismic.io/lgpc/ https://bat.bing.com/ https://www.facebook.com https://*.pinterest.com/ https://www.google-analytics.com https://www.google.com https://www.google.co.uk https://snapppt.com/ https://*.snapppt.com/ https://maps.googleapis.com/ https://images.prismic.io/ https://prismic-io.s3.amazonaws.com/ https://cookie-cdn.cookiepro.com https://www.magecomp.com/ https://streetviewpixels-pa.googleapis.com/ https://js.intercomcdn.com/ https://www.google.com.ua/ *.paypal.com *.sagepay.com ebizmarts-website.s3.amazonaws.com www.feedoptimise.com cdn.feedoptimise.com *.nosto.com *.nos.to www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com https://player.vimeo.com/ www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.adyen.com *.googleapis.com *.gstatic.com https://static.cdn.prismic.io https://prismic.io https://cdnjs.cloudflare.com https://use.fontawesome.com https://*.hotjar.com/ https://connect.facebook.net/ https://s.pinimg.com/ https://bat.bing.com/ https://snapppt.com/ https://*.snapppt.com/ https://maps.googleapis.com/ https://js.intercomcdn.com/ *.trustpilot.com https://*.azureedge.net/ https://cookie-cdn.cookiepro.com/ https://widget.intercom.io https://widgets.pinterest.com https://assets.pinterest.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.gstatic.com https://hcaptcha.com https://cookie-cdn.cookiepro.com https://www.googleoptimize.com/ https://oc-cdn-public-gbr.azureedge.net/ https://emarketing.littlegreene.com/ https://www.googletagmanager.com tagmanager.google.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.sagepay.com www.feedoptimise.com cdn.feedoptimise.com player.vimeo.com *.nosto.com *.nos.to js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com/ https://cdnjs.cloudflare.com https://*.azureedge.net/ https://hello.myfonts.net/ tagmanager.google.com use.fontawesome.com/releases/v5.6.0/css cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.sagepay.com cc-cdn.com *.fontawesome.com maxcdn.bootstrapcdn.com *.nosto.com *.nos.to unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.adyen.com *.googleapis.com https://*.hotjar.com/ https://*.pinterest.com/ https://www.google-analytics.com https://stats.g.doubleclick.net https://lg-gb.lgpcm2.ctidev https://snapppt.com/ https://*.snapppt.com/ https://maps.googleapis.com/ https://api-iam.intercom.io/ https://api.craftyclicks.co.uk/ https://www.facebook.com/ wss://nexus-websocket-a.intercom.io https://bat.bing.com/ https://bam.nr-data.net/ https://cookie-cdn.cookiepro.com/ https://privacyportal.cookiepro.com/ https://geolocation.onetrust.com/ https://invitejs.trustpilot.com/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.paypal.com *.sagepay.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk *.nosto.com *.nos.to api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-YqUKp7kOcFn3Gy8rHih_nQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-nPT58XXod41veU1N8qsvhw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-PoEDWk0adsR3FwsLHiw1Eg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce--HJItNlzh6X9SJDXAQuC_w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-oh9LiOTn73mbqphkxJxWmQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'none'; frame-src 'self'; img-src 'self' https://storage.googleapis.com/ https://assets.entrepotnumerique.com/ https://assets.cantook.net/ https://assets.edenlivres.fr/ https://assets-libr.cantook.net/ https://assets-edgt.cantook.net/; script-src 'self' https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.16/js/utils.min.js; style-src 'self' 'unsafe-inline'; connect-src 'self' https://storage.googleapis.com/ https://o37564.ingest.sentry.io; report-uri https://o37564.ingest.sentry.io/api/84541/security/?sentry_key=0b6a319c2af64d94839478210ee88f6c&sentry_environment=prod-northamerica 1 object-src 'none';base-uri 'self';script-src 'nonce-YWmIUFe2AX9PHqowF6iEsA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.klarna.com webservices.securetrading.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.trustpilot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.klarna.com *.klarnaevt.com *.klarnacdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.klarna.com *.klarnacdn.net *.klarnaservices.com *.avada.io webservices.securetrading.net songbirdstag.cardinalcommerce.com https://cdnjs.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com unsafe-inline assets.braintreegateway.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com o402164.ingest.sentry.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-v5_uBLh6m7ncvfRq6drnJA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-dLrwpYP_j9rosQxm67WqCQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-I9VHJ9ULXCeYb8JCEdGftw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-cGBxy7v_d8sywV3LRgvvdg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-XPLtiZScMoMlNuCIGjlJGw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 script-src https: 'strict-dynamic' 'report-sample' 'nonce-RDzUAnaoS6IufvVcpnP7aYBHL5SsxOsY/exu/3XciuM='; base-uri 'self';report-to csp-endpoint 1 object-src 'none';base-uri 'self';script-src 'nonce-t67lATfwpWYwNR_DnQ75nQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-fbmHNXz0tZO7KTIMH6eh-A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-H5Aw5kJ3js6cjxIp_H9pEw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-JogqsQOnAdhvcn-Zs0rlIA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src 'self' fonts.gstatic.com data:; report-uri https://gonvarrimh.report-uri.com/r/d/csp/reportOnly; 1 require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/domain-registry 1 object-src 'none';base-uri 'self';script-src 'nonce-Uz7tslcmc9a02q5w1RM_Iw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'none'; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://dgap.org https://createsend.com https://api.friendlycaptcha.com https://matomo.dgap.org/; font-src 'self' data: dgap.org https://player.podigee-cdn.net; frame-src 'self' https://dgap.org https://www.internationalepolitik.de https://www.ip-quarterly.com https://www.youtube-nocookie.com/embed/ https://e.issuu.com https://www.google.com https://player.podigee-cdn.net https://av.dgap.org https://av.internationalepolitik.de https://av.ip-quarterly.com https://matomo.dgap.org https://www.openstreetmap.org https://cloud.dgap.org; img-src 'self' https://www.gstatic.com https://*.met.vgwort.de https://www.googletagmanager.com https://www.google-analytics.com data: dgap.org https://matomo.dgap.org https://images.podigee-cdn.net https://region1.google-analytics.com; manifest-src 'self'; media-src 'self' https://audio.podigee-cdn.net; prefetch-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' 'report-sample' https://dgap.org https://matomo.dgap.org https://www.google-analytics.com https://www.googletagmanager.com https://internationalepolitik.de https://ip-quarterly.com https://js.createsend1.com https://player.podigee-cdn.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://matomo.dgap.org/; script-src-attr 'self' 'report-sample'; script-src-elem 'self' 'unsafe-inline' 'report-sample' https://dgap.org https://www.googletagmanager.com https://www.google-analytics.com https://matomo.dgap.org https://js.createsend1.com https://player.podigee-cdn.net cdnjs.cloudflare.com https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' 'report-sample' https://js.createsend1.com https://www.gstatic.com https://dgap.org https://player.podigee-cdn.net; style-src-attr 'self' 'unsafe-inline' 'report-sample'; style-src-elem 'self' 'unsafe-inline' 'report-sample' https://www.google.com https://dgap.org https://player.podigee-cdn.net; worker-src 'self' blob:; form-action 'self' https://www.createsend.com https://dgap.org; frame-ancestors 'self' https://dgap.org https://www.internationalepolitik.de https://www.ip-quarterly.com https://av.dgap.org https://av.internationalepolitik.de https://av.ip-quarterly.com; report-uri https://internationalepolitik.de/en/report-uri/reportOnly 1 object-src 'none';base-uri 'self';script-src 'nonce-52rMHoryEHrYzfETNZe2vQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src 'none'; script-src 'self' 'report-sample'; style-src 'self' 'report-sample'; img-src 'self'; connect-src 'self'; font-src 'self'; media-src 'self'; report-uri https://65ca65517b1c737c892f5dd7.endpoint.csper.io?v=0; form-action 'self'; frame-ancestors 'none'; object-src 'none'; frame-src 'self'; worker-src 'none'; manifest-src 'self'; base-uri 'self'; block-all-mixed-content; upgrade-insecure-requests 1 font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com *.googletagmanager.com *.facebook.net *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.cardinalcommerce.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.twitter.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com *.twitter.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com 'self' data: *.lightemporium.com *.usercentrics.eu *.cardinalcommerce.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.cardinalcommerce.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://carwebshop.co.uk/; report-to report-endpoint; 1 font-src data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.trackedlink.net t.zip.co static.zipmoney.com.au www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com https://api.addressfinder.io *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com s7.addthis.com static.zipmoney.com.au zip.co assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://api.addressfinder.io cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://api.addressfinder.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com https://cdn.sicomputers.nl https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ https://tweakers.net *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.koongo.com https://cdn.sicomputers.nl https://www.google.com https://www.google.es https://www.google.nl https://www.google-analytics.com https://static.sooqr.com *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com *.avada.io *.sooqr.com *.spotlersearch.com spotlersearchanalytics.com https://widget-acc.paazl.com https://cdn.sicomputers.nl https://static.sooqr.com https://chimpstatic.com https://www.google.com https://www.googletagmanager.com https://widget.paazl.com tagmanager.google.com *.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.fontawesome.com *.sooqr.com *.spotlersearch.com cdnjs.cloudflare.com/ajax/libs/highlight.js/9.3.0/styles/darkula.min.css https://widget-acc.paazl.com https://cdn-images.mailchimp.com https://cdn.sicomputers.nl https://fonts.googleapis.com https://static.sooqr.com https://widget.paazl.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com https://get.geojs.io *.avada.io *.koongo.com https://widget-acc.paazl.com https://cdn.sicomputers.nl https://cognito-identity.eu-central-1.amazonaws.com https://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://*.paazl.com https://www.postcode-checkout.nl *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.fontawesome.com *.gstatic.com *.typekit.net *.powerreviews.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.googletagmanager.com *.braintree-api.com *.paypal.com *.braintreegateway.com www.google.ca *.google.ca *.google.com s7d1.scene7.com *.scene7.com *.doubleclick.net *.smartwool.com *.facebook.com *.klaviyo.com *.hotjar.io wss://ws.hotjar.com bat.bing.com *.hotjar.com *.nr-data.net *.newrelic.com www.gstatic.com slc.stats.paypal.com/ *.paypalobjects.com *.algolia.io *.googleapis.com maps.googleapis.com cdn.cookie-script.com *.googlesyndication.com polyfill.io 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com cdn.dnky.co webchat.dotdigital.com *.googletagmanager.com *.braintree-api.com *.paypal.com *.braintreegateway.com www.google.ca *.google.ca *.google.com s7d1.scene7.com *.scene7.com *.doubleclick.net *.smartwool.com *.facebook.com *.klaviyo.com *.hotjar.io wss://ws.hotjar.com bat.bing.com *.hotjar.com *.nr-data.net *.newrelic.com www.gstatic.com slc.stats.paypal.com/ *.paypalobjects.com *.algolia.io *.googleapis.com maps.googleapis.com cdn.cookie-script.com *.googlesyndication.com polyfill.io *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://a.klaviyo.com *.googletagmanager.com *.braintree-api.com *.paypal.com *.braintreegateway.com www.google.ca *.google.ca *.google.com s7d1.scene7.com *.scene7.com *.doubleclick.net *.smartwool.com *.zdassets.com *.facebook.net *.bing.com *.facebook.com *.cloudfront.net *.klaviyo.com *.hotjar.io wss://ws.hotjar.com bat.bing.com *.hotjar.com *.nr-data.net *.newrelic.com www.gstatic.com slc.stats.paypal.com/ *.paypalobjects.com *.algolia.io *.googleapis.com maps.googleapis.com cdn.cookie-script.com *.googlesyndication.com polyfill.io *.powerreviews.com *.cloudinary.com data: *.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com polyfill.io r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com https://static.klaviyo.com https://fast.a.klaviyo.com *.avada.io *.googletagmanager.com *.braintree-api.com *.paypal.com *.braintreegateway.com www.google.ca *.google.ca *.google.com s7d1.scene7.com *.scene7.com *.doubleclick.net *.smartwool.com *.zdassets.com *.zendesk.com *.zopim.com *.newrelic.com *.klaviyo.com *.hotjar.io wss://ws.hotjar.com bat.bing.com *.hotjar.com *.nr-data.net www.gstatic.com slc.stats.paypal.com/ *.paypalobjects.com *.algolia.io *.powerreviews.com *.bing.com *.facebook.net https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com *.googletagmanager.com *.braintree-api.com *.paypal.com *.braintreegateway.com www.google.ca *.google.ca *.google.com s7d1.scene7.com *.scene7.com *.doubleclick.net *.smartwool.com *.klaviyo.com *.hotjar.io wss://ws.hotjar.com bat.bing.com *.hotjar.com *.nr-data.net *.newrelic.com www.gstatic.com slc.stats.paypal.com/ *.paypalobjects.com *.algolia.io *.googleapis.com maps.googleapis.com cdn.cookie-script.com *.googlesyndication.com polyfill.io *.powerreviews.com *.typekit.net tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.googletagmanager.com *.braintree-api.com *.paypal.com *.braintreegateway.com www.google.ca *.google.ca *.google.com s7d1.scene7.com *.scene7.com *.doubleclick.net *.smartwool.com *.zdassets.com *.klaviyo.com *.hotjar.io wss://ws.hotjar.com bat.bing.com *.hotjar.com *.nr-data.net *.newrelic.com www.gstatic.com slc.stats.paypal.com/ *.paypalobjects.com *.algolia.io *.googleapis.com maps.googleapis.com cdn.cookie-script.com *.googlesyndication.com polyfill.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com https://static.klaviyo.com https://fast.a.klaviyo.com https://get.geojs.io *.avada.io *.googletagmanager.com *.braintree-api.com *.paypal.com *.braintreegateway.com www.google.ca *.google.ca *.google.com s7d1.scene7.com *.scene7.com *.doubleclick.net *.smartwool.com *.zdassets.com *.zendesk.com *.zopim.com wss://widget-mediator.zopim.com *.klaviyo.com *.nr-data.net analytics.google.com *.hotjar.io wss://ws.hotjar.com bat.bing.com *.hotjar.com *.newrelic.com www.gstatic.com slc.stats.paypal.com/ *.paypalobjects.com *.algolia.io *.powerreviews.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com data: *.typekit.net fonts.googleapis.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com 'self' connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com *.mfgroup.ch *.authorize.net *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' 'unsafe-inline'; frame-ancestors *.mfgroup.ch 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.langshop.io *.google.com *.doubleclick.net www.facebook.com https://h.online-metrix.net connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com checkout.postfinance.ch *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com https://*.online-metrix.net connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.mfgroup.ch checkout.postfinance.ch data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com https://h.online-metrix.net *.avada.io connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.mfgroup.ch *.unzer.com *.googleapis.com checkout.postfinance.ch *.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com *.typekit.net maxcdn.bootstrapcdn.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src *.mfgroup.ch 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com www.facebook.com *.facebook.net *.google.com https://h.online-metrix.net https://get.geojs.io *.avada.io connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.mfgroup.ch 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 upgrade-insecure-requests ; connect-src *.google-analytics.com *googletagmanager.com; default-src 'self' *.healthchoiceaz.com healthchoiceaz.com; font-src *.googleapis.com *googletagmanager.com *.fontawesome.com *.gstatic.com *.typekit.net *.healthchoiceaz.com healthchoiceaz.com 'unsafe-inline' data:; frame-src https://www.google.com; img-src *.healthchoiceaz.com healthchoiceaz.com *.gstatic.com *.google-analytics.com *googletagmanager.com; object-src 'none'; script-src 'unsafe-eval' 'unsafe-inline' *.healthchoiceaz.com healthchoiceaz.com *.googletagmanager.com *.google.com *.cloudflare.com *.bootstrapcdn.com *.typekit.net *.googleapis.com *.google-analytics.com http: https:; style-src 'unsafe-eval' 'unsafe-inline' *.healthchoiceaz.com healthchoiceaz.com *.googleapis.com *googletagmanager.com *.fontawesome.com *.cloudflare.com *.bootstrapcdn.com *.typekit.net; 1 font-src *.klarnacdn.net *.fontawesome.com *.gstatic.com 'self' data: *.stripe.com klarna.com *.klarna.com *.klarnaevt.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.xtento.com *.klarna.com js.mollie.com *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com www.xtento.com cdn.xtento.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://www.mollie.com https://redchamps.com 'self' data: *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de widget.freshworks.com m2epro.freshdesk.com www.xtento.com cdn.xtento.com *.klarna.com *.klarnaservices.com js.mollie.com *.google.com *.gstatic.com *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com widget.freshworks.com m2epro.freshdesk.com *.klarnacdn.net *.fontawesome.com *.googleapis.com *.gstatic.com tagmanager.google.com fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de widget.freshworks.com m2epro.freshdesk.com *.klarnaevt.com *.klarnaservices.com t.elasticsuite.io *.google-analytics.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.facebook.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: 'self' blob: bat.bing.com cdn.callreports.com googleads.g.doubleclick.net js.callrail.com res.cloudinary.com s3.amazonaws.com secure.leadforensics.com www.google-analytics.com www.google.com www.googletagmanager.com googleads.g.doubleclick.net secure.leadforensics.com www.woodlandmanufacturing.com www.googleadservices.com *.pinimg.com connect.facebook.net *.gstatic.com *.wistia.com *.olark.com *.nextopiasoftware.com *.flattr.com *.trustpilot.com g.microsoft.com *.cloudmaestro.com *.woodlandmanufacturing.com advancedsign.com *.advancedsign.com 1 object-src 'none';base-uri 'self';script-src 'nonce-prdGFG8xqMqdbieyJ1i5AQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src https:;script-src https: 'unsafe-eval' 'unsafe-inline';style-src https: 'unsafe-inline';img-src https: data: blob:;font-src https: data:;connect-src 'self' https: blob:;report-uri /csp-report 1 font-src *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.stripe.com *.google.com *.sagepay.com *.fontawesome.com https://googleads.g.doubleclick.net *.iubenda.com https://hits-i.iubenda.com https://cdn.iubenda.com https://paypal-eu-cdn.cloudiq.com https://paypal-eu-arh.cloudiq.com https://www.paypalobjects.com https://ww2.feefo.com *.feefo.com https://eu1-search.doofinder.com *.purechatcdn.com https://secure.gravatar.com https://r1.trackedweb.net *.doofinder.com *.purechat.com *.google-analytics.com *.googleadservices.com *.yotpo.com *.cloudflare.com *.twitter.com https://www.google.co.uk *.google.co.in https://www.google.gr *.typekit.net *.twimg.com *.trustedshops.com *.bootstrapcdn.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.stripe.com *.google.com *.sagepay.com https://eu1-search.doofinder.com *.purechatcdn.com https://secure.gravatar.com https://r1.trackedweb.net *.doofinder.com *.purechat.com *.google-analytics.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.doubleclick.net *.facebook.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com *.sagepay.com *.iubenda.com https://hits-i.iubenda.com https://cdn.iubenda.com https://ajax.googleapis.com https://paypal-eu-cdn.cloudiq.com https://paypal-eu-arh.cloudiq.com https://www.paypalobjects.com https://ww2.feefo.com *.feefo.com https://eu1-search.doofinder.com *.purechatcdn.com https://secure.gravatar.com https://r1.trackedweb.net *.doofinder.com *.purechat.com *.google-analytics.com *.twitter.com https://www.google.com https://www.google.co.uk https://www.google.co.in https://www.facebook.com https://www.google.gr klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://ajax.googleapis.com *.gstatic.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com maps.gstatic.com *.stripe.com ebizmarts-website.s3.amazonaws.com *.sagepay.com https://googleads.g.doubleclick.net *.iubenda.com https://hits-i.iubenda.com https://cdn.iubenda.com https://paypal-eu-cdn.cloudiq.com https://paypal-eu-arh.cloudiq.com https://www.paypalobjects.com https://ww2.feefo.com *.feefo.com https://eu1-search.doofinder.com *.purechatcdn.com https://secure.gravatar.com https://r1.trackedweb.net *.doofinder.com *.purechat.com *.googleadservices.com *.yotpo.com *.cloudflare.com https://www.google.co.uk *.google.co.in https://www.facebook.com *.klarna.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://www.google.gr data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://ajax.googleapis.com *.gstatic.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com *.sagepay.com *.avada.io player.vimeo.com https://googleads.g.doubleclick.net *.iubenda.com https://hits-i.iubenda.com https://cdn.iubenda.com https://paypal-eu-cdn.cloudiq.com https://paypal-eu-arh.cloudiq.com *.paypalobjects.com https://ww2.feefo.com *.feefo.com https://eu1-search.doofinder.com *.purechatcdn.com https://secure.gravatar.com https://r1.trackedweb.net *.doofinder.com *.purechat.com *.googleadservices.com *.yotpo.com *.cloudflare.com *.twitter.com https://www.google.co.uk *.google.co.in *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://connect.facebook.net https://chimpstatic.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.bootstrapcdn.com *.authorize.net https://www.google.gr klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com *.google.com *.sagepay.com *.fontawesome.com https://googleads.g.doubleclick.net *.iubenda.com https://hits-i.iubenda.com https://cdn.iubenda.com https://paypal-eu-cdn.cloudiq.com https://paypal-eu-arh.cloudiq.com https://www.paypalobjects.com https://ww2.feefo.com *.feefo.com https://eu1-search.doofinder.com *.purechatcdn.com https://secure.gravatar.com https://r1.trackedweb.net *.doofinder.com *.purechat.com *.googleadservices.com *.google-analytics.com *.yotpo.com *.cloudflare.com *.twitter.com https://www.google.co.uk *.google.co.in *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.youtube.com *.bootstrapcdn.com https://www.google.gr 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://ajax.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.facebook.com *.facebook.net *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com *.sagepay.com https://get.geojs.io *.avada.io https://googleads.g.doubleclick.net *.iubenda.com https://hits-i.iubenda.com https://cdn.iubenda.com https://paypal-eu-cdn.cloudiq.com https://paypal-eu-arh.cloudiq.com https://www.paypalobjects.com https://ww2.feefo.com *.feefo.com https://eu1-search.doofinder.com *.purechatcdn.com https://secure.gravatar.com https://r1.trackedweb.net *.doofinder.com *.purechat.com *.googleadservices.com *.yotpo.com *.cloudflare.com *.twitter.com *.twimg.com https://www.google.co.uk *.google.co.in https://www.google.gr klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.camlab.co.uk; report-to report-endpoint; 1 object-src 'none';base-uri 'self';script-src 'nonce-VJTXR9Azq1Us2FoZH3fjdw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 connect-src 'self' www.nxp.nz adservice.google.com ad.doubleclick.net stats.g.doubleclick.net adservice.google.com www.google-analytics.com desk.zoho.com static.zohocdn.com pagesense-collect.zoho.com accounts.zohoportal.com salesiq.zoho.com download.zohopublic.com wss://vts.zohopublic.com salesiq.zohopublic.com js.zohostatic.com css.zohostatic.com wms.zohopublic.com media.zohostatic.com dyjgaef5vuq51.cloudfront.net dtzpfzv31buvf.cloudfront.net js.zohocdn.com css.zohocdn.com img.zohostatic.com media.zohostatic.com fonts.zohostatic.com; default-src https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https:; report-uri /_csp 1 script-src https: 'strict-dynamic' 'report-sample' 'nonce-OCDYaLMYScDGoWSNHD6sOgh8dhC1UJZgeXN6SX/BLaw='; base-uri 'self';report-to csp-endpoint 1 object-src 'none';base-uri 'self';script-src 'nonce-lGlfmLFSrBiqovz7RWh3DA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-W25uRBNAK9X3KwTqzDLkzg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-qRl5l9-MwADNNZqu1sS3lw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-5zOwRJZYKUGSov6wUeiy4w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-XRUgfheUxB-T02LlTAlfvA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 object-src 'none';base-uri 'self';script-src 'nonce-vJFj-gjMOCep_tMD-ROEpQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 default-src https:; connect-src https: wss:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob:; style-src 'unsafe-inline' https:; report-uri https://www.100partnerprogramme.de/csp-violation-ezmd9dpdxv7nb0ecejb9/ 1 default-src 'self'; report-uri /csp-report 1 default-src 'self' https: data: wss: about: blob: 'unsafe-inline' 'unsafe-eval'; report-uri /csp_reports.json; 1 object-src 'none';base-uri 'self';script-src 'nonce-9riT6mfjuft-BS7UYL9BXA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1 font-src *.nextmp.net stackpath.bootstrapcdn.com *.tidiochat.com cdnjs.cloudflare.com app.sitevibes.com *.klevu.com *.ksearchnet.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.hotjar.com *.nextmp.net tst.kaptcha.com *.paypal.com maps.google.com *.doubleclick.net www.xtento.com *.dotdigital-pages.com *.dotdigital.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.nextmp.net img.riskified.com klarna.com klarnacdn.net *.gstatic.com *.doubleclick.net *.googletagmanager.com queue.amazonaws.com casual.liquifire.com *.paypal.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat bat.bing.com www.xtento.com cdn.xtento.com *.trackedlink.net *.klevu.com *.ksearchnet.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ static.zdassets.com assets.zendesk.com static.addtoany.com *.nextmp.net beacon.riskified.com klarna.com klarnacdn.net *.forter.com *.googleapis.com *.paysafe.com cdn-sitegainer.com *.hotjar.com *.googletagmanager.com *.sitevibes.com *.tidio.co *.tidiochat.com *.doubleclick.net bat.bing.com *.googleoptimize.com *.matomo.cloud *.zoho.com player.vimeo.com www.xtento.com cdn.xtento.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal js.klevu.com *.ksearchnet.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.nextmp.net klarna.com unpkg.com app.sitevibes.com stackpath.bootstrapcdn.com fonts.googleapis.com *.klevu.com *.ksearchnet.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com pjartwork.com *.nextmp.net klarna.com *.zdassets.com *.tidiochat.com bat.bing.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ekr.zdassets.com wss://socket.tidio.co *.zendesk.com klarna.com klarnaevt.com *.forter.com c.riskified.com wss://widget-mediator.zopim.com wss://ws8.hotjar.com wss://cdn0.forter.com *.analytics.google.com *.cloudfront.net *.hotjar.com *.hotjar.io *.doubleclick.net api.ipify.org *.iplocate.io *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.sitevibes.com bat.bing.com googleoptimize.com countrycasualteak.matomo.cloud maps.googleapis.com google.com/pay metrics-collector.tidio.co *.googlesyndication.com *.google-analytics.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.klevu.com *.ksearchnet.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com 'self' 'unsafe-inline'; child-src *.nextmp.net assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1 object-src 'none';base-uri 'self';script-src 'nonce-_kc10rARio1IDfZC0VHN1A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 1